diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml
index 7057482fb..290876949 100644
--- a/.github/workflows/hax.yml
+++ b/.github/workflows/hax.yml
@@ -62,16 +62,23 @@ jobs:
sudo apt-get install --yes nodejs
./setup.sh
- - name: 🏃 Extract and verify the Kyber reference code
+ - name: 🏃 Make sure the extracted Kyber snapshot is up-to-date
run: |
eval $(opam env)
./hax-driver.py --kyber-reference
+ git diff --exit-code
+
+ - name: 🏃 Extract and verify the Kyber reference code
+ run: |
env FSTAR_HOME=${{ github.workspace }}/fstar \
HACL_HOME=${{ github.workspace }}/hacl-star \
HAX_HOME=${{ github.workspace }}/hax \
PATH="${PATH}:${{ github.workspace }}/fstar/bin" \
./hax-driver.py --verify-extraction
+ - name: 🏃 Regenerate `extraction-*` folders
+ run: ./proofs/fstar/patches.sh apply
+
- name: 🏃 Verify Kyber `extraction-edited` F* code
run: |
env FSTAR_HOME=${{ github.workspace }}/fstar \
diff --git a/proofs/fstar/README.md b/proofs/fstar/README.md
new file mode 100644
index 000000000..3a72f7414
--- /dev/null
+++ b/proofs/fstar/README.md
@@ -0,0 +1,37 @@
+# Extraction directories
+The `extraction` directory is generated automatically by hax from the
+Rust code. The `extraction-edited` and `extraction-secret-independent`
+are hand-edited snapshots of `extraction` at some point in time.
+
+The edits (1) on the one hand between `extraction` and
+`extraction-edited` and (2) on the other hand between
+`extraction-edited` and `extraction-secret-independent` are tracked
+via diff files.
+
+Whenever the rust code changes, the extracted F* code in `extraction`
+changes as well. The CI then applies the diff files: if the patch
+process fails or if the resulting patched F* doesn't typecheck, the CI
+fails.
+
+The bash script `./patches.sh` takes care of the diffs:
+ - `./patches.sh create` creates patches out of the `extraction*` folders;
+ - `./patches.sh apply` drops the `extraction-edited` and
+ `extraction-secret-independent` folders and re-creates them out of
+ the `extraction-edited.patch` and
+ `extraction-secret-independent.patch` files.
+
+# Workflow
+Ideally:
+ - since `extraction` is a projection from the Rust code via the hax
+ toolchain, we should not commit it in the repository;
+ - since `extraction-edited` and `extraction-secret-independent` are
+ created via the diff files, we should not commit them either in the
+ repository.
+
+Currently, we do check those 3 folders in. Thus, when we change
+anything in the F* proofs, we should always make sure we keep the diff
+files and those folder in a coherent state.
+
+In other words, this means that the last commit of each PR should be
+about regeneration of diff files (using the command `./patches.sh
+create`) and regeneration of the `extraction` folder.
diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch
new file mode 100644
index 000000000..d47933a9c
--- /dev/null
+++ b/proofs/fstar/extraction-edited.patch
@@ -0,0 +1,8082 @@
+diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst
+--- extraction/Libcrux.Digest.fst 2024-02-01 11:03:26.797761034 +0100
++++ extraction-edited/Libcrux.Digest.fst 1970-01-01 01:00:00.000000000 +0100
+@@ -1,48 +0,0 @@
+-module Libcrux.Digest
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+-open Core
+-open FStar.Mul
+-
+-let shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+- Libcrux.Hacl.Sha3.X4.shake128 v_LEN data0 data1 data2 data3
+-
+-let sha3_256_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha256 payload
+-
+-let sha3_512_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha512 payload
+-
+-let shake128 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake128 v_LEN data
+-
+-let shake256 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake256 v_LEN data
+-
+-let shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+- let input_len:usize = Core.Slice.impl__len data0 in
+- let _:Prims.unit =
+- if true
+- then
+- let _:Prims.unit =
+- if
+- ~.((input_len =. (Core.Slice.impl__len data1 <: usize) <: bool) &&
+- (input_len =. (Core.Slice.impl__len data2 <: usize) <: bool) &&
+- (input_len =. (Core.Slice.impl__len data3 <: usize) <: bool) &&
+- (input_len <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool) &&
+- (v_LEN <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool))
+- then
+- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: input_len == data1.len() && input_len == data2.len() &&\\n input_len == data3.len() && input_len <= u32::MAX as usize &&\\n LEN <= u32::MAX as usize"
+-
+- <:
+- Rust_primitives.Hax.t_Never)
+- in
+- ()
+- in
+- let digest0:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data0 in
+- let digest1:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data1 in
+- let digest2:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data2 in
+- let digest3:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data3 in
+- digest0, digest1, digest2, digest3
+- <:
+- (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
+-
+-let shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+- if Libcrux_platform.simd256_support ()
+- then shake128x4_256_ v_LEN data0 data1 data2 data3
+- else shake128x4_portable v_LEN data0 data1 data2 data3
+diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti
+--- extraction/Libcrux.Digest.fsti 2024-02-01 11:03:26.785761386 +0100
++++ extraction-edited/Libcrux.Digest.fsti 2024-02-01 11:03:26.852759421 +0100
+@@ -1,31 +1,41 @@
+ module Libcrux.Digest
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++open Rust_primitives
+ open Core
+-open FStar.Mul
+
+-val shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val sha3_256_ (payload: t_Slice u8)
+- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val sha3_512_ (payload: t_Slice u8)
+- : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val shake128 (v_LEN: usize) (data: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val shake256 (v_LEN: usize) (data: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++type t_Algorithm =
++ | Algorithm_Sha1 : t_Algorithm
++ | Algorithm_Sha224 : t_Algorithm
++ | Algorithm_Sha256 : t_Algorithm
++ | Algorithm_Sha384 : t_Algorithm
++ | Algorithm_Sha512 : t_Algorithm
++ | Algorithm_Blake2s : t_Algorithm
++ | Algorithm_Blake2b : t_Algorithm
++ | Algorithm_Sha3_224_ : t_Algorithm
++ | Algorithm_Sha3_256_ : t_Algorithm
++ | Algorithm_Sha3_384_ : t_Algorithm
++ | Algorithm_Sha3_512_ : t_Algorithm
++
++let digest_size (mode: t_Algorithm) : usize =
++ match mode with
++ | Algorithm_Sha1 -> sz 20
++ | Algorithm_Sha224 -> sz 28
++ | Algorithm_Sha256 -> sz 32
++ | Algorithm_Sha384 -> sz 48
++ | Algorithm_Sha512 -> sz 64
++ | Algorithm_Blake2s -> sz 32
++ | Algorithm_Blake2b -> sz 64
++ | Algorithm_Sha3_224_ -> sz 28
++ | Algorithm_Sha3_256_ -> sz 32
++ | Algorithm_Sha3_384_ -> sz 48
++ | Algorithm_Sha3_512_ -> sz 64
++
++val sha3_256_ (payload: t_Slice u8) : t_Array u8 (sz 32)
++
++val sha3_512_ (payload: t_Slice u8) : t_Array u8 (sz 64)
++
++val shake128 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN
++
++val shake128x4 (v_LEN: usize) (data0: t_Slice u8) (data1: t_Slice u8) (data2: t_Slice u8) (data3: t_Slice u8): (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
++
++val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN
+diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst
+--- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100
++++ extraction-edited/Libcrux.Kem.fst 2024-02-01 11:03:26.840759773 +0100
+@@ -0,0 +1,6 @@
++module Libcrux.Kem
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++open Core
++open FStar.Mul
++
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst
+--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.800760946 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.836759890 +0100
+@@ -1,81 +1,356 @@
+ module Libcrux.Kem.Kyber.Arithmetic
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+ open Core
+ open FStar.Mul
+
+-let get_n_least_significant_bits (n: u8) (value: u32) =
++
++let lemma_mul_i32_range (n1 n2: i32) (b1 b2: nat)
++ : Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 * b2 < pow2 31))
++ (ensures (range (v n1 * v n2) i32_inttype /\ i32_range (n1 *! n2) (b1 * b2))) =
++ if v n1 = 0 || v n2 = 0
++ then ()
++ else
++ let open FStar.Math.Lemmas in
++ lemma_abs_bound (v n1) b1;
++ lemma_abs_bound (v n2) b2;
++ lemma_abs_mul (v n1) (v n2);
++ lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2;
++ lemma_mult_le_right b2 (abs (v n1)) b1;
++ lemma_abs_bound (v n1 * v n2) (b1 * b2)
++
++let lemma_add_i32_range (n1 n2:i32) (b1 b2:nat):
++ Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 + b2 < pow2 31))
++ (ensures (range (v n1 + v n2) i32_inttype /\
++ i32_range (n1 +! n2) (b1 + b2)))
++ = ()
++
++let mul_i32_b #b1 #b2 x y =
++ lemma_mul_i32_range x y b1 b2;
++ x *! y
++
++let add_i32_b #b1 #b2 x y =
++ lemma_add_i32_range x y b1 b2;
++ x +! y
++
++let sub_i32_b #b1 #b2 x y =
++ x -! y
++
++let cast_i32_b #b1 #b2 x =
++ x <: i32_b b2
++
++#push-options "--ifuel 0 --z3rlimit 150"
++let shr_i32_b #b #t x y =
++ let r = (x <: i32) >>! y in
++ assert (v r == v x / pow2 (v y));
++ Math.Lemmas.lemma_div_le (v x) b (pow2 (v y));
++ assert (v x / (pow2 (v y)) <= b / (pow2 (v y)));
++ Math.Lemmas.lemma_div_le (-b) (v x) (pow2 (v y));
++ assert (v x / (pow2 (v y)) >= (-b) / (pow2 (v y)));
++ if (b % pow2 (v y) = 0)
++ then (Math.Lemmas.div_exact_r b (pow2 (v y));
++ assert (b = (b/pow2 (v y)) * pow2 (v y));
++ assert (-b = -((b/pow2 (v y)) * pow2 (v y)));
++ Math.Lemmas.neg_mul_left (b/pow2 (v y)) (pow2 (v y));
++ assert (-b = (-(b/pow2 (v y))) * pow2 (v y));
++ assert ((-b)/pow2(v y) = ((-(b/pow2 (v y))) * pow2 (v y)) / pow2 (v y));
++ Math.Lemmas.cancel_mul_div (-(b/pow2 (v y))) (pow2 (v y));
++ assert ((-b)/pow2(v y) = -(b/pow2 (v y)));
++ assert (nat_div_ceil b (pow2 (v y)) == b / pow2 (v y));
++ assert (i32_range r (b / pow2 ( v y)));
++ r <: i32_b (nat_div_ceil b (pow2 (v y))))
++ else (let rem = b % pow2 (v y) in
++ let quo = b / pow2 (v y) in
++ Math.Lemmas.lemma_div_mod b (pow2 (v y));
++ assert (b = quo * pow2 (v y) + rem);
++ assert (-b = -(quo * pow2 (v y)) - rem);
++ Math.Lemmas.neg_mul_left quo (pow2 (v y));
++ assert (-b = (-quo) * pow2 (v y) - rem);
++ assert ((-b)/pow2(v y) = (-rem + (-quo) * pow2 (v y))/pow2 (v y));
++ Math.Lemmas.division_addition_lemma (-rem) (pow2 (v y)) (-quo);
++ assert ((-b)/pow2(v y) = ((-rem)/pow2 (v y) -quo));
++ Math.Lemmas.division_definition (-rem) (pow2 (v y)) (-1);
++ assert ((-rem)/pow2 (v y) == -1);
++ assert ((-b)/pow2(v y) = -1 -quo);
++ assert ((-b)/pow2(v y) = (-quo - 1));
++ assert ((-b)/pow2(v y) = -(quo + 1));
++ assert (nat_div_ceil b (pow2 (v y)) == quo + 1);
++ assert (i32_range r (quo+1));
++ r <: i32_b (nat_div_ceil b (pow2 (v y))))
++#pop-options
++
++let v_BARRETT_R: i64 = 1L <>! 1l <: i64)
+ in
++ assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329));
++ assert (v t = v x * v v_BARRETT_MULTIPLIER + pow2 25);
+ let quotient:i32 = cast (t >>! v_BARRETT_SHIFT <: i64) <: i32 in
++ assert (v quotient = v t / pow2 26);
+ let result:i32 = value -! (quotient *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) in
+- let _:Prims.unit = () <: Prims.unit in
++ calc (==) {
++ v result % 3329;
++ (==) { }
++ (v value - (v quotient * 3329)) % 3329;
++ (==) {Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329}
++ (v value - (v quotient * 3329) % 3329) % 3329;
++ (==) {Math.Lemmas.cancel_mul_mod (v quotient) 3329}
++ (v value - 0) % 3329;
++ (==) {}
++ (v value) % 3329;
++ };
+ result
++#pop-options
+
+-let montgomery_reduce (value: i32) =
++#push-options "--ifuel 0 --z3rlimit 1600"
++let montgomery_reduce #b value =
+ let _:i32 = v_MONTGOMERY_R in
+ let _:Prims.unit = () <: Prims.unit in
++ let v0 = (cast (value <: i32) <: u32) in
++ assert (v v0 == v value % pow2 32);
++ let t0 = (get_n_least_significant_bits v_MONTGOMERY_SHIFT v0 <: u32) in
++ assert (v t0 = (v value % pow2 32) % pow2 16);
++ Math.Lemmas.pow2_modulo_modulo_lemma_1 (v value) 16 32;
++ assert (v t0 = v value % pow2 16);
+ let t:u32 =
+- (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i32) <: u32) <: u32) *!
+- v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R
++ t0 *!
++ v_INVERSE_OF_MODULUS_MOD_R
+ in
+- let k:i16 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32) <: i16 in
+- let k_times_modulus:i32 =
+- (cast (k <: i16) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ assert (v t = (v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R);
++ let k0 = get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32 in
++ let k:i32_b (pow2 15) = cast (cast k0 <: i16) <: i32 in
++ calc (==) {
++ v k % pow2 16;
++ == { }
++ v k0 % pow2 16;
++ == { }
++ v t % pow2 16;
++ == { }
++ ((v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16;
++ == {Math.Lemmas.lemma_mod_mul_distr_l (v value) (v v_INVERSE_OF_MODULUS_MOD_R) (pow2 16)}
++ (v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16;
++ };
++ assert_norm((62209 * 3329) % pow2 16 == 1);
++ assert((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16 == 1);
++ calc (==) {
++ (v k * 3329) % pow2 16;
++ == {Math.Lemmas.lemma_mod_mul_distr_l (v k) 3329 (pow2 16)}
++ ((v k % pow2 16) * 3329) % pow2 16;
++ == { }
++ ((v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16 * 3329) % pow2 16;
++ == {Math.Lemmas.lemma_mod_mul_distr_l (v value * v v_INVERSE_OF_MODULUS_MOD_R) (3329) (pow2 16)}
++ (v value * v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16;
++ == {Math.Lemmas.paren_mul_right (v value) (v v_INVERSE_OF_MODULUS_MOD_R) 3329}
++ (v value * (v v_INVERSE_OF_MODULUS_MOD_R * 3329)) % pow2 16;
++ == {Math.Lemmas.lemma_mod_mul_distr_r (v value) (v v_INVERSE_OF_MODULUS_MOD_R * 3329) (pow2 16)}
++ (v value * ((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16)) % pow2 16;
++ == {Math.Lemmas.mul_one_right_is_same (v value)}
++ (v value) % pow2 16;
++ };
++ Math.Lemmas.modulo_add (pow2 16) (- (v k * 3329)) (v value) (v k * 3329);
++ assert ((v value - v k * 3329) % pow2 16 == (v k * 3329 - v k * 3329) % pow2 16);
++ assert ((v value - v k * 3329) % v v_MONTGOMERY_R == 0);
++ let k_times_modulus:i32_b (pow2 15 * 3329) =
++ mul_i32_b k Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+ in
+- let c:i32 = k_times_modulus >>! v_MONTGOMERY_SHIFT in
+- let value_high:i32 = value >>! v_MONTGOMERY_SHIFT in
+- value_high -! c
++ let c:i32_b 1665 = shr_i32_b k_times_modulus v_MONTGOMERY_SHIFT in
++ let value_high:i32_b (nat_div_ceil b (v v_MONTGOMERY_R)) = shr_i32_b value v_MONTGOMERY_SHIFT in
++ assert (v value_high = v value / v v_MONTGOMERY_R);
++ let res: i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665) = sub_i32_b value_high c in
++ calc (==) {
++ v res;
++ == { }
++ (v value_high - v c);
++ == { }
++ ((v value / v v_MONTGOMERY_R) - ((v k * 3329) / v v_MONTGOMERY_R));
++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
++ ((v value - (v k * 3329)) / v v_MONTGOMERY_R);
++ };
++ calc (==) {
++ v res % 3329;
++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
++ (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * ((v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) % 3329)) % 3329 ;
++ == {Math.Lemmas.lemma_mod_mul_distr_r ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) 3329}
++ (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV)) % 3329 ;
++ == {Math.Lemmas.paren_mul_right ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R) (v v_MONTGOMERY_R_INV)}
++ ((((v value - (v k * 3329)) / v v_MONTGOMERY_R) * v v_MONTGOMERY_R) * v v_MONTGOMERY_R_INV) % 3329 ;
++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
++ ((v value - (v k * 3329)) * v v_MONTGOMERY_R_INV) % 3329 ;
++ == { }
++ ((v value * v v_MONTGOMERY_R_INV) - ((v k * 3329) * v v_MONTGOMERY_R_INV)) % 3329 ;
++ == {Math.Lemmas.paren_mul_right (v k) 3329 (v v_MONTGOMERY_R_INV)}
++ ((v value * v v_MONTGOMERY_R_INV) - (v k * (3329 * v v_MONTGOMERY_R_INV))) % 3329 ;
++ == {Math.Lemmas.swap_mul 3329 (v v_MONTGOMERY_R_INV)}
++ ((v value * v v_MONTGOMERY_R_INV) - (v k * (v v_MONTGOMERY_R_INV * 3329))) % 3329 ;
++ == {Math.Lemmas.paren_mul_right (v k) (v v_MONTGOMERY_R_INV) 3329}
++ ((v value * v v_MONTGOMERY_R_INV) - ((v k * v v_MONTGOMERY_R_INV) * 3329)) % 3329 ;
++ == {Math.Lemmas.lemma_mod_sub (v value * v v_MONTGOMERY_R_INV) 3329 (v k * v v_MONTGOMERY_R_INV)}
++ (v value * v v_MONTGOMERY_R_INV) % 3329 ;
++ };
++ res
++#pop-options
++
++let montgomery_multiply_sfe_by_fer fe fer =
++ montgomery_reduce (mul_i32_b fe fer)
+
+-let montgomery_multiply_fe_by_fer (fe fer: i32) = montgomery_reduce (fe *! fer <: i32)
+
+-let to_standard_domain (mfe: i32) =
+- montgomery_reduce (mfe *! v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32)
++let to_standard_domain mfe =
++ montgomery_reduce (mul_i32_b mfe (v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32_b 1353))
+
+-let to_unsigned_representative (fe: i32) =
++let to_unsigned_representative fe =
+ let _:Prims.unit = () <: Prims.unit in
+- cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32)
+- <:
+- u16
++ logand_lemma Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS (fe >>! 31l <: i32);
++ let res =
++ cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) <: u16
++ in
++ assert (v fe < 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 3329l);
++ assert (v fe >= 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 0l);
++ assert (v fe + 3329 < pow2 16);
++ assert (v fe >= -3328);
++ assert (v fe < 0 ==> v fe + 3329 >= 0);
++ assert (v fe < 0 ==> v res == (v fe + 3329) % pow2 16);
++ Math.Lemmas.small_mod (v fe + 3329) (pow2 16);
++ assert (v fe < 0 ==> v res == v fe + 3329);
++ assert (v fe >= 0 ==> v res == v fe);
++ res <: int_t_d u16_inttype 12
++
++let derefine_poly_b #b x =
++ let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32)) in
++ {f_coefficients = r}
++
++let derefine_vector_b #v_K #b x =
++ let r = createi v_K (fun i -> derefine_poly_b #b x.[i]) in
++ r
++
++let derefine_matrix_b #v_K #b x =
++ let r = createi v_K (fun i -> derefine_vector_b #v_K #b x.[i]) in
++ r
++
++let cast_poly_b #b1 #b2 x =
++ let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32_b b2)) in
++ let res = {f_coefficients = r} in
++ let dx = (derefine_poly_b x).f_coefficients in
++ let dr = (derefine_poly_b res).f_coefficients in
++ assert (forall (i:usize). v i < 256 ==>
++ (dx.[i] <: i32) ==
++ (dr.[i] <: i32));
++ assert (forall i. Seq.index dx i == (dx.[sz i] <: i32));
++ eq_intro dx dr;
++ assert(Seq.equal dx dr);
++ res
+
+-let add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) =
++let cast_vector_b #v_K #b1 #b2 x =
++ let r = createi v_K (fun i -> cast_poly_b #b1 #b2 x.[i]) in
++ let dx = derefine_vector_b x in
++ let dr = derefine_vector_b r in
++ assert (forall (i:usize). v i < v v_K ==>
++ dx.[i] == dr.[i]);
++ assert (forall i. Seq.index dx i == dx.[sz i]);
++ assert (forall i. Seq.index dr i == dr.[sz i]);
++ eq_intro dx dr;
++ r
++
++let down_cast_poly_b #b1 #b2 x =
++ let r = createi (sz 256)
++ (fun i ->
++ let xi:i32_b b2 = x.f_coefficients.[i] in
++ xi) in
++ let res = {f_coefficients = r} in
++ let dx = (derefine_poly_b x).f_coefficients in
++ let dr = (derefine_poly_b res).f_coefficients in
++ assert (forall (i:usize). v i < 256 ==>
++ (dx.[i] <: i32) ==
++ (dr.[i] <: i32));
++ assert (forall i. Seq.index dx i == (dx.[sz i] <: i32));
++ eq_intro dx dr;
++ assert(Seq.equal dx dr);
++ res
++
++let down_cast_vector_b #v_K #b1 #b2 x =
++ let r = createi (v_K)
++ (fun i -> down_cast_poly_b #b1 #b2 x.[i]) in
++ let dx = derefine_vector_b x in
++ let dr = derefine_vector_b r in
++ assert (forall (i:usize). v i < v v_K ==>
++ dx.[i] == dr.[i]);
++ assert (forall i. Seq.index dx i == dx.[sz i]);
++ assert (forall i. Seq.index dr i == dr.[sz i]);
++ eq_intro dx dr;
++ assert(Seq.equal dx dr);
++ r
++
++
++let add_to_ring_element #b1 #b2 v_K lhs rhs =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- let lhs:t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ let orig_lhs = lhs in
++ [@ inline_let]
++ let inv = fun (acc:t_PolynomialRingElement_b (b1+b2)) (i:usize) ->
++ (forall j. j <. i ==> acc.f_coefficients.[j] == lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]) /\
++ (forall j. j >=. i ==> acc.f_coefficients.[j] == orig_lhs.f_coefficients.[j]) in
++ let lhs:t_PolynomialRingElement_b (b1 + b2) =
++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (b1+b2)) #inv {
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end
+- =
+- Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice i32)
+- <:
+- usize
++ Core.Ops.Range.f_end =
++ Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice (i32_b b1))
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- lhs
++ (cast_poly_b #b1 #(b1+b2) lhs)
+ (fun lhs i ->
+- let lhs:t_PolynomialRingElement = lhs in
++ let lhs:t_PolynomialRingElement_b (b1+b2) = lhs in
+ let i:usize = i in
++ assert (orig_lhs.f_coefficients.[i] == lhs.f_coefficients.[i]);
++ let lhsi: i32_b b1 = orig_lhs.f_coefficients.[i] in
++ let lhs =
+ {
+ lhs with
+ f_coefficients
+ =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs.f_coefficients
+ i
+- ((lhs.f_coefficients.[ i ] <: i32) +! (rhs.f_coefficients.[ i ] <: i32) <: i32)
++ (add_i32_b #b1 #b2 (lhsi) (rhs.f_coefficients.[ i ]))
+ <:
+- t_Array i32 (sz 256)
++ t_Array (i32_b (b1 + b2)) (sz 256)
+ }
+ <:
+- t_PolynomialRingElement)
++ t_PolynomialRingElement_b (b1 + b2)
++ in
++ assert (forall j. (j >. i /\ j <. sz 256) ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j]);
++ lhs
++ )
+ in
+ let _:Prims.unit = () <: Prims.unit in
++ assert (forall j. j <. sz 256 ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]);
+ lhs
++
++
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti
+--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.775761679 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.829760095 +0100
+@@ -3,10 +3,32 @@
+ open Core
+ open FStar.Mul
+
++let pow2_31 = 2147483648
++let i32_range (n:i32) (b:nat) =
++ b < pow2_31 /\ v n <= b /\ v n >= -b
++
++type i32_b b = x:i32{i32_range x b}
++let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1
++
++val mul_i32_b (#b1:nat) (#b2:nat{b1 * b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 * b2){v r == v x * v y}
++val add_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2):
++ Pure (i32_b (b1 + b2))
++ (requires True)
++ (ensures fun r -> v r == v x + v y)
++val sub_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 + b2){v r == v x - v y}
++val cast_i32_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) (x:i32_b b1): r:i32_b b2{v r == v x}
++val shr_i32_b (#b:nat) (#t:inttype) (x:i32_b b) (y:int_t t{v y>0 /\ v y<32}): r:i32_b (nat_div_ceil b (pow2 (v y)))
++
+ unfold
+ let t_FieldElement = i32
+
+ unfold
++let t_FieldElement_b b = i32_b b
++
++unfold
++let wfFieldElement = t_FieldElement_b 3328
++
++unfold
+ let t_FieldElementTimesMontgomeryR = i32
+
+ unfold
+@@ -16,119 +38,211 @@
+
+ let v_BARRETT_SHIFT: i64 = 26L
+
+-let v_BARRETT_R: i64 = 1L <= 0 /\ v x < 3329 /\ (v x * v v_MONTGOMERY_R) % 3329 == 1 /\ x = 169l}
++
++let int_to_spec_fe (m:int) : Spec.Kyber.field_element =
++ let m_v = m % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS in
++ assert (m_v > - v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS);
++ if m_v < 0 then
++ m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ else m_v
+
+-val get_n_least_significant_bits (n: u8) (value: u32)
+- : Prims.Pure u32
+- (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT)
++let to_spec_fe (m:i32) : Spec.Kyber.field_element =
++ int_to_spec_fe (v m)
++
++let to_spec_fe_b #b (m:i32_b b) : Spec.Kyber.field_element = to_spec_fe m
++
++let mont_to_spec_fe (m:t_FieldElement) : Spec.Kyber.field_element =
++ int_to_spec_fe (v m * v v_MONTGOMERY_R_INV)
++
++val get_n_least_significant_bits (n: u8 {v n > 0 /\ v n < 32}) (value: u32)
++ : Prims.Pure (int_t_d u32_inttype (v n))
++ (requires v n < 32)
+ (ensures
+ fun result ->
+ let result:u32 = result in
+- result <. (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32))
++ v result = v value % pow2 (v n))
+
+-val barrett_reduce (value: i32)
+- : Prims.Pure i32
+- (requires
+- (Core.Convert.f_from value <: i64) >. (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i64) &&
+- (Core.Convert.f_from value <: i64) <. v_BARRETT_R)
+- (ensures
+- fun result ->
+- let result:i32 = result in
+- result >. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) &&
+- result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
++//let barrett_pre (value:i32) =
++// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R
++// Appears to work up to +/- 2^28, but not at +/- 2^29
+
+-val montgomery_reduce (value: i32)
+- : Prims.Pure i32
+- (requires
+- value >=.
+- ((Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) *!
+- v_MONTGOMERY_R
+- <:
+- i32) &&
+- value <=. (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS *! v_MONTGOMERY_R <: i32))
++let barrett_post (value:i32) (result:i32) =
++ v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS =
++ v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++
++val barrett_reduce (value: i32_b (v v_BARRETT_R))
++ : Prims.Pure wfFieldElement
++ (requires True)
++ (ensures fun r -> barrett_post value r)
++
++let montgomery_post (value:i32) (result:i32) =
++ v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS =
++ (v value * v v_MONTGOMERY_R_INV) % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++
++
++val montgomery_reduce #b (value: i32_b b)
++ : Prims.Pure (i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665))
++ (requires True)
+ (ensures
+ fun result ->
+ let result:i32 = result in
+- result >=.
+- ((Core.Ops.Arith.Neg.neg (3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: i32
+- ) /!
+- 2l
+- <:
+- i32) &&
+- result <=. ((3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) /! 2l <: i32))
+-
+-val montgomery_multiply_fe_by_fer (fe fer: i32)
+- : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
+-
+-val to_standard_domain (mfe: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
+-
+-val to_unsigned_representative (fe: i32)
+- : Prims.Pure u16
+- (requires
+- fe >=. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) &&
+- fe <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
++ montgomery_post value result)
++
++
++val montgomery_multiply_sfe_by_fer #b1 #b2 (fe:i32_b b1) (fer: i32_b b2)
++ : Pure (i32_b (nat_div_ceil (b1 * b2) (v v_MONTGOMERY_R) + 1665))
++ (requires (b1 * b2 < pow2_31))
++ (ensures (fun result ->
++ montgomery_post (mul_i32_b fe fer) (result)))
++
++
++val to_standard_domain #b (mfe: i32_b b)
++ : Pure (i32_b (nat_div_ceil (b * 1353) (v v_MONTGOMERY_R) + 1665))
++ (requires (b * 1353 < pow2_31))
++ (ensures (fun result ->
++ montgomery_post (mul_i32_b mfe (1353l <: i32_b 1353)) result))
++
++
++val to_unsigned_representative (fe: wfFieldElement)
++ : Prims.Pure (int_t_d u16_inttype 12)
++ (requires True)
+ (ensures
+ fun result ->
+ let result:u16 = result in
++ v result == to_spec_fe fe /\
+ result >=. 0us &&
+ result <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+
+-type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) }
++type t_PolynomialRingElement = { f_coefficients:t_Array (t_FieldElement) (sz 256) }
++
++type t_PolynomialRingElement_b b = { f_coefficients:t_Array (i32_b b) (sz 256) }
++
++type wfPolynomialRingElement = t_PolynomialRingElement_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)
++
++val derefine_poly_b (#b1:nat) (x:t_PolynomialRingElement_b b1):
++ r:t_PolynomialRingElement{
++ forall (i:usize). v i < 256 ==> (r.f_coefficients.[i] <: i32) == (x.f_coefficients.[i] <: i32)}
++
++val derefine_vector_b (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K):
++ r:t_Array t_PolynomialRingElement v_K{
++ forall (i:usize). (v i < v v_K) ==>
++ (let ri : t_PolynomialRingElement = r.[i] in
++ let xi : t_PolynomialRingElement_b b = x.[i] in
++ ri == derefine_poly_b xi)}
++
++val derefine_matrix_b (#v_K:usize) (#b:nat)
++ (x:t_Array (t_Array (t_PolynomialRingElement_b b) v_K) v_K) :
++ r:t_Array (t_Array t_PolynomialRingElement v_K) v_K{
++ forall (i:usize). (v i < v v_K) ==>
++ (let ri : t_Array (t_PolynomialRingElement) v_K = r.[i] in
++ let xi : t_Array (t_PolynomialRingElement_b b) v_K = x.[i] in
++ ri == derefine_vector_b xi)}
++
++
++val cast_poly_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31})
++ (x:t_PolynomialRingElement_b b1)
++ : Pure (t_PolynomialRingElement_b b2)
++ (requires True)
++ (ensures fun r -> derefine_poly_b x == derefine_poly_b r)
++
++val cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31})
++ (x:t_Array (t_PolynomialRingElement_b b1) v_K)
++ : Pure (t_Array (t_PolynomialRingElement_b b2) v_K)
++ (requires True)
++ (ensures fun r -> derefine_vector_b x == derefine_vector_b r)
++
++let poly_range (#b:nat) (x:t_PolynomialRingElement_b b) (b':nat) =
++ (forall (i:usize). v i < 256 ==> i32_range (x.f_coefficients.[i] <: i32) b')
++
++let vector_range (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K) (b':nat) =
++ (forall (i:usize). v i < v v_K ==> poly_range #b x.[i] b')
++
++val down_cast_poly_b (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31})
++ (x:t_PolynomialRingElement_b b1):
++ Pure (t_PolynomialRingElement_b b2)
++ (requires (poly_range x b2))
++ (ensures fun r -> derefine_poly_b x == derefine_poly_b r)
++
++val down_cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31})
++ (x:t_Array (t_PolynomialRingElement_b b1) v_K):
++ Pure (t_Array (t_PolynomialRingElement_b b2) v_K)
++ (requires (vector_range x b2))
++ (ensures fun r -> derefine_vector_b x == derefine_vector_b r)
++
++let op_String_Access #t #l (a:t_Array t l) (i:usize{v i < v l}) : t = a.[i]
++
++let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) =
++ let p = createi #nat (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) in
++ assert (forall i. Seq.index p i = to_spec_fe (m.f_coefficients.[sz i]));
++ assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS);
++ p
++
++let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) =
++ to_spec_poly (derefine_poly_b m)
++
++let mont_to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) =
++ let p = createi #nat (sz 256) (fun i -> mont_to_spec_fe (m.f_coefficients.[i])) in
++ assert (forall i. Seq.index p i = mont_to_spec_fe (m.f_coefficients.[sz i]));
++ assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS);
++ p
++
++
++let to_spec_vector (#p:Spec.Kyber.params)
++ (m:t_Array (t_PolynomialRingElement) p.v_RANK)
++ : (Spec.Kyber.vector p) =
++ createi p.v_RANK (fun i -> to_spec_poly (m.[i]))
++
++
++let to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat)
++ (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK)
++ : (Spec.Kyber.vector p) =
++ to_spec_vector (derefine_vector_b m)
++
++let mont_to_spec_vector (#p:Spec.Kyber.params)
++ (m:t_Array (t_PolynomialRingElement) p.v_RANK)
++ : (Spec.Kyber.vector p) =
++ createi p.v_RANK (fun i -> mont_to_spec_poly (m.[i]))
++
++let mont_to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat)
++ (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK)
++ : (Spec.Kyber.vector p) =
++ mont_to_spec_vector (derefine_vector_b m)
++
++let to_spec_matrix (#p:Spec.Kyber.params)
++ (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK))
++ : (Spec.Kyber.matrix p) =
++ createi p.v_RANK (fun i -> to_spec_vector (m.[i]))
++
++let to_spec_matrix_b (#p:Spec.Kyber.params) (#b:nat)
++ (m:(t_Array (t_Array (t_PolynomialRingElement_b b) p.v_RANK) p.v_RANK))
++ : (Spec.Kyber.matrix p) =
++ to_spec_matrix (derefine_matrix_b m)
++
++let mont_to_spec_matrix (#p:Spec.Kyber.params)
++ (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK))
++ : (Spec.Kyber.matrix p) =
++ createi p.v_RANK (fun i -> mont_to_spec_vector (m.[i]))
++
++let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement_b 1 =
++ { f_coefficients = Rust_primitives.Hax.repeat (0l <: i32_b 1) (sz 256) } <: t_PolynomialRingElement_b 1
++
++val add_to_ring_element (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (v_K: usize) (lhs: t_PolynomialRingElement_b b1) (rhs: t_PolynomialRingElement_b b2)
++ : Prims.Pure (t_PolynomialRingElement_b (b1 + b2))
++ (requires True)
++ (ensures fun result ->
++ (forall i. v result.f_coefficients.[i] == v lhs.f_coefficients.[i] + v rhs.f_coefficients.[i]))
++
++
+
+-let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement =
+- { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } <: t_PolynomialRingElement
+
+-val add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement)
+- : Prims.Pure t_PolynomialRingElement
+- (requires
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- ((Core.Num.impl__i32__abs (lhs.f_coefficients.[ i ] <: i32) <: i32) <=.
+- (((cast (v_K <: usize) <: i32) -! 1l <: i32) *!
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- i32)
+- <:
+- bool) &&
+- ((Core.Num.impl__i32__abs (rhs.f_coefficients.[ i ] <: i32) <: i32) <=.
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- bool))
+- <:
+- bool))
+- (ensures
+- fun result ->
+- let result:t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.f_coefficients.[ i ] <: i32) <: i32) <=.
+- ((cast (v_K <: usize) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- i32)
+- <:
+- bool)
+- <:
+- bool))
+diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst
+--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.780761533 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.819760389 +0100
+@@ -1,39 +1,79 @@
+ module Libcrux.Kem.Kyber.Compress
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 0 --z3rlimit 200"
+ open Core
+ open FStar.Mul
+
+-let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) =
+- let _:Prims.unit = () <: Prims.unit in
+- let _:Prims.unit = () <: Prims.unit in
+- let compressed:u64 = (cast (fe <: u16) <: u64) <>! 35l in
+- cast (Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits coefficient_bits
+- (cast (compressed <: u64) <: u32)
+- <:
+- u32)
+- <:
+- i32
+-
+-let compress_message_coefficient (fe: u16) =
++let compress_message_coefficient fe =
+ let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in
++ assert (v shifted == 1664 - v fe);
+ let mask:i16 = shifted >>! 15l in
++ assert (v mask = v shifted / pow2 15);
++ assert (if v shifted < 0 then mask = ones else mask = zero);
+ let shifted_to_positive:i16 = mask ^. shifted in
++ logxor_lemma shifted mask;
++ assert (v shifted < 0 ==> v shifted_to_positive = v (lognot shifted));
++ neg_equiv_lemma shifted;
++ assert (v (lognot shifted) = -(v shifted) -1);
++ assert (v shifted >= 0 ==> v shifted_to_positive = v (mask `logxor` shifted));
++ assert (v shifted >= 0 ==> mask = zero);
++ assert (v shifted >= 0 ==> mask ^. shifted = shifted);
++ assert (v shifted >= 0 ==> v shifted_to_positive = v shifted);
++ assert (shifted_to_positive >=. 0s);
+ let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in
+- cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8
++ assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe);
++ assert (1664 - v fe < 0 ==> v shifted_positive_in_range == -2497 + v fe);
++ let r0 = shifted_positive_in_range >>! 15l in
++ let r1 = r0 &. 1s in
++ let res = cast (r1) <: u8 in
++ assert (v r0 = v shifted_positive_in_range / pow2 15);
++ assert (if v shifted_positive_in_range < 0 then r0 = ones else r0 = zero);
++ logand_lemma 1s r0;
++ assert (if v shifted_positive_in_range < 0 then r1 = 1s else r1 = 0s);
++ assert ((v fe >= 833 && v fe <= 2496) ==> r1 = 1s);
++ assert (v fe < 833 ==> r1 = 0s);
++ assert (v fe > 2496 ==> r1 = 0s);
++ assert (v res = v r1);
++ res
++
++let compress_ciphertext_coefficient coefficient_bits fe =
++ let _:Prims.unit = () <: Prims.unit in
++ let _:Prims.unit = () <: Prims.unit in
++ let compressed:u32 = (cast (fe <: u16) <: u32) <>! (coefficient_bits +! 1uy <: u8) in
+- cast (decompressed <: u32) <: i32
++ let res = cast (decompressed <: u32) <: i32 in
++ let res : Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 = res in
++ res
+
+-let decompress_message_coefficient (fe: i32) =
+- (Core.Ops.Arith.Neg.neg fe <: i32) &.
+- ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32)
++let decompress_message_coefficient fe =
++ let res = (Core.Ops.Arith.Neg.neg fe <: i32) &.
++ ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) in
++ assert (v ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) == 1665);
++ assert (res == logand #i32_inttype (Core.Ops.Arith.Neg.neg fe) 1665l);
++ assert (v fe == 0 ==> Core.Ops.Arith.Neg.neg fe = zero);
++ logand_lemma 1665l zero;
++ assert (v fe == 0 ==> res == zero);
++ res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328
++#pop-options
+diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti
+--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.762762061 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.847759568 +0100
+@@ -3,8 +3,19 @@
+ open Core
+ open FStar.Mul
+
+-val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16)
+- : Prims.Pure i32
++val compress_message_coefficient (fe: u16)
++ : Prims.Pure u8
++ (requires v fe < 3329)
++ (ensures
++ fun result ->
++ let result:u8 = result in
++ if 833 <= v fe && v fe <= 2496
++ then result =. 1uy
++ else result =. 0uy)
++
++
++val compress_ciphertext_coefficient (coefficient_bits: u8 {v coefficient_bits > 0 /\ v coefficient_bits <= 32}) (fe: u16)
++ : Prims.Pure (int_t_d i32_inttype (v coefficient_bits))
+ (requires
+ (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy ||
+ coefficient_bits =. 11uy) &&
+@@ -15,32 +26,19 @@
+ result >=. 0l &&
+ result <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32))
+
+-val compress_message_coefficient (fe: u16)
+- : Prims.Pure u8
+- (requires fe <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+- (ensures
+- fun result ->
+- let result:u8 = result in
+- Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool))
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- result =. 1uy <: bool) &&
+- Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- result =. 0uy <: bool))
++open Rust_primitives.Integers
+
+-val decompress_ciphertext_coefficient (coefficient_bits: u8) (fe: i32)
+- : Prims.Pure i32
+- (requires
+- (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy ||
+- coefficient_bits =. 11uy) &&
+- fe >=. 0l &&
+- fe <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32))
++val decompress_ciphertext_coefficient
++ (coefficient_bits: u8 {coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || coefficient_bits =. 11uy})
++ (fe: int_t_d i32_inttype (v coefficient_bits))
++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1))
++ (requires True)
+ (ensures
+ fun result ->
+ let result:i32 = result in
+ result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
+
+ val decompress_message_coefficient (fe: i32)
+- : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfFieldElement
++ (requires fe =. 0l || fe =. 1l)
++ (fun result -> v result >= 0 /\ v result < 3329)
+diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti
+--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.795761093 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.821760330 +0100
+@@ -15,7 +15,8 @@
+
+ let v_FIELD_MODULUS: i32 = 3329l
+
+-let v_H_DIGEST_SIZE: usize = sz 32
++let v_H_DIGEST_SIZE: usize =
++ Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm)
+
+ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5
+
+diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst
+--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.802760887 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.832760008 +0100
+@@ -4,56 +4,163 @@
+ open FStar.Mul
+
+ let is_non_zero (value: u8) =
++ let orig_value = value in
+ let value:u16 = cast (value <: u8) <: u16 in
+- let result:u16 =
+- ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &.
+- 1us
+- in
+- cast (result <: u16) <: u8
++ let result:u8 = cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) in
++ let res:u8 = result &. 1uy in
++ if v orig_value = 0 then (
++ assert(value == zero);
++ lognot_lemma value;
++ assert((~.value +. 1us) == zero);
++ assert((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero);
++ logor_lemma value zero;
++ assert((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == value);
++ assert (v result == v ((value >>! 8l)));
++ assert ((v value / pow2 8) == 0);
++ assert (result == 0uy);
++ logand_lemma 1uy result;
++ assert (res == 0uy);
++ res)
++ else (
++ assert (v value <> 0);
++ lognot_lemma value;
++ assert (v (~.value) = pow2 16 - 1 - v value);
++ assert (v (~.value) + 1 = pow2 16 - v value);
++ assert (v (value) <= pow2 8 - 1);
++ assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value));
++ assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value));
++ assert ((v (~.value) + 1)/pow2 8 = (pow2 8 - 1));
++ assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1);
++ assert (result = ones);
++ logand_lemma 1uy result;
++ assert (res = 1uy);
++ res
++ )
+
+-let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) =
++let compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE lhs rhs =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+ let (r: u8):u8 = 0uy in
++ [@ inline_let]
++ let inv = fun (acc:u8) (i:usize) ->
++ v i <= v v_CIPHERTEXT_SIZE /\
++ (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then
++ acc == 0uy
++ else ~ (acc == 0uy))
++ in
+ let r:u8 =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ Rust_primitives.Iterators.foldi_range #_ #u8 #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+ r
+ (fun r i ->
+ let r:u8 = r in
+ let i:usize = i in
+- r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8)
++ let nr = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8 in
++ if r =. 0uy then (
++ if (Seq.index lhs (v i) = Seq.index rhs (v i)) then (
++ logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i));
++ assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero);
++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
++ assert (nr = r);
++ assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j);
++ assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j);
++ eq_intro (Seq.slice lhs 0 (v i + 1)) (Seq.slice rhs 0 (v i + 1));
++ nr
++ )
++ else (
++ logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i));
++ assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero);
++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
++ assert (v nr > 0);
++ assert (Seq.index (Seq.slice lhs 0 (v i+1)) (v i) <>
++ Seq.index (Seq.slice rhs 0 (v i+1)) (v i));
++ assert (Seq.slice lhs 0 (v i+1) <> Seq.slice rhs 0 (v i + 1));
++ nr
++ )
++ ) else (
++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
++ assert (v nr >= v r);
++ assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i));
++ if (Seq.slice lhs 0 (v i+1) = Seq.slice rhs 0 (v i + 1)) then
++ (assert (forall j. j < v i + 1 ==> Seq.index (Seq.slice lhs 0 (v i+1)) j == Seq.index (Seq.slice rhs 0 (v i+1)) j);
++ eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i));
++ assert(False))
++ else nr
++ )
++ )
+ in
+- is_non_zero r
++ let res = is_non_zero r in
++ res
+
++#push-options "--ifuel 0 --z3rlimit 50"
+ let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+ let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in
++ assert (if selector = 0uy then mask = ones else mask = zero);
++ lognot_lemma mask;
++ assert (if selector = 0uy then ~.mask = zero else ~.mask = ones);
+ let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
++ [@ inline_let]
++ let inv = fun (acc:t_Array u8 (sz 32)) (i:usize) ->
++ v i <= 32 /\
++ (forall j. j < v i ==> (if (selector =. 0uy) then Seq.index acc j == Seq.index lhs j else Seq.index acc j == Seq.index rhs j)) /\
++ (forall j. j >= v i ==> Seq.index acc j == 0uy)
++ in
+ let out:t_Array u8 (sz 32) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ Rust_primitives.Iterators.foldi_range #_ #(t_Array u8 (sz 32)) #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+ out
+ (fun out i ->
+ let out:t_Array u8 (sz 32) = out in
++ assert ((out.[ i ] <: u8) = 0uy);
++ let outi =
++ ((out.[ i ] <: u8) |.
++ (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)
++ <:
++ u8)
++ <:
++ u8) in
++ if (selector = 0uy) then (
++ logand_lemma (lhs.[ i ] <: u8) mask;
++ assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8));
++ logand_lemma (rhs.[ i ] <: u8) (~.mask);
++ assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero);
++ logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8);
++ assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8));
++ logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8);
++ assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8));
++ assert (outi = (lhs.[ i ] <: u8))
++ )
++ else (
++ logand_lemma (lhs.[ i ] <: u8) mask;
++ assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero);
++ logand_lemma (rhs.[ i ] <: u8) (~.mask);
++ assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8));
++ logor_lemma (rhs.[ i ] <: u8) zero;
++ assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8));
++ assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == (rhs.[ i ] <: u8));
++ logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8);
++ assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (rhs.[ i ] <: u8));
++ assert (outi = (rhs.[ i ] <: u8))
++ );
+ let i:usize = i in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out
+ i
+- (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8)
++ outi
+ <:
+ t_Array u8 (sz 32))
+ in
+- out
++ if (selector =. 0uy) then (
++ eq_intro out lhs;
++ out
++ )
++ else (
++ eq_intro out rhs;
++ out
++ )
++#pop-options
+diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti
+--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.798761005 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.837759861 +0100
+@@ -20,7 +20,8 @@
+
+ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8)
+ : Prims.Pure u8
+- Prims.l_True
++ (requires (length lhs == v_CIPHERTEXT_SIZE /\
++ length rhs == v_CIPHERTEXT_SIZE))
+ (ensures
+ fun result ->
+ let result:u8 = result in
+@@ -35,15 +36,10 @@
+
+ val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8)
+ : Prims.Pure (t_Array u8 (sz 32))
+- Prims.l_True
++ (requires (length lhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE /\
++ length rhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE))
+ (ensures
+ fun result ->
+ let result:t_Array u8 (sz 32) = result in
+- Hax_lib.implies (selector =. 0uy <: bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- result =. lhs <: bool) &&
+- Hax_lib.implies (selector <>. 0uy <: bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- result =. rhs <: bool))
++ Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) &&
++ Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool))
+diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst
+--- extraction/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.764762002 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.824760242 +0100
+@@ -1,12 +1,29 @@
+ module Libcrux.Kem.Kyber
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+ open Core
+ open FStar.Mul
+
+-let serialize_kem_secret_key
++let update_at_range_lemma #n
++ (s: t_Slice 't)
++ (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).in_range s i})
++ (x: t_Slice 't)
++ : Lemma
++ (requires (Seq.length x == v i.f_end - v i.f_start))
++ (ensures (
++ let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in
++ let len = v i.f_start in
++ forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i
++ ))
++ [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)]
++ = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in
++ let len = v i.f_start in
++ introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i
++ with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i
++ /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i ))
++
++let serialize_kem_secret_key #p
+ (v_SERIALIZED_KEY_LEN: usize)
+- (private_key public_key implicit_rejection_value: t_Slice u8)
+- =
++ (private_key public_key implicit_rejection_value: t_Slice u8) =
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in
+ let pointer:usize = sz 0 in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+@@ -55,6 +72,8 @@
+ t_Slice u8)
+ in
+ let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in
++ let h_public_key = (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key)
++ <: t_Slice u8) in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+@@ -70,16 +89,7 @@
+ pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: usize
+ }
+ <:
+- Core.Ops.Range.t_Range usize ]
+- <:
+- t_Slice u8)
+- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key
+- <:
+- t_Array u8 (sz 32))
+- <:
+- t_Slice u8)
+- <:
+- t_Slice u8)
++ Core.Ops.Range.t_Range usize ]) h_public_key)
+ in
+ let pointer:usize = pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+@@ -106,14 +116,32 @@
+ <:
+ t_Slice u8)
+ in
++ assert (Seq.slice out 0 (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) `Seq.equal` private_key);
++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p))
++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) `Seq.equal` public_key);
++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p))
++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE))
++ `Seq.equal` Libcrux.Kem.Kyber.Hash_functions.v_H public_key);
++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE))
++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE +!
++ Spec.Kyber.v_SHARED_SECRET_SIZE))
++ == implicit_rejection_value);
++ lemma_slice_append_4 out private_key public_key (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value;
+ out
+
+-let decapsulate
++let decapsulate #p
+ (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
+ usize)
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+- =
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE)
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) =
++ let orig_secret_key = secret_key.f_value in
+ let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) =
+ Libcrux.Kem.Kyber.Types.impl_12__split_at v_SECRET_KEY_SIZE secret_key v_CPA_SECRET_KEY_SIZE
+ in
+@@ -123,8 +151,12 @@
+ let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE
+ in
++ assert (ind_cpa_secret_key == slice orig_secret_key (sz 0) v_CPA_SECRET_KEY_SIZE);
++ assert (ind_cpa_public_key == slice orig_secret_key v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE));
++ assert (ind_cpa_public_key_hash == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE));
++ assert (implicit_rejection_value == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) (length orig_secret_key));
+ let decrypted:t_Array u8 (sz 32) =
+- Libcrux.Kem.Kyber.Ind_cpa.decrypt v_K
++ Libcrux.Kem.Kyber.Ind_cpa.decrypt #p v_K
+ v_CIPHERTEXT_SIZE
+ v_C1_SIZE
+ v_VECTOR_U_COMPRESSION_FACTOR
+@@ -152,6 +184,9 @@
+ <:
+ t_Slice u8)
+ in
++ lemma_slice_append to_hash decrypted ind_cpa_public_key_hash;
++ assert (decrypted == Spec.Kyber.ind_cpa_decrypt p ind_cpa_secret_key ciphertext.f_value);
++ assert (to_hash == concat decrypted ind_cpa_public_key_hash);
+ let hashed:t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
+@@ -159,6 +194,10 @@
+ Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8)
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ in
++ assert ((shared_secret,pseudorandomness) == split hashed Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE);
++ assert (length implicit_rejection_value = v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE);
++ assert (length implicit_rejection_value = Spec.Kyber.v_SHARED_SECRET_SIZE);
++ assert (Spec.Kyber.v_SHARED_SECRET_SIZE <=. Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p);
+ let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8
+ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE =
+ Libcrux.Kem.Kyber.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE
+@@ -180,11 +219,13 @@
+ <:
+ t_Slice u8)
+ in
++ lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value;
+ let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) =
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
++ assert (implicit_rejection_shared_secret == Spec.Kyber.v_J to_hash);
+ let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
+- Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
++ Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
+ v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1
+ v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted
+ pseudorandomness
+@@ -194,16 +235,18 @@
+ (Core.Convert.f_as_ref ciphertext <: t_Slice u8)
+ (Rust_primitives.unsize expected_ciphertext <: t_Slice u8)
+ in
++ let res =
+ Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time shared_secret
+ (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8)
+ selector
++ in
++ res
+
+-let encapsulate
++let encapsulate #p
+ (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+- (randomness: t_Array u8 (sz 32))
+- =
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
++ (randomness: t_Array u8 (sz 32)) =
+ let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64)
+ (Rust_primitives.unsize randomness <: t_Slice u8)
+@@ -234,6 +277,10 @@
+ <:
+ t_Slice u8)
+ in
++ assert (Seq.slice to_hash 0 (v Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) == randomness);
++ lemma_slice_append to_hash randomness (Spec.Kyber.v_H public_key.f_value);
++ assert (to_hash == concat randomness (Spec.Kyber.v_H public_key.f_value));
++
+ let hashed:t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
+@@ -242,7 +289,7 @@
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ in
+ let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
+- Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
++ Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
+ v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN
+ v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE
+@@ -252,44 +299,17 @@
+ <:
+ t_Slice u8) randomness pseudorandomness
+ in
+- let shared_secret:t_Array u8 (sz 32) =
+- match Core.Convert.f_try_into shared_secret with
+- | Core.Result.Result_Ok shared_secret -> shared_secret
+- | Core.Result.Result_Err _ ->
+- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic"
+- <:
+- Rust_primitives.Hax.t_Never)
+- in
+- Core.Convert.f_into ciphertext, shared_secret
++ Core.Convert.f_into ciphertext,
++ Core.Result.impl__unwrap (Core.Convert.f_try_into shared_secret
++ <:
++ Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)
+ <:
+- (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
++ (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+
+-let validate_public_key
+- (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
+- =
+- let pk:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key v_K
+- (Rust_primitives.unsize public_key <: t_Slice u8)
+- in
+- let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+- Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key v_K
+- v_RANKED_BYTES_PER_RING_ELEMENT
+- v_PUBLIC_KEY_SIZE
+- pk
+- (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT }
+- <:
+- Core.Ops.Range.t_RangeFrom usize ]
+- <:
+- t_Slice u8)
+- in
+- public_key =. public_key_serialized
+-
+-let generate_keypair
++let generate_keypair #p
+ (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+- (randomness: t_Array u8 (sz 64))
+- =
++ (randomness: t_Array u8 (sz 64)) =
+ let ind_cpa_keypair_randomness:t_Slice u8 =
+ randomness.[ {
+ Core.Ops.Range.f_start = sz 0;
+@@ -307,7 +327,7 @@
+ in
+ let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE &
+ t_Array u8 v_PUBLIC_KEY_SIZE) =
+- Libcrux.Kem.Kyber.Ind_cpa.generate_keypair v_K
++ Libcrux.Kem.Kyber.Ind_cpa.generate_keypair #p v_K
+ v_CPA_PRIVATE_KEY_SIZE
+ v_PUBLIC_KEY_SIZE
+ v_BYTES_PER_RING_ELEMENT
+@@ -316,16 +336,17 @@
+ ind_cpa_keypair_randomness
+ in
+ let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
+- serialize_kem_secret_key v_PRIVATE_KEY_SIZE
++ serialize_kem_secret_key #p v_PRIVATE_KEY_SIZE
+ (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8)
+ (Rust_primitives.unsize public_key <: t_Slice u8)
+ implicit_rejection_value
+ in
+- let (private_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey
++ let (private_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_PRIVATE_KEY_SIZE):Libcrux.Kem.Kyber.Types.t_KyberPrivateKey
+ v_PRIVATE_KEY_SIZE =
+ Core.Convert.f_from secret_key_serialized
+ in
+ Libcrux.Kem.Kyber.Types.impl__from v_PRIVATE_KEY_SIZE
+ v_PUBLIC_KEY_SIZE
+ private_key
+- (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
++ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
++
+diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti
+--- extraction/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.791761210 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.850759480 +0100
+@@ -4,42 +4,81 @@
+ open FStar.Mul
+
+ unfold
+-let t_MlKemSharedSecret = t_Array u8 (sz 32)
++let t_KyberSharedSecret = t_Array u8 (sz 32)
+
+ let v_KEY_GENERATION_SEED_SIZE: usize =
+ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +!
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+
+-val serialize_kem_secret_key
++val serialize_kem_secret_key (#p:Spec.Kyber.params)
+ (v_SERIALIZED_KEY_LEN: usize)
+ (private_key public_key implicit_rejection_value: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 v_SERIALIZED_KEY_LEN)
++ (requires (length private_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ length implicit_rejection_value == Spec.Kyber.v_SHARED_SECRET_SIZE /\
++ v_SERIALIZED_KEY_LEN == Spec.Kyber.v_SECRET_KEY_SIZE p))
++ (ensures (fun res -> res ==
++ Seq.append private_key (
++ Seq.append public_key (
++ Seq.append (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value))))
+
+-val decapsulate
++val decapsulate (#p:Spec.Kyber.params)
+ (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
+ usize)
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE)
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE)
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE)
++ : Pure (t_Array u8 (sz 32))
++ (requires ( p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\
++ Spec.Kyber.valid_params p /\
++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
++ v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
++ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p /\
++ v_SECRET_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\
++ v_CPA_SECRET_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
++ v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\
++ v_C1_BLOCK_SIZE == Spec.Kyber.v_C1_BLOCK_SIZE p /\
++ v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\
++ v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p
++ ))
++ (ensures (fun res ->
++ res == Spec.Kyber.ind_cca_decapsulate p secret_key.f_value ciphertext.f_value))
+
+-val encapsulate
++val encapsulate (#p:Spec.Kyber.params)
+ (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
+ (randomness: t_Array u8 (sz 32))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val validate_public_key
+- (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (public_key: t_Array u8 v_PUBLIC_KEY_SIZE)
+- : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
++ (requires (p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\
++ Spec.Kyber.valid_params p /\
++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
++ v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
++ v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\
++ v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\
++ v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\
++ v_VECTOR_U_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p
++ ))
+
+-val generate_keypair
++ (ensures (fun (ct,ss) ->
++ (ct.f_value,ss) == Spec.Kyber.ind_cca_encapsulate p public_key.f_value randomness))
++
++
++val generate_keypair (#p:Spec.Kyber.params)
+ (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+ (randomness: t_Array u8 (sz 64))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ (requires (v_K == p.v_RANK /\ v_ETA1 == p.v_ETA1 /\
++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ v_CPA_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
++ v_PRIVATE_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\
++ v_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p
++ ))
++ (ensures (fun kp ->
++ (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness))
+diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst
+--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.803760858 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.830760066 +0100
+@@ -3,18 +3,27 @@
+ open Core
+ open FStar.Mul
+
+-let v_G (input: t_Slice u8) = Libcrux.Digest.sha3_512_ input
++let v_G (input: t_Slice u8) =
++ let res = Libcrux.Digest.sha3_512_ input in
++ admit(); // We assume that sha3_512 correctly implements G
++ res
+
+-let v_H (input: t_Slice u8) = Libcrux.Digest.sha3_256_ input
++let v_H (input: t_Slice u8) =
++ let res = Libcrux.Digest.sha3_256_ input in
++ admit(); // We assume that sha3_512 correctly implements H
++ res
+
+-let v_PRF (v_LEN: usize) (input: t_Slice u8) = Libcrux.Digest.shake256 v_LEN input
++let v_PRF (v_LEN: usize) (input: t_Slice u8) =
++ let res = Libcrux.Digest.shake256 v_LEN input in
++ admit(); // We assume that sha3_512 correctly implements H
++ res
+
+ let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) =
+ let out:t_Array (t_Array u8 (sz 840)) v_K =
+ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K
+ in
+ let out:t_Array (t_Array u8 (sz 840)) v_K =
+- if ~.(Libcrux_platform.simd256_support () <: bool) || ~.true
++ if ~.(Libcrux_platform.simd256_support <: bool) || ~.false
+ then
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+@@ -100,4 +109,5 @@
+ in
+ out
+ in
++ admit(); //P-F
+ out
+diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti
+--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.758762178 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.855759333 +0100
+@@ -3,12 +3,24 @@
+ open Core
+ open FStar.Mul
+
+-val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True)
++val v_G (input: t_Slice u8)
++ : Pure (t_Array u8 (sz 64))
++ (requires True)
++ (ensures (fun res -> res == Spec.Kyber.v_G input))
+
+-val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
++val v_H (input: t_Slice u8)
++ : Pure (t_Array u8 (sz 32))
++ (requires True)
++ (ensures (fun res -> res == Spec.Kyber.v_H input))
+
+ val v_PRF (v_LEN: usize) (input: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 v_LEN)
++ (requires True)
++ (ensures (fun res -> res == Spec.Kyber.v_PRF v_LEN input))
+
+ val v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K)
+- : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (t_Array (t_Array u8 (sz 840)) v_K)
++ (requires True)
++ (ensures (fun res ->
++ (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i))))
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst
+--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.765761973 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.853759392 +0100
+@@ -1,5 +1,5 @@
+ module Libcrux.Kem.Kyber.Ind_cpa
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+ open Core
+ open FStar.Mul
+
+@@ -37,33 +37,37 @@
+ in
+ out
+
+-let sample_ring_element_cbd
++unfold let acc_t (v_K v_ETA:usize) = (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) v_K)
++unfold let inv_t v_K v_ETA = acc_t v_K v_ETA -> usize -> Type
++
++let wfZero: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
++
++let etaZero (v_ETA:usize{v v_ETA >= 1 /\ v v_ETA < pow2 31}): Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA) =
++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #(v v_ETA) Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
++
++let sample_vector_cbd (#p:Spec.Kyber.params)
+ (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
+- (prf_input: t_Array u8 (sz 33))
+- (domain_separator: u8)
+- =
+- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let domain_separator, error_1_, prf_input:(u8 &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
+- t_Array u8 (sz 33)) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ (prf_input: t_Array u8 (sz 33)) domain_separator =
++ let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K =
++ Rust_primitives.Hax.repeat (etaZero (sz (pow2 (v v_ETA2) - 1))) v_K
++ in
++ let orig_domain_separator = domain_separator in
++ [@ inline_let]
++ let inv : inv_t v_K v_ETA2 = fun (acc:acc_t v_K v_ETA2) (i:usize) ->
++ let (domain_separator,prf_input,error_1_) = acc in
++ if (i >=. sz 0 && i <=. v_K)
++ then
++ domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i))
++ else true in
++ let (domain_separator, prf_input, error_1_):acc_t v_K (v_ETA2) =
++ Rust_primitives.Iterators.foldi_range #_ #(acc_t v_K (v_ETA2)) #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- (domain_separator, error_1_, prf_input
+- <:
+- (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & t_Array u8 (sz 33))
+- )
++ (domain_separator, prf_input, error_1_)
+ (fun temp_0_ i ->
+- let domain_separator, error_1_, prf_input:(u8 &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
+- t_Array u8 (sz 33)) =
++ let domain_separator, prf_input, error_1_:acc_t v_K (v_ETA2) =
+ temp_0_
+ in
+ let i:usize = i in
+@@ -77,49 +81,46 @@
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_
+ i
+- (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2
++ (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1))
+ in
+- domain_separator, error_1_, prf_input
+- <:
+- (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
+- t_Array u8 (sz 33)))
++ domain_separator, prf_input, error_1_)
+ in
+- let hax_temp_output:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = error_1_ in
++ let hax_temp_output:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = error_1_ in
++ admit(); //P-F
+ prf_input, domain_separator, hax_temp_output
+ <:
+- (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ (t_Array u8 (sz 33) & u8 & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA2)) v_K)
+
+-let sample_vector_cbd_then_ntt
++#push-options "--split_queries no --z3rlimit 300"
++let sample_vector_cbd_then_ntt (#p:Spec.Kyber.params)
+ (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+- (prf_input: t_Array u8 (sz 33))
+- (domain_separator: u8)
+- =
+- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ (prf_input: t_Array u8 (sz 33)) domain_separator =
++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat (wfZero) v_K
++ in
++ let orig_domain_separator = domain_separator in
++ [@ inline_let]
++ let inv: (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K) -> usize -> Type = fun acc i ->
++ let (domain_separator,prf_input,re_as_ntt) = acc in
++ if (i >=. sz 0 && i <=. v_K)
++ then
++ domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i))
++ else true in
++ let (domain_separator, prf_input, re_as_ntt):(u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K)=
++ Rust_primitives.Iterators.foldi_range #_ #_ #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- (domain_separator, prf_input, re_as_ntt
+- <:
+- (u8 & t_Array u8 (sz 33) & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- )
++ (domain_separator, prf_input, re_as_ntt)
+ (fun temp_0_ i ->
+ let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+ temp_0_
+ in
+ let i:usize = i in
+@@ -133,64 +134,74 @@
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA
++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1) =
++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ in
+- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b r in
++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element r
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+ domain_separator, prf_input, re_as_ntt
+ <:
+ (u8 & t_Array u8 (sz 33) &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K))
+ in
++ admit(); //P-F
+ re_as_ntt, domain_separator
+ <:
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8)
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8)
+
+-let compress_then_serialize_u
+- (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
+- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- =
++
++let compress_then_serialize_u #p v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN input =
+ let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
++ let orig_out = out in
++ let acc_t = t_Array u8 v_OUT_LEN in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
+ let out:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Iter.Traits.Collect.f_into_iter input
+- <:
+- Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv
++ input
+ out
+ (fun out temp_1_ ->
+ let out:t_Array u8 v_OUT_LEN = out in
+- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in
++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in
++ assert (i <. v_K);
++ assert (v i + 1 <= v v_K);
++ assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN);
++ assert (((v i + 1) * (v v_OUT_LEN / v v_K)) <= v v_OUT_LEN);
++ assert (v_OUT_LEN /! v_K == Spec.Kyber.v_C1_BLOCK_SIZE p);
++ assert (range (v i * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype);
++ assert (range ((v i + 1) * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype);
++ assert ((Core.Ops.Range.impl_index_range_slice u8 usize_inttype).in_range out
++ {
++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
++ Core.Ops.Range.f_end
++ =
++ (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
++ });
++ assert (((i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p) -! (i *! Spec.Kyber.v_C1_BLOCK_SIZE p) == Spec.Kyber.v_C1_BLOCK_SIZE p);
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+- Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize;
+- Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize
++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
++ Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+ (Core.Slice.impl__copy_from_slice (out.[ {
+- Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize;
++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
+ Core.Ops.Range.f_end
+ =
+- (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize
+- }
+- <:
+- Core.Ops.Range.t_Range usize ]
++ (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
++ } ]
+ <:
+ t_Slice u8)
+- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u
++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u #p
+ v_COMPRESSION_FACTOR
+ v_BLOCK_LEN
+ re
+@@ -203,201 +214,234 @@
+ <:
+ t_Array u8 v_OUT_LEN)
+ in
++ admit();//P-F
+ out
+
+-let deserialize_then_decompress_u
+- (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
+- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- =
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8)
+- ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
++#push-options "--split_queries always"
++let deserialize_then_decompress_u (#p:Spec.Kyber.params)
++ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize)
++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat wfZero v_K
++ in
++ let acc_t1 = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
++ [@ inline_let]
++ let inv = fun (acc:acc_t1) (i:usize) -> True in
++ let sl : t_Slice u8 = ciphertext.[
++ { Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in
++ assert (length sl == v_VECTOR_U_ENCODED_SIZE);
++ let chunk_len = ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
+ v_U_COMPRESSION_FACTOR
+ <:
+ usize) /!
+ sz 8
+ <:
+- usize)
+- <:
+- Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ usize) in
++ FStar.Math.Lemmas.cancel_mul_mod (v p.v_RANK) (v (Spec.Kyber.v_C1_BLOCK_SIZE p)) ;
++ assert (v chunk_len == v (Spec.Kyber.v_C1_BLOCK_SIZE p));
++ assert (Seq.length sl % v (Spec.Kyber.v_C1_BLOCK_SIZE p) = 0);
++ assert (Seq.length sl == v (Spec.Kyber.v_C1_SIZE p));
++ assert (Seq.length sl / v (Spec.Kyber.v_C1_BLOCK_SIZE p) == v v_K);
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t1 #inv
++ sl
++ chunk_len
+ u_as_ntt
+ (fun u_as_ntt temp_1_ ->
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+ u_as_ntt
+ in
+- let i, u_bytes:(usize & t_Slice u8) = temp_1_ in
+- let u:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let i, u_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
++ let u:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
+ u_bytes
+ in
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ assert (v i < v v_K);
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR u
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+ u_as_ntt)
+ in
++ admit(); //P-F
+ u_as_ntt
++#pop-options
+
+-let deserialize_public_key (v_K: usize) (public_key: t_Slice u8) =
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact public_key
+- Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT
+- <:
+- Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++#push-options "--z3rlimit 200"
++let deserialize_public_key (#p:Spec.Kyber.params)
++ (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat wfZero v_K
++ in
++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
++ let sl : t_Slice u8 = public_key.[
++ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in
++ let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
++ sl
++ chunk_len
+ tt_as_ntt
+ (fun tt_as_ntt temp_1_ ->
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+ tt_as_ntt
+ in
+- let i, tt_as_ntt_bytes:(usize & t_Slice u8) = temp_1_ in
++ let i, tt_as_ntt_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element tt_as_ntt_bytes
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ in
+- tt_as_ntt
+-
+-let deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) =
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact secret_key
+- Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT
+- <:
+- Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ admit(); //P-F
++ tt_as_ntt
++#pop-options
++
++#push-options "--split_queries always"
++let deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) =
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat wfZero v_K
++ in
++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
++ let sl : t_Slice u8 = secret_key in
++ let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in
++ assert(v chunk_len == 384);
++ assert(Seq.length secret_key == v (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p));
++ assert(Seq.length secret_key == (v v_K * 256 * 12)/8);
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
++ sl
++ chunk_len
+ secret_as_ntt
+ (fun secret_as_ntt temp_1_ ->
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+ secret_as_ntt
+ in
+- let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in
++ let i, secret_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element secret_bytes
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ in
++ admit(); //P-F
+ secret_as_ntt
++#pop-options
+
+-let decrypt
++#push-options "--z3rlimit 400 --split_queries no"
++let decrypt #p
+ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+ usize)
+ (secret_key: t_Slice u8)
+- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- =
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext
++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ deserialize_then_decompress_u #p v_K
++ v_CIPHERTEXT_SIZE
++ v_VECTOR_U_ENCODED_SIZE
++ v_U_COMPRESSION_FACTOR
++ ciphertext
+ in
+- let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR
++ let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v #p v_V_COMPRESSION_FACTOR
+ (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE }
+ <:
+ Core.Ops.Range.t_RangeFrom usize ]
+ <:
+ t_Slice u8)
+ in
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- deserialize_secret_key v_K secret_key
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ deserialize_secret_key #p v_K secret_key
+ in
+- let message:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Matrix.compute_message v_K v secret_as_ntt u_as_ntt
++ let message:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Matrix.compute_message #p v_K v secret_as_ntt u_as_ntt
+ in
+- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message
+-
+-let encrypt
+- (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+- usize)
++ let res = Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message in
++ res
++#pop-options
++
++#push-options "--z3rlimit 200"
++let encrypt #p
++ v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE
+ (public_key: t_Slice u8)
+ (message: t_Array u8 (sz 32))
+- (randomness: t_Slice u8)
+- =
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- deserialize_public_key v_K public_key
++ (randomness: t_Slice u8) =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ deserialize_public_key #p v_K v_T_AS_NTT_ENCODED_SIZE public_key
+ in
+ let seed:t_Slice u8 =
+ public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE }
+ <:
+ Core.Ops.Range.t_RangeFrom usize ]
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+- Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K
+ (into_padded_array (sz 34) seed <: t_Array u8 (sz 34))
+ false
+ in
+ let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in
+- let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
++ let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K &
+ u8) =
+- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
+ in
++ assert (v domain_separator == v v_K);
+ let tmp0, tmp1, out:(t_Array u8 (sz 33) & u8 &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
+- sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ sample_vector_cbd #p v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator
+ in
+ let prf_input:t_Array u8 (sz 33) = tmp0 in
+ let domain_separator:u8 = tmp1 in
+- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = out in
++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = out in
+ let prf_input:t_Array u8 (sz 33) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator
+ in
++ assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator)));
++ assert (prf_input == Seq.append randomness (Seq.create 1 domain_separator));
+ let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE =
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2
++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1) =
++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ in
+- let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Libcrux.Kem.Kyber.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_
++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b error_2_ in
++ let u:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Libcrux.Kem.Kyber.Matrix.compute_vector_u #p v_K v_A_transpose r_as_ntt error_1_
+ in
+- let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message message
+ in
+- let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Matrix.compute_ring_element_v v_K
++ let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Matrix.compute_ring_element_v #p v_K
+ tt_as_ntt
+ r_as_ntt
+ error_2_
+ message_as_ring_element
+ in
+ let c1:t_Array u8 v_C1_LEN =
+- compress_then_serialize_u v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u
++ compress_then_serialize_u #p v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u
+ in
+ let c2:t_Array u8 v_C2_LEN =
+- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR
++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v #p v_V_COMPRESSION_FACTOR
+ v_C2_LEN
+ v
+ in
++ assert (v_C1_LEN = Spec.Kyber.v_C1_SIZE p);
++ assert (v_C2_LEN = Spec.Kyber.v_C2_SIZE p);
++ assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN);
++ assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE);
+ let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE =
+ into_padded_array v_CIPHERTEXT_SIZE (Rust_primitives.unsize c1 <: t_Slice u8)
+ in
+@@ -413,28 +457,25 @@
+ <:
+ t_Slice u8)
+ in
++ lemma_slice_append ciphertext c1 c2;
+ ciphertext
++#pop-options
+
+-let serialize_secret_key
++let serialize_secret_key (#p:Spec.Kyber.params)
+ (v_K v_OUT_LEN: usize)
+- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- =
++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+ let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
++ let orig_out = out in
++ let acc_t = t_Array u8 v_OUT_LEN in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
+ let out:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Iter.Traits.Collect.f_into_iter key
+- <:
+- Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv
++ key
+ out
+ (fun out temp_1_ ->
+ let out:t_Array u8 v_OUT_LEN = out in
+- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in
++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+ Core.Ops.Range.f_start
+@@ -473,13 +514,14 @@
+ <:
+ t_Array u8 v_OUT_LEN)
+ in
++ admit(); //P-F
+ out
+
+-let serialize_public_key
++
++let serialize_public_key (#p:Spec.Kyber.params)
+ (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- (seed_for_a: t_Slice u8)
+- =
++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (seed_for_a: t_Slice u8) =
+ let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+ Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE
+ in
+@@ -496,7 +538,7 @@
+ Core.Ops.Range.t_Range usize ]
+ <:
+ t_Slice u8)
+- (Rust_primitives.unsize (serialize_secret_key v_K
++ (Rust_primitives.unsize (serialize_secret_key #p v_K
+ v_RANKED_BYTES_PER_RING_ELEMENT
+ tt_as_ntt
+ <:
+@@ -522,42 +564,49 @@
+ <:
+ t_Slice u8)
+ in
++ lemma_slice_append public_key_serialized
++ (Spec.Kyber.vector_encode_12 (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt))
++ seed_for_a;
+ public_key_serialized
+
+-let generate_keypair
++
++let generate_keypair #p
+ (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+- (key_generation_seed: t_Slice u8)
+- =
++ (key_generation_seed: t_Slice u8) =
+ let hashed:t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in
+ let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32)
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+- Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K
+ (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34))
+ true
+ in
+ let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
+ into_padded_array (sz 33) seed_for_secret_and_error
+ in
+- let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ v_K &
+ u8) =
+- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
+ in
+- let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) =
+- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator
++ let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) =
++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator
+ in
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Libcrux.Kem.Kyber.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Libcrux.Kem.Kyber.Matrix.compute_As_plus_e #p v_K v_A_transpose secret_as_ntt error_as_ntt
+ in
+ let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+- serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A
++ serialize_public_key #p v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A
+ in
+ let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
+- serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt
++ serialize_secret_key #p v_K v_PRIVATE_KEY_SIZE secret_as_ntt
+ in
++ let res =
+ secret_key_serialized, public_key_serialized
+ <:
+ (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
++ in
++ res
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti
+--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.806760770 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.843759685 +0100
+@@ -1,80 +1,152 @@
+ module Libcrux.Kem.Kyber.Ind_cpa
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+ open Core
+ open FStar.Mul
+
+-val into_padded_array (v_LEN: usize) (slice: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
++val into_padded_array (v_LEN: usize) (slice: t_Slice u8) :
++ Pure (t_Array u8 v_LEN)
++ (requires (length slice <=. v_LEN))
++ (ensures (fun res -> Seq.slice res 0 (Seq.length slice) == slice))
+
+-val sample_ring_element_cbd
++val sample_vector_cbd (#p:Spec.Kyber.params)
+ (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
+ (prf_input: t_Array u8 (sz 33))
+ (domain_separator: u8)
+- : Prims.Pure
+- (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires v domain_separator <= v v_K /\ v_K <=. sz 4 /\
++ v_K = p.v_RANK /\ v_ETA2 = p.v_ETA2 /\
++ v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p)
++ (ensures (fun (prf,ds,x) -> v ds == v domain_separator + v v_K /\
++ Seq.slice prf 0 32 == Seq.slice prf_input 0 32 /\
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x ==
++ Spec.Kyber.sample_vector_cbd #p (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+
+-val sample_vector_cbd_then_ntt
++
++val sample_vector_cbd_then_ntt (#p:Spec.Kyber.params)
+ (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+ (prf_input: t_Array u8 (sz 33))
+- (domain_separator: u8)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (domain_separator: u8{v domain_separator <= v v_K /\ v_K <=. sz 4})
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8)
++ (requires (v_K == p.v_RANK /\ v_ETA == p.v_ETA1 /\ v_ETA_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p))
++ (ensures (fun (x,ds) -> v ds == v domain_separator + v v_K /\
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x ==
++ Spec.Kyber.sample_vector_cbd_then_ntt #p (Seq.slice prf_input 0 32) (sz (v domain_separator))))
+
+-val compress_then_serialize_u
++val compress_then_serialize_u (#p:Spec.Kyber.params)
+ (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
+- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ : Pure (t_Array u8 v_OUT_LEN)
++ (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_C1_SIZE p /\
++ v_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
++ v_BLOCK_LEN = Spec.Kyber.v_C1_BLOCK_SIZE p))
++ (ensures (fun res ->
++ res == Spec.Kyber.compress_then_encode_u p
++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p input)))
+
+-val deserialize_then_decompress_u
+- (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
++val deserialize_then_decompress_u (#p:Spec.Kyber.params)
++ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize)
+ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val deserialize_public_key (v_K: usize) (public_key: t_Slice u8)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires v_K == p.v_RANK /\
++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
++ v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\
++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR)
++ (ensures fun res ->
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res ==
++ Spec.Kyber.(vector_ntt (decode_then_decompress_u p (Seq.slice ciphertext 0 (v (Spec.Kyber.v_C1_SIZE p))))))
++
++val deserialize_public_key (#p:Spec.Kyber.params)
++ (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8)
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires v_K == p.v_RANK /\
++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p)
++ (ensures fun res ->
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b res ==
++ Spec.Kyber.vector_decode_12 #p (slice public_key (sz 0) v_T_AS_NTT_ENCODED_SIZE))
++
++val deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8)
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires v_K == p.v_RANK /\
++ length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)
++ (ensures fun res ->
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res ==
++ Spec.Kyber.vector_decode_12 #p secret_key)
++
+
+-val decrypt
++val decrypt (#p:Spec.Kyber.params)
+ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+ usize)
+ (secret_key: t_Slice u8)
+ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 (sz 32))
++ (requires (v_K == p.v_RANK /\
++ length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
++ v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\
++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
++ v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR))
++ (ensures (fun res ->
++ res == Spec.Kyber.ind_cpa_decrypt p secret_key ciphertext))
++
+
+-val encrypt
++val encrypt (#p:Spec.Kyber.params)
+ (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+ (public_key: t_Slice u8)
+ (message: t_Array u8 (sz 32))
+- (randomness: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val serialize_secret_key
++ (randomness: t_Slice u8{length randomness <. sz 33})
++ : Pure (t_Array u8 v_CIPHERTEXT_SIZE)
++ (requires (v_K == p.v_RANK /\
++ v_ETA1 = p.v_ETA1 /\
++ v_ETA1_RANDOMNESS_SIZE = Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
++ v_ETA2 = p.v_ETA2 /\
++ v_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p /\
++ v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
++ v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR /\
++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ length randomness == Spec.Kyber.v_SHARED_SECRET_SIZE /\
++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
++ v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\
++ v_C1_LEN == Spec.Kyber.v_C1_SIZE p /\
++ v_C2_LEN == Spec.Kyber.v_C2_SIZE p))
++ (ensures (fun ct -> ct == Spec.Kyber.ind_cpa_encrypt p public_key message randomness))
++
++val serialize_secret_key (#p:Spec.Kyber.params)
+ (v_K v_OUT_LEN: usize)
+- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val serialize_public_key
++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ : Pure (t_Array u8 v_OUT_LEN)
++ (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p))
++ (ensures (fun res ->
++ res == Spec.Kyber.vector_encode_12 #p
++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p key)))
++
++val serialize_public_key (#p:Spec.Kyber.params)
+ (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ (seed_for_a: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
++ (requires (v_K == p.v_RANK /\
++ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\
++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ length seed_for_a == sz 32))
++ (ensures (fun res -> res == Seq.append (Spec.Kyber.vector_encode_12
++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt))
++ seed_for_a))
+
+-val generate_keypair
++val generate_keypair (#p:Spec.Kyber.params)
+ (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+ (key_generation_seed: t_Slice u8)
+- : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
++ (requires (v_K == p.v_RANK /\
++ v_ETA1 == p.v_ETA1 /\
++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
++ v_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
++ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\
++ length key_generation_seed == Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE))
++ (ensures (fun (sk,pk) -> (sk,pk) == Spec.Kyber.ind_cpa_generate_keypair p key_generation_seed))
++
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst
+--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.792761181 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.815760506 +0100
+@@ -3,37 +3,23 @@
+ open Core
+ open FStar.Mul
+
+-let decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568))
+- =
+- Libcrux.Kem.Kyber.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408)
++let decapsulate_1024_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) =
++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber1024_params
++ (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408)
+ (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext
+
+-let encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))
+- (randomness: t_Array u8 (sz 32))
+- =
+- Libcrux.Kem.Kyber.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11)
++let encapsulate_1024_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568))
++ (randomness: t_Array u8 (sz 32)) =
++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber1024_params
++ (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11)
+ (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness
+
+-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) =
+- if
+- Libcrux.Kem.Kyber.validate_public_key (sz 4)
+- (sz 1536)
+- (sz 1568)
+- public_key.Libcrux.Kem.Kyber.Types.f_value
+- then
+- Core.Option.Option_Some public_key
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))
+- else
+- Core.Option.Option_None
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))
+-
+-let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair (sz 4)
++let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) =
++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber1024_params
++ (sz 4)
+ (sz 1536)
+ (sz 3168)
+ (sz 1568)
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti
+--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-02-01 11:03:26.787761327 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-02-01 11:03:26.816760477 +0100
+@@ -63,32 +63,27 @@
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_
+
+ unfold
+-let t_MlKem1024Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568)
++let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)
+
+ unfold
+-let t_MlKem1024PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168)
++let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)
+
+ unfold
+-let t_MlKem1024PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)
++let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)
+
+-val decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568))
++val decapsulate_1024_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568))
+ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+-val encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))
++val encapsulate_1024_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568))
+ (randomness: t_Array u8 (sz 32))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) & t_Array u8 (sz 32))
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))
+- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val generate_key_pair (randomness: t_Array u8 (sz 64))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 3168) (sz 1568))
++val generate_key_pair_1024_ (randomness: t_Array u8 (sz 64))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 3168) (sz 1568))
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst
+--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.756762236 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.835759920 +0100
+@@ -3,37 +3,23 @@
+ open Core
+ open FStar.Mul
+
+-let decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768))
+- =
+- Libcrux.Kem.Kyber.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640)
++let decapsulate_512_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) =
++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber512_params
++ (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640)
+ (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext
+
+-let encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))
+- (randomness: t_Array u8 (sz 32))
+- =
+- Libcrux.Kem.Kyber.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4)
++let encapsulate_512_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800))
++ (randomness: t_Array u8 (sz 32)) =
++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber512_params
++ (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4)
+ (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness
+
+-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) =
+- if
+- Libcrux.Kem.Kyber.validate_public_key (sz 2)
+- (sz 768)
+- (sz 800)
+- public_key.Libcrux.Kem.Kyber.Types.f_value
+- then
+- Core.Option.Option_Some public_key
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))
+- else
+- Core.Option.Option_None
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))
+-
+-let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair (sz 2)
++let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) =
++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber512_params
++ (sz 2)
+ (sz 768)
+ (sz 1632)
+ (sz 800)
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti
+--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-02-01 11:03:26.794761122 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-02-01 11:03:26.812760594 +0100
+@@ -63,32 +63,27 @@
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_
+
+ unfold
+-let t_MlKem512Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768)
++let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)
+
+ unfold
+-let t_MlKem512PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632)
++let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)
+
+ unfold
+-let t_MlKem512PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)
++let t_Kyber512PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)
+
+-val decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768))
++val decapsulate_512_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768))
+ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+-val encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))
++val encapsulate_512_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800))
+ (randomness: t_Array u8 (sz 32))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) & t_Array u8 (sz 32))
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))
+- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val generate_key_pair (randomness: t_Array u8 (sz 64))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 1632) (sz 800))
++val generate_key_pair_512_ (randomness: t_Array u8 (sz 64))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 1632) (sz 800))
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst
+--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.760762119 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.833759978 +0100
+@@ -3,37 +3,24 @@
+ open Core
+ open FStar.Mul
+
+-let decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088))
+- =
+- Libcrux.Kem.Kyber.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960)
++
++let decapsulate_768_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) =
++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber768_params
++ (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960)
+ (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext
+
+-let encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))
+- (randomness: t_Array u8 (sz 32))
+- =
+- Libcrux.Kem.Kyber.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10)
++let encapsulate_768_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184))
++ (randomness: t_Array u8 (sz 32)) =
++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber768_params
++ (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10)
+ (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness
+
+-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) =
+- if
+- Libcrux.Kem.Kyber.validate_public_key (sz 3)
+- (sz 1152)
+- (sz 1184)
+- public_key.Libcrux.Kem.Kyber.Types.f_value
+- then
+- Core.Option.Option_Some public_key
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))
+- else
+- Core.Option.Option_None
+- <:
+- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))
+-
+-let generate_key_pair (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair (sz 3)
++let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) =
++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber768_params
++ (sz 3)
+ (sz 1152)
+ (sz 2400)
+ (sz 1184)
+diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti
+--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.784761415 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.822760301 +0100
+@@ -63,32 +63,30 @@
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_
+
+ unfold
+-let t_MlKem768Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088)
++let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)
+
+ unfold
+-let t_MlKem768PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400)
++let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)
+
+ unfold
+-let t_MlKem768PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)
++let t_Kyber768PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)
+
+-val decapsulate
+- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088))
+- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
++val decapsulate_768_
++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400))
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088))
++ : Pure (t_Array u8 (sz 32))
++ (requires True)
++ (ensures (fun res -> res == Spec.Kyber.kyber768_decapsulate secret_key.f_value ciphertext.f_value))
+
+-val encapsulate
+- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))
++val encapsulate_768_
++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184))
+ (randomness: t_Array u8 (sz 32))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))
+- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val generate_key_pair (randomness: t_Array u8 (sz 64))
+- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 2400) (sz 1184))
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32))
++ (requires True)
++ (ensures (fun (ct,ss)-> (ct.f_value,ss) == Spec.Kyber.kyber768_encapsulate public_key.f_value randomness))
++
++val generate_key_pair_768_ (randomness: t_Array u8 (sz 64))
++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184))
++ (requires (True))
++ (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness))
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst
+--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.770761826 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.858759245 +0100
+@@ -3,192 +3,188 @@
+ open Core
+ open FStar.Mul
+
+-let compute_As_plus_e
+- (v_K: usize)
+- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
+- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- =
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A
+- <:
+- t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Slice.Iter.t_Iter
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
++open Libcrux.Kem.Kyber.Arithmetic
++
++let op_Array_Access (x:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) (i:usize{v i < 256}): i32 =
++ x.f_coefficients.[i]
++
++
++#push-options "--ifuel 0 --z3rlimit 700"
++let compute_As_plus_e v_K matrix_A s_as_ntt error_as_ntt =
++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
++ let result:t_Array wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat wfZero v_K
++ in
++ [@ inline_let]
++ let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) ->
++ (v i <= v v_K) /\
++ (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero)
++ in
++ assert (inv0 result (sz 0));
++ let result:t_Array wfPolynomialRingElement v_K =
++ Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #(t_Array wfPolynomialRingElement v_K) #inv0
++ matrix_A
+ result
+ (fun result temp_1_ ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in
+- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
++ let orig_result = result in
++ let orig_result_cast = (cast_vector_b #v_K #3328 #(v v_K * 3328) orig_result) in
++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+ temp_1_
+ in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter (Rust_primitives.unsize row
+- <:
+- t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- <:
+- Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
+- result
++ [@ inline_let]
++ let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) ->
++ (v inner <= v v_K) /\
++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) (v inner * 3328))
++ in
++ assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0);
++ assert(inv1 orig_result_cast (sz 0));
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv1
++ row
++ orig_result_cast
+ (fun result temp_1_ ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- result
+- in
+ let j, matrix_element:(usize &
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
+ temp_1_
+ in
+- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let resulti = down_cast_poly_b #(v v_K * 3328) #(v j * 3328) result.[i] in
++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply matrix_element
+- (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) =
++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K
++ resulti
++ product) in
++ let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(v v_K * 3328) product_sum in
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K
+- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- product
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ product_sum
+ in
+ result)
+ in
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+- Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end
+- =
+- Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
++ let result1 = result in
++ [@ inline_let]
++ let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) ->
++ (v inner <= 256) /\
++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)).f_coefficients.[j] 3328))
++ // And all indexes above v inner are unchanged from result1
++ in
++ assert (inv2 result1 (sz 0));
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
++ Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv2 {
++ Core.Ops.Range.f_start = sz 0;
++ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ }
+ result
+- (fun result j ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- result
+- in
++ (fun result j ->
++ let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = result in
+ let j:usize = j in
+- let coefficient_normal_form:i32 =
+- Libcrux.Kem.Kyber.Arithmetic.to_standard_domain ((result.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
+- <:
+- i32)
++ let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) in
++ let coefficient_normal_form: i32_b ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) =
++ Libcrux.Kem.Kyber.Arithmetic.to_standard_domain #(v v_K * 3328) (resulti
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ])
+ in
++ assert ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665 <= 1940);
++ let coefficient_normal_form: i32_b 1940 = cast_i32_b #((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) #1940 coefficient_normal_form in
++ let x1: i32_b 3328 = (error_as_ntt.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] in
++ let x2: i32_b 5268 = add_i32_b coefficient_normal_form x1 in
++ assert (5268 <= v v_BARRETT_R /\ v v_BARRETT_R < pow2 31);
++ let x3: i32_b (v v_BARRETT_R) = cast_i32_b #5268 #(v v_BARRETT_R) x2 in
++ let resultij: i32_b 3328 = Libcrux.Kem.Kyber.Arithmetic.barrett_reduce x3 in
++ let resultij: i32_b (v v_K * 3328) = cast_i32_b #3328 #(v v_K * 3328) resultij in
++ let resulti_coeffs =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize
++ (resulti.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ j resultij in
++ let result =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+ ({
+- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with
++ resulti with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- j
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +!
+- ((error_as_ntt.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- t_Array i32 (sz 256)
++ = resulti_coeffs
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)))
+- in
+- result
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K*3328)) in
++ assert ((result.[i]).f_coefficients.[j] == resultij);
++ assert(inv2 result (j +! sz 1));
++ let result: x:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K{inv2 x (j +! mk_int 1)} = result in
++ result) in
++ assert (v i + 1 < v v_K ==> result.[i +! sz 1] == orig_result_cast.[i +! sz 1]);
++ let result: t_Array wfPolynomialRingElement v_K =
++ down_cast_vector_b #v_K #(v v_K * 3328) #3328 result in
++ assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]);
++ assume (inv0 result (i +! sz 1));
++ result)
++ in
++ admit(); //P-F
++ result
++#pop-options
+
+-let compute_message
+- (v_K: usize)
+- (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- =
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++#push-options "--ifuel 0 --z3rlimit 100"
++let compute_message #p v_K m_v secret_as_ntt u_as_ntt =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ in
++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) ->
++ (v i <= v v_K) /\
++ (poly_range #(v v_K * 3328) acc (v i * 3328))
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
++ Rust_primitives.Iterators.foldi_range #_ #acc_t #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- result
++ result
+ (fun result i ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+ let i:usize = i in
+- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let result:t_PolynomialRingElement_b (v i * 3328) =
++ down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in
++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply (secret_as_ntt.[ i ]
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i+1) * 3328) =
+ Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product
+ in
++ let result = cast_poly_b #((v i + 1) * 3328) #(v v_K * 3328) result in
++ assert(inv result (i +! sz 1));
+ result)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
++ let acc_t = t_PolynomialRingElement_b (64*v v_K*3328) in
++ let result:acc_t = Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) ->
++ (v i <= 256) /\
++ (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K*3328) =
++ Rust_primitives.Iterators.foldi_range #_ #_ #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- result
++ result
+ (fun result i ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+ let i:usize = i in
+- let coefficient_normal_form:i32 =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32) *!
+- 1441l
+- <:
+- i32)
+- in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- {
+- result with
+- Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((v
++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
++ result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
++ let resulti : i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((m_v
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+ <:
+ i32) -!
+@@ -196,81 +192,77 @@
+ <:
+ i32)
+ <:
+- i32)
++ i32) in
++ let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in
++ let result =
++ {
++ result with
++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ i resulti
+ }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
++ assert (inv result (i +! sz 1));
+ result)
+ in
++ admit(); //P-F
+ result
++#pop-options
+
+-let compute_ring_element_v
+- (v_K: usize)
+- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+- in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++#push-options "--ifuel 0 --z3rlimit 100"
++let compute_ring_element_v v_K tt_as_ntt r_as_ntt error_2_ message =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ in
++ [@ inline_let]
++ let inv = fun (acc:t_PolynomialRingElement_b (v v_K * 3328)) (i:usize) ->
++ (v i <= 256) /\
++ (poly_range acc (v i * 3328)) in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
++ Rust_primitives.Iterators.foldi_range #_ #_ #inv ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+ <:
+ Core.Ops.Range.t_Range usize)
+ result
+ (fun result i ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- let i:usize = i in
+- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply (tt_as_ntt.[ i ]
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let result:t_PolynomialRingElement_b (v i * 3328) =
++ down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i + 1) * 3328) =
+ Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product
+ in
+- result)
++ cast_poly_b result)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) =
+ Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ [@ inline_let]
++ let inv = fun (acc:t_PolynomialRingElement_b (64 * v v_K * 3328)) (i:usize) ->
++ (v i <= 256) /\
++ (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) =
++ Rust_primitives.Iterators.foldi_range #_ #_ #inv {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- result
++ result
+ (fun result i ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- let i:usize = i in
+- let coefficient_normal_form:i32 =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32) *!
+- 1441l
+- <:
+- i32)
+- in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- {
+- result with
+- Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +!
++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
++ result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
++ let resulti : i32_b 3328 =
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +!
+ (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32)
+ <:
+ i32) +!
+@@ -278,157 +270,151 @@
+ <:
+ i32)
+ <:
+- i32)
++ i32) in
++ let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in
++ let result =
++ {
++ result with
++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ i resulti
+ }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ result)
+ in
++ admit(); //P-F
+ result
++#pop-options
+
++#push-options "--ifuel 0 --z3rlimit 300"
+ let compute_vector_u
+ (v_K: usize)
+- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
+- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- =
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
+- in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt
+- <:
+- t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Slice.Iter.t_Iter
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat wfZero v_K
++ in
++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
++ [@ inline_let]
++ let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) ->
++ (v i <= v v_K) /\
++ (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero)
++ in
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #acc_t #inv0
++ a_as_ntt
+ result
+ (fun result temp_1_ ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in
+- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = result in
++ let orig_result = result in
++ let orig_result_cast = (cast_vector_b #v_K #3328 #(64 * v v_K * 3328) orig_result) in
++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+ temp_1_
+ in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter (Rust_primitives.unsize row
+- <:
+- t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- <:
+- Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate
+- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
+- result
++ [@ inline_let]
++ let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) (inner:usize) ->
++ (v inner <= v v_K) /\
++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) (v inner * 3328))
++ in
++ assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0);
++ assert(inv1 orig_result_cast (sz 0));
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K =
++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) #inv1
++ row
++ orig_result_cast
+ (fun result temp_1_ ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- result
+- in
+- let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
+ temp_1_
+ in
+- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let resulti = down_cast_poly_b #(64 * v v_K * 3328) #(v j * 3328) result.[i] in
++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply a_element
+- (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) =
++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K
++ resulti
++ product) in
++ let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(64 * v v_K * 3328) product_sum in
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K
+- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- product
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ product_sum
+ in
+ result)
+ in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
++ assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
++ let resulti : t_PolynomialRingElement_b (v v_K * 3328) = down_cast_poly_b result.[i] in
++ let result =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K
+- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- in
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+- Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end
+- =
+- Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
++ (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K resulti)
++ in
++ [@ inline_let]
++ let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) (inner:usize) ->
++ (v inner <= 256) /\
++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
++ (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] 3328))
++ // And all indexes above v inner are unchanged from result1
++ in
++ assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
++ assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
++ assert (inv2 result (sz 0));
++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K =
++ Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) #inv2 {
++ Core.Ops.Range.f_start = sz 0;
++ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ }
+ result
+ (fun result j ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+- result
+- in
+- let j:usize = j in
+- let coefficient_normal_form:i32 =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (((result.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
+- <:
+- i32) *!
+- 1441l
+- <:
+- i32)
+- in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = result in
++ let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) in
++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
++ (resulti <: t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
++ let resultij: i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce
++ (add_i32_b coefficient_normal_form ((error_1_.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]))) in
++ let result =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+ ({
+- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with
++ resulti with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (resulti
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+ j
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +!
+- ((error_1_.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- t_Array i32 (sz 256)
+- }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- in
+- result))
++ (cast_i32_b #3328 #(64 * v v_K * 3328) resultij)
++ }) in
++ result)
++ in
++ let result: t_Array wfPolynomialRingElement v_K =
++ down_cast_vector_b #v_K #(64 * v v_K * 3328) #3328 result in
++ assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]);
++ assume (inv0 result (i +! sz 1));
++ result)
+ in
++ admit(); //P-F
+ result
++#pop-options
+
+ let sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) =
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+- Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+- v_K
+- <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- v_K
++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat wfZero v_K) v_K
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+@@ -440,7 +426,7 @@
+ v_A_transpose
+ (fun v_A_transpose i ->
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+ v_A_transpose
+ in
+ let i:usize = i in
+@@ -496,11 +482,11 @@
+ v_A_transpose
+ (fun v_A_transpose j ->
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+ v_A_transpose
+ in
+ let j:usize = j in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ]
+ <:
+ t_Array u8 (sz 840))
+@@ -508,33 +494,34 @@
+ if transpose
+ then
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+ j
+ (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j
+ ]
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ i
+ sampled
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ in
+ v_A_transpose
+ else
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+ i
+ (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i
+ ]
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ j
+ sampled
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+ in
+ v_A_transpose))
+ in
++ admit(); //P-F
+ v_A_transpose
+diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti
+--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.777761621 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.842759714 +0100
+@@ -3,39 +3,71 @@
+ open Core
+ open FStar.Mul
+
+-val compute_As_plus_e
++
++val compute_As_plus_e (#p:Spec.Kyber.params)
+ (v_K: usize)
+- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
+- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires (v_K == p.v_RANK))
++ (ensures fun res ->
++ let open Libcrux.Kem.Kyber.Arithmetic in
++ v_K == p.v_RANK /\
++ to_spec_vector_b #p res =
++ Spec.Kyber.compute_As_plus_e #p
++ (to_spec_matrix_b #p matrix_A)
++ (to_spec_vector_b #p s_as_ntt)
++ (to_spec_vector_b #p error_as_ntt))
++
+
+-val compute_message
++val compute_message (#p:Spec.Kyber.params)
+ (v_K: usize)
+- (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (poly_v: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires (v_K == p.v_RANK))
++ (ensures (fun res ->
++ let secret_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p secret_as_ntt in
++ let u_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p u_as_ntt in
++ let v_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b poly_v in
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res ==
++ Spec.Kyber.(poly_sub v_spec (poly_inv_ntt #p (vector_dot_product secret_spec u_spec)))))
+
+-val compute_ring_element_v
++// TODO: error_2_ changed from `t_PolynomialRingElement_b 3` to `t_PolynomialRingElement_b 7`
++val compute_ring_element_v (#p:Spec.Kyber.params)
+ (v_K: usize)
+- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (error_2_: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7)
++ (message: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires (v_K == p.v_RANK))
++ (ensures fun res ->
++ let tt_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt in
++ let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in
++ let e2_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b error_2_ in
++ let m_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b message in
++ let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res in
++ res_spec == Spec.Kyber.(poly_add (poly_add (vector_dot_product tt_spec r_spec) e2_spec) m_spec))
+
+-val compute_vector_u
++val compute_vector_u (#p:Spec.Kyber.params)
+ (v_K: usize)
+- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
+- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool)
+- : Prims.Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (requires (v_K == p.v_RANK))
++ (ensures fun res ->
++ let a_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p a_as_ntt in
++ let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in
++ let e_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p error_1_ in
++ let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res in
++ res_spec == Spec.Kyber.(vector_add (vector_inv_ntt (matrix_vector_mul a_spec r_spec)) e_spec))
++
++
++
++val sample_matrix_A (#p:Spec.Kyber.params) (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool)
++ : Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
++ (requires (v_K == p.v_RANK))
++ (ensures fun res ->
++ let matrix_A = Spec.Kyber.sample_matrix_A #p (Seq.slice seed 0 32) in
++ if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A
++ else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A)
+diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst
+--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.779761562 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.827760154 +0100
+@@ -1,56 +1,130 @@
+ module Libcrux.Kem.Kyber.Ntt
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+ open Core
+ open FStar.Mul
+
+-let ntt_multiply_binomials (a0, a1: (i32 & i32)) (b0, b1: (i32 & i32)) (zeta: i32) =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b0 <: i32) +!
+- ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b1 <: i32) <: i32) *! zeta <: i32)
+- <:
+- i32),
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b1 <: i32) +! (a1 *! b0 <: i32) <: i32)
+- <:
+- (i32 & i32)
+-
+-let invert_ntt_at_layer
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- =
++
++let v_ZETAS_TIMES_MONTGOMERY_R =
++ let list : list (i32_b 1664) =
++ [
++ (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l;
++ 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l);
++ (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l;
++ (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l;
++ 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l;
++ (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l;
++ 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l;
++ (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l);
++ (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l;
++ (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l);
++ (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l
++ ]
++ in
++ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128);
++ FStar.Pervasives.assert_norm (List.Tot.index list 1 == -758l);
++ Seq.of_list list
++
++open Libcrux.Kem.Kyber.Arithmetic
++
++#push-options "--z3rlimit 50"
++let ntt_multiply_binomials (a0,a1) (b0,b1) zeta =
++ let r0 = montgomery_reduce (mul_i32_b a1 b1) in
++ let res =
++ montgomery_reduce (add_i32_b (mul_i32_b a0 b0) (mul_i32_b r0 zeta)),
++ montgomery_reduce (add_i32_b (mul_i32_b a0 b1) (mul_i32_b a1 b0)) in
++ res
++#pop-options
++
++val mul_zeta_red (#v_K:usize{v v_K >= 1 /\ v v_K <= 4})
++ (#b:nat{b <= v v_K * 3328 * 64})
++ (zeta_i:usize{v zeta_i > 0 /\ v zeta_i <= 128} )
++ (layer:usize{v layer > 0 /\
++ v layer <= 7 /\
++ v zeta_i == pow2 (8 - v layer) /\
++ b == v v_K * 3328 * pow2(v layer - 1)})
++ (x:i32_b (2*b))
++ (i:usize{v i < 128 / pow2 (v layer)}) :
++ i32_b (2*b)
++let mul_zeta_red #v_K #b zeta_i layer x i =
++ let zeta_i = zeta_i -! sz 1 -! i in
++ let zeta:i32_b 1664 = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in
++ if layer <=. sz 6 then (
++ assert (b <= 4 * 3328 * 32);
++ assert (2*b*1664 < pow2 31);
++ let product:i32_b (2 * b * 1664) = mul_i32_b x zeta in
++ let res = montgomery_reduce product in
++ res
++ ) else (
++ assert (v i < 1);
++ assert (zeta_i = sz 1);
++ assert (zeta = -758l);
++ let zeta:i32_b 758 = zeta in
++ let product:i32_b (2 * b * 758) = mul_i32_b x zeta in
++ let res = montgomery_reduce product in
++ res
++ )
++
++
++val lemma_zeta_decr: orig:usize -> fin:usize -> layer:usize{v layer <= 7} ->
++ Lemma (v fin == v orig - 128/(pow2 (v layer)) /\
++ v orig == pow2 (8 - v layer) ==>
++ v fin == pow2 (7 - v layer))
++let lemma_zeta_decr orig fin layer = ()
++
++#push-options "--ifuel 0 --z3rlimit 1200"
++let invert_ntt_at_layer #v_K #b zeta_i re layer =
+ let step:usize = sz 1 < 0);
++ assert (v step == pow2 (v layer));
++ let orig_re = re in
++ let orig_zeta_i = zeta_i in
++ [@ inline_let]
++ let inv = fun (acc:t_PolynomialRingElement_b (2*b) & usize) (i:usize) ->
++ let (re,zeta_i) = acc in
++ v zeta_i == v orig_zeta_i - v i /\
++ (forall k. (v k >= 2 * v i * v step (* + 2 * v step *)) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k])
++ in
++ let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) =
++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (2*b) & usize) #inv {
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = sz 128 >>! layer <: usize
++ Core.Ops.Range.f_end = sz 128 /! step
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ (cast_poly_b #b #(2*b) re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize))
+ (fun temp_0_ round ->
+- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in
++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = temp_0_ in
+ let round:usize = round in
++ let orig_re_round = re in
+ let zeta_i:usize = zeta_i -! sz 1 in
+- let offset:usize = (round *! step <: usize) *! sz 2 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ assert(v round * v step < 128);
++ assert(v round * v step + v step <= 128);
++ assert(v round * v step * 2 <= 254);
++ assert(v round * v step * 2 + 2 * v step <= 256);
++ let offset:usize = (round *! step) *! sz 2 in
++ assert (v offset + 2 * v step <= 256);
++ assert (v offset + v step <= 256);
++ assert (forall k. v k >= v offset ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
++ [@ inline_let]
++ let inv = fun (acc:t_PolynomialRingElement_b (2 * b)) (i:usize) ->
++ (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\
++ (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k])
++ in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) =
++ Rust_primitives.Iterators.foldi_range #_ #_ #inv {
+ Core.Ops.Range.f_start = offset;
+ Core.Ops.Range.f_end = offset +! step <: usize
+- }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
++ }
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = re in
++ assert (re.f_coefficients.[j] == orig_re_round.f_coefficients.[j]);
++ assert (re.f_coefficients.[j +! step] == orig_re_round.f_coefficients.[j +! step]);
++ assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]);
++ assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]);
++ let re_j:i32_b b = orig_re.f_coefficients.[j] in
++ let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in
+ let j:usize = j in
+- let a_minus_b:i32 =
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] <: i32) -!
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32)
+- in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let a_minus_b:i32_b (2*b) = sub_i32_b re_j_step re_j in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -58,17 +132,13 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +!
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ]
+- <:
+- i32)
+- <:
+- i32)
++ (add_i32_b re_j re_j_step)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let red = mul_zeta_red #v_K #b orig_zeta_i layer a_minus_b round in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -76,74 +146,69 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! step <: usize)
+- (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *!
+- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32)
+- <:
+- i32)
+- <:
+- i32)
++ red
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)
+ in
+ re)
+ in
+- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ re, zeta_i <: t_PolynomialRingElement_b (2*b) & usize)
+ in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = re in
++ lemma_zeta_decr orig_zeta_i zeta_i layer;
++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b))
++#pop-options
+
+-let invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++#push-options "--z3rlimit 500"
++let invert_ntt_montgomery v_K re =
+ let _:Prims.unit = () <: Prims.unit in
++ let b = v v_K * 3328 in
++ assert (v v_K <= 4);
++ assert (b <= 4 * 3328);
+ let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 1)
++ assert (v zeta_i == pow2 (8 - 1));
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) =
++ invert_ntt_at_layer #v_K #b zeta_i re (sz 1)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist1:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist1 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 2)
++ let hoist1 = out in
++ let re = hoist1 in
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (4*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 2)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist2:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist2 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 3)
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 3)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist3:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist3 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 4)
++ assert (8*b = v v_K * 3328 * pow2 (4 - 1));
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (16*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 4)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist4:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist4 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 5)
++ assert (16*b == v v_K * 3328 * pow2 (5 - 1));
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (32*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 5)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist5:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist5 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 6)
++ assert (32*b = v v_K * 3328 * pow2 (6 - 1));
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 6)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist6:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist6 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- invert_ntt_at_layer zeta_i re (sz 7)
++ assert (64*b = v v_K * 3328 * pow2 (7 - 1));
++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b)) =
++ invert_ntt_at_layer #v_K zeta_i re (sz 7)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist7:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist7 in
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ admit();
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b) =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = sz 2
++ Core.Ops.Range.f_end = sz 8
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+@@ -151,7 +216,7 @@
+ Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b) = re in
+ let i:usize = i in
+ {
+ re with
+@@ -170,52 +235,84 @@
+ t_Array i32 (sz 256)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b))
+ in
+- re
++ re
++#pop-options
+
+-let ntt_at_layer
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer v__initial_coefficient_bound: usize)
+- =
+- let step:usize = sz 1 <= 0 /\ v zeta_i <= 63} )
++ (layer:usize{v layer > 0 /\
++ v layer <= 7 /\
++ v zeta_i == pow2 (7 - v layer) - 1})
++ (x:i32_b b)
++ (i:usize{v i < 128/(pow2 (v layer))})
++ : i32_b 3328
++let mul_zeta_red2 #b zeta_i layer x i =
++ let zeta_i = zeta_i +! sz 1 +! i in
++ let zeta = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in
++ assert (b * 1664 < 65536 * 3328);
++ let red = Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer #(3328+b) #1664 x
++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) in
++ red
++#pop-options
++
++#push-options "--ifuel 0 --z3rlimit 5000"
++let ntt_at_layer #b zeta_i re layer initial_coefficient_bound =
++ let step = sz 1 <
++ let (re,zeta_i) = acc in
++ v zeta_i == v orig_zeta_i + v i /\
++ (forall k. v k >= 2 * v i * v step ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k])
++ in
++ let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) =
++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (3328+b) & usize) #inv {
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = sz 128 >>! layer <: usize
++ Core.Ops.Range.f_end = loop_end
+ }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ (cast_poly_b #b #(3328+b) re, zeta_i)
+ (fun temp_0_ round ->
+- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in
++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = temp_0_ in
+ let round:usize = round in
+ let zeta_i:usize = zeta_i +! sz 1 in
+- let offset:usize = (round *! step <: usize) *! sz 2 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ assert(v round * v step < 128);
++ assert(v round * v step + v step <= 128);
++ assert(v round * v step * 2 <= 254);
++ assert(v round * v step * 2 + 2 * v step <= 256);
++ let offset:usize = (round *! step) *! sz 2 in
++ assert (v offset + 2 * v step <= 256);
++ assert (v offset + v step <= 256);
++ [@ inline_let]
++ let inv: t_PolynomialRingElement_b (3328+b) -> int_t usize_inttype -> Type0 =
++ fun (acc:t_PolynomialRingElement_b (3328+b)) (i:usize) ->
++ (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\
++ (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k])
++ in
++ assert (forall k. (v k >= v offset /\ v k < v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
++ assert (forall k. (v k >= v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
++ assert (inv re offset);
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+ b) =
++ Rust_primitives.Iterators.foldi_range #usize_inttype #(t_PolynomialRingElement_b (3328+b)) #inv {
+ Core.Ops.Range.f_start = offset;
+ Core.Ops.Range.f_end = offset +! step <: usize
+- }
+- <:
+- Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
++ }
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in
+ let j:usize = j in
+- let t:i32 =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_fe_by_fer (re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ]
+- <:
+- i32)
+- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32)
+- in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]);
++ assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]);
++ let re_j:i32_b b = orig_re.f_coefficients.[j] in
++ let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in
++ let t:i32_b 3328 = mul_zeta_red2 #b orig_zeta_i layer
++ re_j_step round in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -223,12 +320,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! step <: usize)
+- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32)
++ (sub_i32_b #b #3328 re_j_step t)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -236,64 +333,70 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32)
++ (add_i32_b #b #3328 re_j t)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)
+ in
+ re)
+ in
+- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize))
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in
++ assert (v zeta_i = v orig_zeta_i + 128/v step);
++ assert (v zeta_i = v orig_zeta_i + pow2(7 - v layer));
++ assert (v zeta_i = pow2(8 - v layer) - 1);
++ zeta_i, hax_temp_output
++#pop-options
+
+-let ntt_at_layer_3_
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- =
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+- ntt_at_layer zeta_i re layer (sz 3)
++let ntt_at_layer_3_ #b zeta_i re layer =
++ let tmp0, out =
++ ntt_at_layer zeta_i re layer (sz 7879)
+ in
+ let zeta_i:usize = tmp0 in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+-
+-let ntt_at_layer_3328_
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- =
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let hax_temp_output = out in
++ zeta_i, hax_temp_output
++
++let ntt_at_layer_3328_ zeta_i re layer =
++ let tmp0, out =
+ ntt_at_layer zeta_i re layer (sz 3328)
+ in
+ let zeta_i:usize = tmp0 in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ let hax_temp_output = out in
++ zeta_i, hax_temp_output
+
+-let ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++#push-options "--ifuel 0 --z3rlimit 1500"
++#restart-solver
++let ntt_binomially_sampled_ring_element re =
+ let _:Prims.unit = () <: Prims.unit in
+ let zeta_i:usize = sz 1 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ [@ inline_let]
++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207)) (i:usize) ->
++ (v i <= 128) /\
++ (forall (j:usize). (v j >= v i /\ v j < 128) ==>
++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) /\
++ (forall (j:usize). (v j >= v i + 128 /\ v j < 256) ==>
++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7)
++ in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in
++ assert (inv re (sz 0));
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 =
++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207) #inv ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = sz 128
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+- re
++ (cast_poly_b re)
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in
+ let j:usize = j in
+- let t:i32 =
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ] <: i32) *!
+- (-1600l)
++ let t:i32_b (7*1600) =
++ mul_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ])
++ (-1600l <: i32_b 1600)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -301,12 +404,10 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! sz 128 <: usize)
+- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32)
++ (sub_i32_b #7 #11200 (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32_b 7) t)
+ }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -314,90 +415,76 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32)
++ (add_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) t)
+ }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ assert (v zeta_i = pow2 (7 - 6) - 1);
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 6)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist8:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist8 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 5)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist9:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist9 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 4)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist10:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist10 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 3)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist11:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist11 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 2)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist12:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist12 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3_ zeta_i re (sz 1)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist13:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist13 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in
++ [@ inline_let]
++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207))) (i:usize) ->
++ (v i <= 256) /\
++ (forall (j:usize). (v j < v i) ==>
++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)).f_coefficients.[j] 3328)
++ in
++ assert (inv re (sz 0));
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) =
++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)) #inv ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in
++ let rei:i32_b (v v_BARRETT_R) = cast_i32_b #(6*3328+11207) #(v v_BARRETT_R) (re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]) in
++ let rei: i32_b (6*3328+11207) = cast_i32_b #3328 #(6*3328+11207) (
++ Libcrux.Kem.Kyber.Arithmetic.barrett_reduce rei) in
+ let i:usize = i in
++ let re_coeffs:t_Array (i32_b (6*3328+11207)) (sz 256) =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ i rei in
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- t_Array i32 (sz 256)
+- }
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ = re_coeffs
++ })
+ in
+- re
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = down_cast_poly_b #(6*3328+11207) #3328 re in
++ re
++#pop-options
++
+
+-let ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++#push-options "--z3rlimit 100"
++let ntt_multiply lhs rhs =
+ let _:Prims.unit = () <: Prims.unit in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 1 =
+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end
+@@ -408,34 +495,31 @@
+ Core.Ops.Range.t_Range usize)
+ <:
+ Core.Ops.Range.t_Range usize)
+- out
++ (cast_poly_b out)
+ (fun out i ->
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = out in
+ let i:usize = i in
+- let product:(i32 & i32) =
++ assert (v i * 4 + 4 <= 256);
++ let product =
+ ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i
+ <:
+ usize ]
+ <:
+- i32),
++ i32_b 3328),
+ (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1
+ <:
+ usize ]
+ <:
+- i32)
+- <:
+- (i32 & i32))
+- ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32),
++ i32_b 3328))
++ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32_b 3328),
+ (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1
+ <:
+ usize ]
+ <:
+- i32)
+- <:
+- (i32 & i32))
+- (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32)
++ i32_b 3328))
++ (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32_b 1664)
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -446,9 +530,9 @@
+ product._1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -459,41 +543,29 @@
+ product._2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
+ in
+- let product:(i32 & i32) =
++ let product =
+ ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i
+ <:
+ usize) +!
+ sz 2
+ <:
+- usize ]
+- <:
+- i32),
++ usize ]),
+ (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3
+ <:
+- usize ]
+- <:
+- i32)
+- <:
+- (i32 & i32))
++ usize ]))
++
+ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 2
+ <:
+- usize ]
+- <:
+- i32),
++ usize ]),
+ (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3
+ <:
+- usize ]
+- <:
+- i32)
+- <:
+- (i32 & i32))
+- (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32)
+- <:
+- i32)
++ usize ]))
++ (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ]) <: i32_b 1664)
++
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -504,9 +576,9 @@
+ product._1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -517,72 +589,55 @@
+ product._2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
+ in
+ out)
+ in
+ out
++#pop-options
+
+-let ntt_vector_u
+- (v_VECTOR_U_COMPRESSION_FACTOR: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++#push-options "--ifuel 0 --z3rlimit 200"
++let ntt_vector_u v_VECTOR_U_COMPRESSION_FACTOR re =
+ let _:Prims.unit = () <: Prims.unit in
+ let zeta_i:usize = sz 0 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 7)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist14:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist14 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 6)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist15:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist15 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 5)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist16:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist16 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 4)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist17:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist17 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 3)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist18:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist18 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 2)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist19:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist19 in
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ let zeta_i, re =
+ ntt_at_layer_3328_ zeta_i re (sz 1)
+ in
+- let zeta_i:usize = tmp0 in
+- let hoist20:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist20 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ [@ inline_let]
++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))) (i:usize) ->
++ (v i <= 256) /\
++ (forall (j:usize). (v j < v i) ==>
++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)).f_coefficients.[j] 3328)
++ in
++ assert (inv re (sz 0));
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) =
++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) #inv ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+- <:
+- Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = re in
+ let i:usize = i in
+ {
+ re with
+@@ -592,15 +647,10 @@
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ i
+ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32)
+- <:
+- i32)
+- <:
+- t_Array i32 (sz 256)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]))
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))
+ in
+- re
++ down_cast_poly_b #(8*3328) #3328 re
++#pop-options
+diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti
+--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.782761474 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.811760624 +0100
+@@ -2,223 +2,80 @@
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
++open Libcrux.Kem.Kyber.Arithmetic
+
+-let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 128) =
+- let list =
+- [
+- (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l;
+- 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l);
+- (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l;
+- (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l;
+- 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l;
+- (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l;
+- 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l;
+- (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l);
+- (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l;
+- (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l);
+- (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l
+- ]
+- in
+- FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128);
+- Rust_primitives.Hax.array_of_list list
+-
+-val ntt_multiply_binomials: (i32 & i32) -> (i32 & i32) -> zeta: i32
+- -> Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val invert_ntt_at_layer
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++val v_ZETAS_TIMES_MONTGOMERY_R: x:t_Array (i32_b 1664) (sz 128){v (x.[sz 1] <: i32) == -758}
+
+-val ntt_at_layer
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer v__initial_coefficient_bound: usize)
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++val ntt_multiply_binomials (a:wfFieldElement&wfFieldElement) (b: wfFieldElement&wfFieldElement) (zeta: i32_b 1664) :
++ Pure (wfFieldElement & wfFieldElement)
++ (requires True)
++ (ensures (fun _ -> True))
++
++val invert_ntt_at_layer (#v_K:usize{v v_K >= 1 /\ v v_K <= 4})
++ (#b:nat{b <= v v_K * 3328 * 64})
++ (zeta_i: usize{v zeta_i >= 1 /\ v zeta_i <= 128})
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
++ (layer: usize{v layer > 0 /\
++ v layer <= 7 /\
++ v zeta_i == pow2 (8 - v layer) /\
++ b == v v_K * 3328 * pow2(v layer - 1)})
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b))
+ Prims.l_True
+- (fun _ -> Prims.l_True)
++ (fun x -> let (zeta_fin,re) = x in v zeta_fin == pow2 (7 - v layer))
+
+-val ntt_at_layer_3_
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++val invert_ntt_montgomery (v_K: usize{v v_K >= 1 /\ v v_K <= 4})
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328))
++ : Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)
++
++val ntt_at_layer
++ (#b:nat{b <= 31175})
++ (zeta_i: usize{v zeta_i < 128})
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
++ (layer: usize{v layer > 0 /\
++ v layer <= 7 /\
++ v zeta_i == pow2 (7 - v layer) - 1})
++ (initial_coefficient_bound: usize{b == (7 - v layer) * 3328 + v initial_coefficient_bound})
++ : Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
++ (requires True)
++ (ensures fun (zeta_i, result) -> v zeta_i == pow2 (8 - v layer) - 1)
++
++val ntt_at_layer_3_ (#b:nat)
++ (zeta_i: usize{v zeta_i < 128})
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
++ (layer: usize{v layer > 0 /\
++ v layer <= 6 /\
++ v zeta_i == pow2 (7 - v layer) - 1 /\
++ b == (6 - v layer) * 3328 + 11207})
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
+ Prims.l_True
+- (fun _ -> Prims.l_True)
++ (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1)
+
+-val ntt_at_layer_3328_
+- (zeta_i: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- (layer: usize)
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++val ntt_at_layer_3328_ (#b:nat{b <= 7*3328})
++ (zeta_i: usize{v zeta_i < 128})
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
++ (layer: usize{v layer > 0 /\
++ v layer <= 7 /\
++ v zeta_i == pow2 (7 - v layer) - 1 /\
++ b == (7 - v layer) * 3328 + 3328})
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
+ Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- (requires
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- 3l
+- <:
+- bool)
+- <:
+- bool))
+- (ensures
+- fun result ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
+- i ]
+- <:
+- i32)
+- <:
+- i32) <.
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- bool)
+- <:
+- bool))
+-
+-val ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- (requires
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) >=. 0l <: bool) &&
+- ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) <. 4096l <: bool
+- ) &&
+- ((Core.Num.impl__i32__abs (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- bool))
+- <:
+- bool))
+- (ensures
+- fun result ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
+- i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- bool)
+- <:
+- bool))
++ (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1)
+
++val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7)
++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires True)
++ (ensures (fun _ -> True))
++
++val ntt_multiply (lhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
++ (rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
++ (requires True)
++ (ensures (fun _ -> True))
++
+ val ntt_vector_u
+ (v_VECTOR_U_COMPRESSION_FACTOR: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- (requires
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- 3328l
+- <:
+- bool)
+- <:
+- bool))
+- (ensures
+- fun result ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
+- i ]
+- <:
+- i32)
+- <:
+- i32) <.
+- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- <:
+- bool)
+- <:
+- bool))
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires True)
++ (ensures fun _ -> True)
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst
+--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.805760800 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.849759509 +0100
+@@ -3,27 +3,34 @@
+ open Core
+ open FStar.Mul
+
+-let rejection_sampling_panic_with_diagnostic (_: Prims.unit) =
++let rejection_sampling_panic_with_diagnostic () : Prims.unit =
++ admit(); // This should never be reachable
+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic"
+ <:
+ Rust_primitives.Hax.t_Never)
+
++#push-options "--ifuel 0 --z3rlimit 100"
+ let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) =
+- let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let sampled: t_PolynomialRingElement_b 3 =
++ cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++
++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
++ let sl : t_Slice u8 = randomness in
++ let chunk_len = sz 4 in
++ assert (v (length sl) == 128);
++ assert (Seq.length sl == 128);
++ assert_norm (128 % 4 == 0);
++ let sampled =
++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
++ sl
++ chunk_len
+ sampled
+ (fun sampled temp_1_ ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
+- let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in
++ let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in
++ assert(chunk_number <. sz 32);
+ let (random_bits_as_u32: u32):u32 =
+ (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |.
+ ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in
++ logand_lemma (random_bits_as_u32 >>! 1l <: u32) 1431655765ul;
++ assert(odd_bits <=. 1431655765ul);
+ let coin_toss_outcomes:u32 = even_bits +! odd_bits in
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by
+- ({
++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in
++ [@ inline_let]
++ let inv : acc_t -> u32 -> Type = fun acc i -> True in
++ Rust_primitives.Iterators.foldi_range_step_by #u32_inttype #(acc_t) #inv ({
+ Core.Ops.Range.f_start = 0ul;
+ Core.Ops.Range.f_end = Core.Num.impl__u32__BITS
+- }
+- <:
+- Core.Ops.Range.t_Range u32)
+- (sz 4)
+- <:
+- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32))
+- <:
+- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32))
++ }
++ <:
++ Core.Ops.Range.t_Range u32)
++ (sz 4)
+ sampled
+ (fun sampled outcome_set ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
+ let outcome_set:u32 = outcome_set in
++ assert (v outcome_set + 4 <= 32);
++ let out_1 = ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) in
+ let outcome_1_:i32 =
+- cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i32
++ cast out_1 <: i32
+ in
++ let out_2 = ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) in
+ let outcome_2_:i32 =
+- cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32)
+- <:
+- i32
++ cast out_2 <: i32
+ in
++ logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul;
++ assert (v out_1 >= 0);
++ assert (v out_1 <= 3);
++ assert (v outcome_1_ == v out_1 @% pow2 32);
++ Math.Lemmas.small_modulo_lemma_1 (v out_1) (pow2 32);
++ assert (v outcome_1_ == v out_1);
++ assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3);
++ logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul;
++ assert (v out_2 >= 0);
++ assert (v out_2 <= 3);
++ assert (v outcome_2_ == v out_2 @% pow2 32);
++ Math.Lemmas.small_modulo_lemma_1 (v out_2) (pow2 32);
++ assert (v outcome_2_ == v out_2);
++ assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3);
+ let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ assert (outcome_set <. 32ul);
++ assert (v (outcome_set >>! 2l <: u32) = v outcome_set / 4);
++ assert (v (outcome_set >>! 2l <: u32) < 8);
++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 32);
++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 64);
++ assert (v offset < 8);
++ assert (8 * v chunk_number + 8 <= 256);
++ assert (8 * v chunk_number + v offset < 256);
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 =
+ {
+ sampled with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -73,29 +104,36 @@
+ (outcome_1_ -! outcome_2_ <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3
+ in
+ sampled))
+- in
+- let _:Prims.unit = () <: Prims.unit in
+- sampled
++ in
++ let _:Prims.unit = () <: Prims.unit in
++ admit(); // P-F
++ sampled
++#pop-options
+
++#push-options "--ifuel 0 --z3rlimit 200"
+ let sample_from_binomial_distribution_3_ (randomness: t_Slice u8) =
+- let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let sampled:t_PolynomialRingElement_b 7 =
++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
+ in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) (i:usize) -> True in
++ let sl : t_Slice u8 = randomness in
++ let chunk_len = sz 3 in
++ assert (v (length sl) == 192);
++ assert (Seq.length sl == 192);
++ assert_norm (192 % 3 == 0);
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
++ sl
++ chunk_len
+ sampled
+ (fun sampled temp_1_ ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
+- let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in
++ let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in
+ let (random_bits_as_u24: u32):u32 =
+ ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |.
+ ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in
++ logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul;
++ assert (second_bits <=. 2396745ul);
+ let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in
++ logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul;
++ assert (third_bits <=. 2396745ul);
+ let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by
+- ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l }
+- <:
+- Core.Ops.Range.t_Range i32)
+- (sz 6)
+- <:
+- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32))
+- <:
+- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32))
++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in
++ [@ inline_let]
++ let inv : acc_t -> i32 -> Type = fun acc i -> True in
++ Rust_primitives.Iterators.foldi_range_step_by #i32_inttype #(acc_t) #inv ({
++ Core.Ops.Range.f_start = 0l;
++ Core.Ops.Range.f_end = 24l
++ }
++ <:
++ Core.Ops.Range.t_Range i32)
++ (sz 6)
+ sampled
+ (fun sampled outcome_set ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in
+ let outcome_set:i32 = outcome_set in
+ let outcome_1_:i32 =
+ cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i32
+@@ -128,8 +173,22 @@
+ <:
+ i32
+ in
++ logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul;
++ Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32)) (pow2 32);
++ assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7);
++ logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul;
++ Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32)) (pow2 32);
++ assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7);
+ let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ assert (outcome_set <. 24l);
++ assert (v (outcome_set /! 6l <: i32) = v outcome_set / 6);
++ assert (v (outcome_set /! 6l <: i32) < 4);
++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 32);
++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 64);
++ assert (v offset < 4);
++ assert (4 * v chunk_number + 4 <= 256);
++ assert (4 * v chunk_number + v offset < 256);
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
+ {
+ sampled with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -140,15 +199,18 @@
+ (outcome_1_ -! outcome_2_ <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7
+ in
+ sampled))
+ in
+ let _:Prims.unit = () <: Prims.unit in
++ admit();
+ sampled
++#pop-options
+
+ let sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
++ Rust_primitives.Integers.mk_int_equiv_lemma #u32_inttype (v v_ETA);
+ match cast (v_ETA <: usize) <: u32 with
+ | 2ul -> sample_from_binomial_distribution_2_ randomness
+ | 3ul -> sample_from_binomial_distribution_3_ randomness
+@@ -158,46 +220,62 @@
+ <:
+ Rust_primitives.Hax.t_Never)
+
++#push-options "--z3rlimit 50"
+ let sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) =
+ let (sampled_coefficients: usize):usize = sz 0 in
+- let (out: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ let (out: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+ let done:bool = false in
+- let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
++ let acc_t = (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) in
++ [@ inline_let]
++ let inv = fun (acc:acc_t) -> True in
++ let sl : t_Slice u8 = randomness in
++ let chunk_len = sz 3 in
++ let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
+ usize) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks (
+- Rust_primitives.unsize randomness <: t_Slice u8)
+- (sz 3)
+- <:
+- Core.Slice.Iter.t_Chunks u8)
+- <:
+- Core.Slice.Iter.t_Chunks u8)
++ Rust_primitives.Iterators.fold_chunks_exact #u8 #acc_t #inv
++ sl
++ chunk_len
+ (done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize))
+ (fun temp_0_ bytes ->
+ let done, out, sampled_coefficients:(bool &
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
+ usize) =
+ temp_0_
+ in
+- let bytes:t_Slice u8 = bytes in
++ let bytes:t_Array u8 chunk_len = bytes in
+ if ~.done <: bool
+ then
+ let b1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+ let b2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+ let b3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ assert(v b1 >= 0 /\ v b1 < pow2 8);
++ assert(v b2 >= 0 /\ v b2 < pow2 8);
++ assert(v b3 >= 0 /\ v b3 < pow2 8);
+ let d1:i32 = ((b2 &. 15l <: i32) <= v b1);
++ assert (v d1 >= 0);
+ let d2:i32 = (b3 <>! 4l <: i32) in
+- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
++ logor_lemma (b3 <>! 4l <: i32);
++ assert (v d2 >= v b3 * pow2 4);
++ assert (v d2 >= 0);
++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
+ usize) =
+ if
+ d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
+ sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -208,23 +286,23 @@
+ d1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ out, sampled_coefficients +! sz 1
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ else
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ in
+- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
+ usize) =
+ if
+ d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
+ sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -235,31 +313,31 @@
+ d2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ let sampled_coefficients:usize = sampled_coefficients +! sz 1 in
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ else
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ in
+ if sampled_coefficients =. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+ let done:bool = true in
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ else
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
+ else
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize))
+ in
+ let _:Prims.unit =
+ if ~.done
+@@ -268,4 +346,5 @@
+ ()
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- out
++ out
++#pop-options
+diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti
+--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.774761709 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.856759304 +0100
+@@ -3,77 +3,37 @@
+ open Core
+ open FStar.Mul
+
+-val rejection_sampling_panic_with_diagnostic: Prims.unit
+- -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True)
++open Libcrux.Kem.Kyber.Arithmetic
+
+ val sample_from_binomial_distribution_2_ (randomness: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ : Prims.Pure (t_PolynomialRingElement_b 3)
+ (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize))
+ (ensures
+ fun result ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
+- i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- 2l
+- <:
+- bool)
+- <:
+- bool))
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
++ Spec.Kyber.sample_poly_binomial (sz 2) randomness)
+
+ val sample_from_binomial_distribution_3_ (randomness: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ : Prims.Pure (t_PolynomialRingElement_b 7)
+ (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize))
+ (ensures
+ fun result ->
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+- Hax_lib.v_forall (fun i ->
+- let i:usize = i in
+- Hax_lib.implies (i <.
+- (Core.Slice.impl__len (Rust_primitives.unsize result
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- <:
+- usize)
+- <:
+- bool)
+- (fun temp_0_ ->
+- let _:Prims.unit = temp_0_ in
+- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
+- i ]
+- <:
+- i32)
+- <:
+- i32) <=.
+- 3l
+- <:
+- bool)
+- <:
+- bool))
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
++ Spec.Kyber.sample_poly_binomial (sz 3) randomness)
+
+-val sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++val sample_from_binomial_distribution (#p:Spec.Kyber.params)
++ (v_ETA: usize) (randomness: t_Slice u8)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1))
++ (requires (v_ETA = p.v_ETA1 \/ v_ETA = p.v_ETA2) /\
++ (Core.Slice.impl__len randomness <: usize) =. (v_ETA *! sz 64 <: usize))
++ (ensures
++ fun result ->
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
++ Spec.Kyber.sample_poly_binomial v_ETA randomness)
+
+ val sample_from_uniform_distribution (randomness: t_Array u8 (sz 840))
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ (requires True)
++ (ensures fun _ -> True)
++// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0))
++
+diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst
+--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.789761269 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.818760418 +0100
+@@ -1,8 +1,14 @@
+ module Libcrux.Kem.Kyber.Serialize
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3"
+ open Core
+ open FStar.Mul
+
++open Libcrux.Kem.Kyber.Arithmetic
++
++open MkSeq
++
++#push-options "--z3rlimit 80"
++[@@"opaque_to_smt"]
+ let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) =
+ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in
+ let coef2:u8 =
+@@ -19,11 +25,12 @@
+ in
+ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in
+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8)
++#pop-options
+
++#push-options "--ifuel 1 --z3rlimit 600 --split_queries always"
++[@@"opaque_to_smt"]
+ let compress_coefficients_11_
+- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8:
+- i32)
+- =
++ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 =
+ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in
+ let coef2:u8 =
+ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in
+- coef1, coef2, coef3 <: (u8 & u8 & u8)
++ coef1, coef2, coef3 <: (u8 & u8 & u8)
++#pop-options
+
++#push-options "--z3rlimit 60 --split_queries always"
++[@@"opaque_to_smt"]
+ let compress_coefficients_5_
+- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8:
+- u8)
+- =
++ coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8
++ =
+ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 2l <: u8) in
+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8)
++#pop-options
+
+-let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) =
++#push-options "--z3rlimit 500"
++[@@"opaque_to_smt"]
++let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 =
+ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in
+ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in
+ let coefficient4:i32 = (byte5 <>! 6l <: i32) in
+- coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32)
++ lemma_get_bit_bounded' coefficient1 10;
++ lemma_get_bit_bounded' coefficient2 10;
++ lemma_get_bit_bounded' coefficient3 10;
++ lemma_get_bit_bounded' coefficient4 10;
++ coefficient1, coefficient2, coefficient3, coefficient4
++#pop-options
+
++#push-options "--z3rlimit 300"
++[@@"opaque_to_smt"]
+ let decompress_coefficients_11_
+- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32)
+- =
++ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 =
+ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in
+ let coefficient3:i32 =
+@@ -109,6 +131,14 @@
+ in
+ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in
+ let coefficient8:i32 = (byte11 <>! 5l <: i32) in
++ lemma_get_bit_bounded' coefficient1 11;
++ lemma_get_bit_bounded' coefficient2 11;
++ lemma_get_bit_bounded' coefficient3 11;
++ lemma_get_bit_bounded' coefficient4 11;
++ lemma_get_bit_bounded' coefficient5 11;
++ lemma_get_bit_bounded' coefficient6 11;
++ lemma_get_bit_bounded' coefficient7 11;
++ lemma_get_bit_bounded' coefficient8 11;
+ coefficient1,
+ coefficient2,
+ coefficient3,
+@@ -117,15 +147,21 @@
+ coefficient6,
+ coefficient7,
+ coefficient8
+- <:
+- (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
++#pop-options
+
+-let decompress_coefficients_4_ (byte: u8) =
++#push-options "--z3rlimit 50"
++[@@"opaque_to_smt"]
++let decompress_coefficients_4_ byte =
+ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in
+ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in
+- coefficient1, coefficient2 <: (i32 & i32)
+-
+-let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) =
++ lemma_get_bit_bounded' coefficient1 4;
++ lemma_get_bit_bounded' coefficient2 4;
++ coefficient1, coefficient2
++#pop-options
++
++#push-options "--z3rlimit 400"
++[@@"opaque_to_smt"]
++let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 =
+ let coefficient1:i32 = byte1 &. 31l in
+ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in
+ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in
+@@ -134,6 +170,14 @@
+ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in
+ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in
+ let coefficient8:i32 = byte5 >>! 3l in
++ lemma_get_bit_bounded' coefficient1 5;
++ lemma_get_bit_bounded' coefficient2 5;
++ lemma_get_bit_bounded' coefficient3 5;
++ lemma_get_bit_bounded' coefficient4 5;
++ lemma_get_bit_bounded' coefficient5 5;
++ lemma_get_bit_bounded' coefficient6 5;
++ lemma_get_bit_bounded' coefficient7 5;
++ lemma_get_bit_bounded' coefficient8 5;
+ coefficient1,
+ coefficient2,
+ coefficient3,
+@@ -142,31 +186,54 @@
+ coefficient6,
+ coefficient7,
+ coefficient8
+- <:
+- (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
++#pop-options
++
++let cast_bound_lemma
++ #t #u
++ (n: int_t t)
++ (d: num_bits t)
++ : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0)
++ (ensures bounded (cast #(int_t t) #(int_t u) n) d)
++ [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)]
++ = ()
++
++#push-options "--z3rlimit 90"
++[@@"opaque_to_smt"]
++let int_t_d_cast_lemma #t #u d (n: int_t_d t d)
++ : Lemma (requires bits t < bits u /\ v n >= 0)
++ (ensures bounded (cast #(int_t t) #(int_t u) n) d)
++ [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)]
++ = Math.Lemmas.pow2_double_mult (bits u - 1);
++ Math.Lemmas.small_mod (v n) (modulus u)
++let mul_in_range (n m: nat)
++ : Lemma
++ (requires n <= 256 /\ m <= 256)
++ (ensures range (n * m) usize_inttype)
++ = Math.Lemmas.pow2_plus 8 8;
++ Math.Lemmas.pow2_le_compat 32 16
++#pop-options
+
++#restart-solver
++
++#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100"
++[@@"opaque_to_smt"]
+ let compress_then_serialize_10_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++ v_OUT_LEN
++ re
++ =
++ let accT = t_Array u8 v_OUT_LEN in
++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) ->
++ True
++ in
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 4)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- serialized
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 4)
++ (serialized)
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ let i, coefficients:(usize & _) = temp_1_ in
+ let coefficient1:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32
+@@ -226,79 +293,96 @@
+ serialized)
+ in
+ serialized
++#pop-options
+
++#push-options "--fuel 0 --ifuel 0 --z3rlimit 30"
++[@@"opaque_to_smt"]
++let update5
++ #n
++ (s: t_Array 't n)
++ (offset: usize {v offset + 5 <= v n})
++ (i0 i1 i2 i3 i4: 't)
++ : s': t_Array 't n {
++ Seq.index s' (v offset + 0) == i0 /\
++ Seq.index s' (v offset + 1) == i1 /\
++ Seq.index s' (v offset + 2) == i2 /\
++ Seq.index s' (v offset + 3) == i3 /\
++ Seq.index s' (v offset + 4) == i4 /\
++ (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i)
++ }
++ = let open Rust_primitives.Hax.Monomorphized_update_at in
++ let s = update_at_usize s offset i0 in
++ let s = update_at_usize s (offset +! sz 1) i1 in
++ let s = update_at_usize s (offset +! sz 2) i2 in
++ let s = update_at_usize s (offset +! sz 3) i3 in
++ let s = update_at_usize s (offset +! sz 4) i4 in
++ s
++#pop-options
++
++#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no"
+ let compress_then_serialize_11_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++ v_OUT_LEN re
++ =
++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 8)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 8)
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+- let coefficient1:i32 =
++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in
++ let coefficient1 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient2:i32 =
++ let coefficient2 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient3:i32 =
++ let coefficient3 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient4:i32 =
++ let coefficient4 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient5:i32 =
++ let coefficient5 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient6:i32 =
++ let coefficient6 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient7:i32 =
++ let coefficient7 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient8:i32 =
++ let coefficient8 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32
+ )
+@@ -324,6 +408,8 @@
+ coefficient7
+ coefficient8
+ in
++ assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11);
++ assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype);
+ let serialized:t_Array u8 v_OUT_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 11 *! i <: usize)
+@@ -382,29 +468,20 @@
+ serialized)
+ in
+ serialized
++#pop-options
+
+-let compress_then_serialize_4_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++let compress_then_serialize_4_ v_OUT_LEN re =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
++ let accT = t_Array u8 v_OUT_LEN in
++ let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 2)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 2)
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in
+ let coefficient1:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ]
+@@ -439,27 +516,20 @@
+ serialized
+
+ let compress_then_serialize_5_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++ v_OUT_LEN
++ re
++ =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
++ let accT = t_Array u8 v_OUT_LEN in
++ let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 8)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 8)
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in
+ let coefficient1:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ]
+@@ -544,6 +614,14 @@
+ <:
+ u8
+ in
++ let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ]
++ <:
++ i32)
++ <:
++ u16)
++ <:
++ i32 in
+ let coefficient8:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ]
+@@ -566,6 +644,8 @@
+ coefficient6
+ coefficient8
+ in
++ assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5);
++ assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype);
+ let serialized:t_Array u8 v_OUT_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 5 *! i <: usize)
+@@ -595,35 +675,24 @@
+ in
+ serialized
+
+-let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++let compress_then_serialize_message re =
+ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
++ let accT = t_Array u8 (sz 32) in
++ let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 (sz 32) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 8)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 8)
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 32) = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32))
++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in
++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
++ coefficients
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 32) = serialized in
+- let j, coefficient:(usize & i32) = temp_1_ in
++ let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in
+ let coefficient:u16 =
+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient
+ in
+@@ -636,27 +705,35 @@
+ <:
+ t_Array u8 (sz 32))
+ in
++ admit (); // P-F
+ serialized
+
+-let compress_then_serialize_ring_element_u
+- (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++let compress_then_serialize_ring_element_u #p
++ v_COMPRESSION_FACTOR
++ v_OUT_LEN
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
+ let _:Prims.unit = () <: Prims.unit in
++ assert (
++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11) \/
++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10)
++ );
++ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+ | 10ul -> compress_then_serialize_10_ v_OUT_LEN re
+ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re
+ | _ ->
+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
+-
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-let compress_then_serialize_ring_element_v
+- (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- =
++let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re =
+ let _:Prims.unit = () <: Prims.unit in
++ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
++ let res =
++ assert (
++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/
++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5)
++ );
+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re
+ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re
+@@ -665,32 +742,49 @@
+
+ <:
+ Rust_primitives.Hax.t_Never)
++ in
++ admit (); // P-F
++ res
+
+-let deserialize_then_decompress_10_ (serialized: t_Slice u8) =
++#push-options "--z3rlimit 160"
++let deserialize_then_decompress_10_ serialized =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in
++ let inv (acc: accT) (i: usize) = True in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
++ serialized
++ (sz 5)
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- let i, bytes:(usize & t_Slice u8) = temp_1_ in
+- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+- let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in
++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let coefficient1, coefficient2, coefficient3, coefficient4 =
+ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1
++ <:
++ i32) in
++ let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2
++ <:
++ i32) in
++ let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3
++ <:
++ i32) in
++ let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4
++ <:
++ i32) in
++ assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256);
++ assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype);
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -698,14 +792,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 4 *! i <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1
+- <:
+- i32)
++ coefficient1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -713,14 +805,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 1 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2
+- <:
+- i32)
++ coefficient2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -728,14 +818,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 2 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3
+- <:
+- i32)
++ coefficient3
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -743,44 +831,43 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 3 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4
+- <:
+- i32)
++ coefficient4
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ in
+ re
++#pop-options
+
+-let deserialize_then_decompress_11_ (serialized: t_Slice u8) =
++#push-options "--z3rlimit 100 --ifuel 0"
++let deserialize_then_decompress_11_ serialized
++ : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
++ serialized
++ (sz 11)
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- let i, bytes:(usize & t_Slice u8) = temp_1_ in
+- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+- let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in
+- let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in
+- let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in
+- let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in
+- let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in
+- let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in
++ assert (v i < 32);
++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in
++ let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in
++ let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in
++ let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in
++ let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in
++ let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in
+ let
+ coefficient1,
+ coefficient2,
+@@ -789,11 +876,21 @@
+ coefficient5,
+ coefficient6,
+ coefficient7,
+- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) =
++ coefficient8 =
+ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10
+ byte11
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in
++ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in
++ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in
++ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in
++ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in
++ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in
++ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in
++ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in
++ assert_spinoff (8 * v i + 8 <= 256);
++ assert_spinoff (range (v (sz 8) * v i) usize_inttype);
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -801,14 +898,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 8 *! i <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1
+- <:
+- i32)
++ coefficient1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -816,14 +911,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 1 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2
+- <:
+- i32)
++ coefficient2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -831,14 +924,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 2 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3
+- <:
+- i32)
++ coefficient3
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -846,14 +937,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 3 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4
+- <:
+- i32)
++ coefficient4
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -861,14 +950,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 4 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5
+- <:
+- i32)
++ coefficient5
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -876,14 +963,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 5 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6
+- <:
+- i32)
++ coefficient6
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -891,14 +976,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 6 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7
+- <:
+- i32)
++ coefficient7
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -906,35 +989,33 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 7 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8
+- <:
+- i32)
++ coefficient8
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ in
+ re
++#pop-options
+
+-let deserialize_then_decompress_4_ (serialized: t_Slice u8) =
++#push-options "--z3rlimit 100"
++let deserialize_then_decompress_4_ serialized =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8))
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
++ serialized
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+ let i, byte:(usize & u8) = temp_1_ in
+- let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let coefficient1, coefficient2 = decompress_coefficients_4_ byte in
++ assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256);
++ assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype);
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -947,9 +1028,9 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -962,33 +1043,32 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ in
+ re
++#pop-options
+
+-let deserialize_then_decompress_5_ (serialized: t_Slice u8) =
++#push-options "--z3rlimit 150"
++let deserialize_then_decompress_5_ serialized =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
++ serialized (sz 5)
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- let i, bytes:(usize & t_Slice u8) = temp_1_ in
+- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in
++ assert (v i < 32);
++ let byte1 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+ let
+ coefficient1,
+ coefficient2,
+@@ -997,10 +1077,25 @@
+ coefficient5,
+ coefficient6,
+ coefficient7,
+- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) =
++ coefficient8 =
+ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in
++ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in
++ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in
++ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 in
++ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 in
++ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 in
++ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 in
++ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 in
++ // assert (Seq.length serialized == 160);
++ // // assert_norm (160 / 5 == 32);
++ // assert_spinoff (v i < Seq.length serialized);
++ // assert (v i < 32);
++ assert_spinoff (v i < 32 ==> 8 * v i + 8 <= 256);
++ mul_in_range 8 (v i);
++ assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype);
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1008,14 +1103,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 8 *! i <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1
+- <:
+- i32)
++ coefficient1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1023,14 +1116,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 1 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2
+- <:
+- i32)
++ coefficient2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1038,14 +1129,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 2 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3
+- <:
+- i32)
++ coefficient3
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1053,14 +1142,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 3 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4
+- <:
+- i32)
++ coefficient4
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1068,14 +1155,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 4 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5
+- <:
+- i32)
++ coefficient5
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1083,14 +1168,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 5 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6
+- <:
+- i32)
++ coefficient6
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1098,14 +1181,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 6 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7
+- <:
+- i32)
++ coefficient7
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1113,33 +1194,27 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 7 <: usize)
+- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8
+- <:
+- i32)
++ coefficient8
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ in
+ re
++#pop-options
+
++#push-options "--z3rlimit 60"
+ let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) =
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Iter.Traits.Collect.f_into_iter serialized
+- <:
+- Core.Array.Iter.t_IntoIter u8 (sz 32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32)))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32)))
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
++ serialized
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+ let i, byte:(usize & u8) = temp_1_ in
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+@@ -1151,10 +1226,11 @@
+ Core.Ops.Range.t_Range usize)
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+ let j:usize = j in
+ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ lemma_get_bit_bounded' coefficient_compressed 1;
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1168,19 +1244,20 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ in
++ admit(); //P-F
+ re
++#pop-options
+
+-let deserialize_then_decompress_ring_element_u
+- (v_COMPRESSION_FACTOR: usize)
+- (serialized: t_Slice u8)
+- =
++let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized =
+ let _:Prims.unit = () <: Prims.unit in
++ mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
++ assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11);
+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+ | 10ul -> deserialize_then_decompress_10_ serialized
+ | 11ul -> deserialize_then_decompress_11_ serialized
+@@ -1190,11 +1267,11 @@
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-let deserialize_then_decompress_ring_element_v
+- (v_COMPRESSION_FACTOR: usize)
+- (serialized: t_Slice u8)
+- =
++let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized =
+ let _:Prims.unit = () <: Prims.unit in
++ mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR);
++ assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5);
++ let res =
+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
+ | 4ul -> deserialize_then_decompress_4_ serialized
+ | 5ul -> deserialize_then_decompress_5_ serialized
+@@ -1203,27 +1280,32 @@
+
+ <:
+ Rust_primitives.Hax.t_Never)
++ in
++ admit(); //P-F
++ res
+
+-let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) =
++#push-options "--z3rlimit 220"
++let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
++ serialized
++ (sz 3)
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+- let i, bytes:(usize & t_Slice u8) = temp_1_ in
+- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in
++ let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2:int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3:int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let coef1 = (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) in
++ lemma_get_bit_bounded' coef1 11;
++ lemma_get_bit_bounded' coef2 11;
++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1231,12 +1313,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 2 *! i <: usize)
+- (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32)
++ coef2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ in
+ re)
+ in
+ re
++#pop-options
+
+-let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++#push-options "--z3rlimit 100"
++let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
+ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in
+ let serialized:t_Array u8 (sz 384) =
+- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
+- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- <:
+- t_Slice i32)
+- (sz 2)
+- <:
+- Core.Slice.Iter.t_ChunksExact i32)
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+- <:
+- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ (sz 2)
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 384) = serialized in
+- let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in
++ assert (v i < 128);
+ let coefficient1:u16 =
+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32)
+ in
+@@ -1281,6 +1357,8 @@
+ let coef1, coef2, coef3:(u8 & u8 & u8) =
+ compress_coefficients_3_ coefficient1 coefficient2
+ in
++ assert_spinoff (3 * v i + 3 <= 384);
++ assert_spinoff (range (v (sz 3) * v i) usize_inttype);
+ let serialized:t_Array u8 (sz 384) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 3 *! i <: usize)
+@@ -1299,3 +1377,4 @@
+ serialized)
+ in
+ serialized
++#pop-options
+diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti
+--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.769761855 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.845759626 +0100
+@@ -2,118 +2,193 @@
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
++open MkSeq
++
++let int_arr_bitwise_eq
++ #t1 #t2 #n1 #n2
++ (arr1: t_Array (int_t t1) n1)
++ (d1: num_bits t1)
++ (arr2: t_Array (x: int_t t2) n2)
++ (d2: num_bits t2 {v n1 * d1 == v n2 * d2})
++ = forall i. i < v n1 * d1
++ ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i
+
+ val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32)
+- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
++ : Prims.Pure (u8 & u8 & u8 & u8 & u8)
++ (requires True)
++ (ensures fun tuple ->
++ int_arr_bitwise_eq
++ (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10
++ (create5 tuple) 8
++ )
+
+ val compress_coefficients_11_
+ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8:
+- i32)
++ int_t_d i32_inttype 11)
+ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val compress_coefficients_3_ (coefficient1 coefficient2: u16)
+- : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
++ (requires True)
++ (ensures fun tuple ->
++ int_arr_bitwise_eq
++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11
++ (create11 tuple) 8
++ )
++
++val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12)
++ : Prims.Pure (u8 & u8 & u8)
++ (requires True)
++ (ensures fun tuple ->
++ int_arr_bitwise_eq
++ (create2 (coefficient1, coefficient2)) 12
++ (create3 tuple) 8
++ )
+
+ val compress_coefficients_5_
+- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8:
+- u8)
+- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32)
+- : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5)
++ : Prims.Pure (u8 & u8 & u8 & u8 & u8)
++ (requires True)
++ (ensures fun tuple ->
++ int_arr_bitwise_eq
++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5
++ (create5 tuple) 8
++ )
++
++private unfold type i32_d = int_t_d i32_inttype
++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8)
++ : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10)
++ (requires True)
++ (ensures fun (r1, r2, r3, r4) ->
++ int_arr_bitwise_eq
++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8
++ (create4 #i32 (r1, r2, r3, r4)) 10
++ )
+
+ val decompress_coefficients_11_
+- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32)
+- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8)
++ : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11)
++ (requires True)
++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) ->
++ int_arr_bitwise_eq
++ (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8
++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11
++ )
+
+ val decompress_coefficients_4_ (byte: u8)
+- : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32)
+- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Prims.Pure (i32_d 4 & i32_d 4)
++ (requires True)
++ (ensures fun (r1, r2) ->
++ int_arr_bitwise_eq
++ (create1 byte) 8
++ (create2 (r1, r2)) 4
++ )
++
++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8)
++ : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5)
++ (requires True)
++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) ->
++ int_arr_bitwise_eq
++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8
++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5
++ )
+
+ val compress_then_serialize_10_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (v_OUT_LEN: usize {v v_OUT_LEN >= 320})
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_11_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (v_OUT_LEN: usize {v v_OUT_LEN >= 352})
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_4_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (v_OUT_LEN: usize {v v_OUT_LEN >= 128})
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_5_
+- (v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (v_OUT_LEN: usize {v v_OUT_LEN >= 160})
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
++val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ : Pure (t_Array u8 (sz 32))
++ (requires True)
++ (ensures (fun res ->
++ res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re)))
+
+ val compress_then_serialize_ring_element_u
+- (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+-
+-val compress_then_serialize_ring_element_v
+- (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
++ (#p:Spec.Kyber.params)
++ (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11})
++ (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR })
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ : t_Array u8 v_OUT_LEN
++
++val compress_then_serialize_ring_element_v (#p:Spec.Kyber.params)
++ (v_COMPRESSION_FACTOR: usize {v_COMPRESSION_FACTOR = sz 4 || v_COMPRESSION_FACTOR = sz 5})
++ (v_OUT_LEN: usize {v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR})
++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ : Pure (t_Array u8 v_OUT_LEN)
++ (requires True)
++ (ensures (fun res ->
++ res ==
++ Spec.Kyber.compress_then_encode_v p
++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re)))
+
+-val deserialize_then_decompress_10_ (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320})
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_11_ (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352})
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_4_ (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128})
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_5_ (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++val deserialize_then_decompress_5_
++ (serialized: t_Slice u8 {Seq.length serialized == 160})
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+ val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32))
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires True)
++ (ensures fun res ->
++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res ==
++ Spec.Kyber.decode_then_decompress_message serialized)
+
+ val deserialize_then_decompress_ring_element_u
+ (v_COMPRESSION_FACTOR: usize)
+- (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ (serialized: t_Slice u8 {
++ match v v_COMPRESSION_FACTOR with
++ | 10 -> Seq.length serialized == 320
++ | 11 -> Seq.length serialized == 352
++ | _ -> False
++ })
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11)
++ (ensures fun _ -> True)
+
+-val deserialize_then_decompress_ring_element_v
+- (v_COMPRESSION_FACTOR: usize)
++val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params)
++ (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5})
+ (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\
++ length serialized == Spec.Kyber.v_C2_SIZE p))
++ (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res
++ == Spec.Kyber.decode_then_decompress_v p serialized)
+
+ val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+- Prims.l_True
+- (fun _ -> Prims.l_True)
+-
+-val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+- : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True)
++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT))
++ (ensures fun _ -> True)
++
++val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ : Pure (t_Array u8 (sz 384))
++ (requires True)
++ (ensures (fun res -> True))
+diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst
+--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.772761767 +0100
++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.839759802 +0100
+@@ -3,31 +3,33 @@
+ open Core
+ open FStar.Mul
+
+-type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
++type t_Error = | Error_RejectionSampling : t_Error
++
++type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
+- { f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value }
++let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (t_Slice u8) =
++ { f_as_ref = fun (self: t_KyberCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE }
++let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (t_Array u8 v_SIZE) =
++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberCiphertext v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) =
++let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (t_Array u8 v_SIZE) =
+ {
+ f_from
+ =
+ fun (value: t_Array u8 v_SIZE) ->
+- { f_value = Core.Clone.f_clone value } <: t_MlKemCiphertext v_SIZE
++ { f_value = Core.Clone.f_clone value } <: t_KyberCiphertext v_SIZE
+ }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) =
+- { f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value }
++let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberCiphertext v_SIZE) =
++ { f_from = fun (value: t_KyberCiphertext v_SIZE) -> value.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) =
++let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (t_Slice u8) =
+ {
+ f_Error = Core.Array.t_TryFromSliceError;
+ f_try_from
+@@ -35,49 +37,51 @@
+ fun (value: t_Slice u8) ->
+ match Core.Convert.f_try_into value with
+ | Core.Result.Result_Ok value ->
+- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE)
++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberCiphertext v_SIZE)
+ <:
+- Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError
+ | Core.Result.Result_Err e ->
+ Core.Result.Result_Err e
+ <:
+- Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError
+ }
+
+-let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : t_Array u8 v_SIZE =
++let impl_6__as_slice (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : t_Array u8 v_SIZE =
+ self.f_value
+
+-let impl_6__len (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : usize = v_SIZE
++let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE
+
+-let impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize)
+- : (t_Slice u8 & t_Slice u8) =
++let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize)
++ : Pure (t_Slice u8 & t_Slice u8)
++ (requires (mid <=. v_SIZE))
++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+-type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
++type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
+- { f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value }
++let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (t_Slice u8) =
++ { f_as_ref = fun (self: t_KyberPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE }
++let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberPrivateKey v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
++let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (t_Array u8 v_SIZE) =
+ {
+ f_from
+ =
+ fun (value: t_Array u8 v_SIZE) ->
+- { f_value = Core.Clone.f_clone value } <: t_MlKemPrivateKey v_SIZE
++ { f_value = Core.Clone.f_clone value } <: t_KyberPrivateKey v_SIZE
+ }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) =
+- { f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value }
++let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) =
++ { f_from = fun (value: t_KyberPrivateKey v_SIZE) -> value.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) =
++let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (t_Slice u8) =
+ {
+ f_Error = Core.Array.t_TryFromSliceError;
+ f_try_from
+@@ -85,49 +89,52 @@
+ fun (value: t_Slice u8) ->
+ match Core.Convert.f_try_into value with
+ | Core.Result.Result_Ok value ->
+- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE)
++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberPrivateKey v_SIZE)
+ <:
+- Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
+ | Core.Result.Result_Err e ->
+ Core.Result.Result_Err e
+ <:
+- Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError
+ }
+
+-let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : t_Array u8 v_SIZE =
++let impl_12__as_slice (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : t_Array u8 v_SIZE =
+ self.f_value
+
+-let impl_12__len (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : usize = v_SIZE
++let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE
+
+-let impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize)
+- : (t_Slice u8 & t_Slice u8) =
++val impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize)
++ : Pure (t_Slice u8 & t_Slice u8)
++ (requires (mid <=. v_SIZE))
++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid)))
++let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+-type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
++type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
+- { f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value }
++let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (t_Slice u8) =
++ { f_as_ref = fun (self: t_KyberPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE }
++let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (t_Array u8 v_SIZE) =
++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberPublicKey v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) =
++let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (t_Array u8 v_SIZE) =
+ {
+ f_from
+ =
+ fun (value: t_Array u8 v_SIZE) ->
+- { f_value = Core.Clone.f_clone value } <: t_MlKemPublicKey v_SIZE
++ { f_value = Core.Clone.f_clone value } <: t_KyberPublicKey v_SIZE
+ }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) =
+- { f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value }
++let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPublicKey v_SIZE) =
++ { f_from = fun (value: t_KyberPublicKey v_SIZE) -> value.f_value }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+-let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) =
++let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (t_Slice u8) =
+ {
+ f_Error = Core.Array.t_TryFromSliceError;
+ f_try_from
+@@ -135,61 +142,63 @@
+ fun (value: t_Slice u8) ->
+ match Core.Convert.f_try_into value with
+ | Core.Result.Result_Ok value ->
+- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE)
++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberPublicKey v_SIZE)
+ <:
+- Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError
+ | Core.Result.Result_Err e ->
+ Core.Result.Result_Err e
+ <:
+- Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError
++ Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError
+ }
+
+-let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : t_Array u8 v_SIZE =
++let impl_18__as_slice (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : t_Array u8 v_SIZE =
+ self.f_value
+
+-let impl_18__len (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : usize = v_SIZE
++let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE
+
+-let impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize)
+- : (t_Slice u8 & t_Slice u8) =
++let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize)
++ : Pure (t_Slice u8 & t_Slice u8)
++ (requires (mid <=. v_SIZE))
++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+-type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = {
+- f_sk:t_MlKemPrivateKey v_PRIVATE_KEY_SIZE;
+- f_pk:t_MlKemPublicKey v_PUBLIC_KEY_SIZE
++type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = {
++ f_sk:t_KyberPrivateKey v_PRIVATE_KEY_SIZE;
++ f_pk:t_KyberPublicKey v_PUBLIC_KEY_SIZE
+ }
+
+ let impl__from
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+- (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE)
+- (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE)
+- : t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
+- { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
++ (sk: t_KyberPrivateKey v_PRIVATE_KEY_SIZE)
++ (pk: t_KyberPublicKey v_PUBLIC_KEY_SIZE)
++ : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
++ { f_sk = sk; f_pk = pk } <: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
+
+ let impl__new
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+ (sk: t_Array u8 v_PRIVATE_KEY_SIZE)
+ (pk: t_Array u8 v_PUBLIC_KEY_SIZE)
+- : t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
++ : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE =
+ { f_sk = Core.Convert.f_into sk; f_pk = Core.Convert.f_into pk }
+ <:
+- t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
++ t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE
+
+ let impl__pk
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+ : t_Array u8 v_PUBLIC_KEY_SIZE = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk
+
+ let impl__private_key
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+- : t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk
++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ : t_KyberPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk
+
+ let impl__public_key
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+- : t_MlKemPublicKey v_PUBLIC_KEY_SIZE = self.f_pk
++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ : t_KyberPublicKey v_PUBLIC_KEY_SIZE = self.f_pk
+
+ let impl__sk
+ (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize)
+- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+ : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk
+diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti
+--- extraction/Libcrux_platform.fsti 2024-02-01 11:03:26.767761914 +0100
++++ extraction-edited/Libcrux_platform.fsti 2024-02-01 11:03:26.826760184 +0100
+@@ -1,20 +1,4 @@
+ module Libcrux_platform
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+-open Core
+-open FStar.Mul
+
+-val bmi2_adx_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val simd256_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val x25519_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val adv_simd_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val aes_ni_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val pmull_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val sha256_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
+-
+-val simd128_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)
++val simd256_support: bool
+diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst
+--- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100
++++ extraction-edited/MkSeq.fst 2024-02-01 11:03:26.814760535 +0100
+@@ -0,0 +1,91 @@
++module MkSeq
++open Core
++
++open FStar.Tactics.V2
++
++private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a)
++ = let rec h (i: nat {i <= len}): Tac (list 'a)
++ = if i = len then [] else f i :: h (i + 1)
++ in h 0
++
++private let tuple_proj (n: nat) (i: nat): Tac term
++ = if n = 1 then `(id) else
++ let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in
++ Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name])
++
++private let tuple_type (n: nat): Tac term
++ = if n = 1 then `(id) else
++ let name = "tuple" ^ string_of_int n in
++ Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name])
++
++open Rust_primitives.Integers
++open Libcrux.Kem.Kyber.Arithmetic
++
++// let create4 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10: 'a)
++// : Pure
++// (t_Array 'a (sz 11))
++// (requires True)
++// (ensures fun (r: t_Array 'a (sz 11)) ->
++// r.[sz 0] == x0 /\
++// r.[sz 1] == x1 /\
++// r.[sz 2] == x2 /\
++// r.[sz 3] == x3 /\
++// r.[sz 4] == x4 /\
++// r.[sz 5] == x5 /\
++// r.[sz 6] == x6 /\
++// r.[sz 7] == x7 /\
++// True
++// )
++// = Libcrux.Kem.Kyber.Arithmetic.createi
++// (sz 11)
++// (fun x -> match v x with
++// | 0 -> x0
++// | 1 -> x1
++// | 2 -> x2
++// | 3 -> x3
++// | 4 -> x4
++// | 5 -> x5
++// | 6 -> x6
++// | 7 -> x7
++// | 8 -> x8
++// | 9 -> x9
++// | 10 -> x10
++// )
++
++private let create_gen_tac (n: nat): Tac sigelt
++ = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in
++ let typ = binder_to_term typ_bd in
++ let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in
++ let input_bd = fresh_binder_named "tup" input_typ in
++ let output_type = `t_Array (`#typ) (sz (`@n)) in
++ let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in
++ let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in
++ let post =
++ let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in
++ let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in
++ let bd = fresh_binder_named "s" output_type in
++ mk_abs [bd] (invs bd)
++ in
++ let comp = C_Eff [] ["Prims"; "Pure"]
++ (`t_Array (`#typ) (sz (`@n)))
++ [ (`(requires True), Q_Explicit); (post, Q_Explicit)] []
++ in
++ let args = [typ_bd; input_bd] in
++ let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in
++ let indexes =
++ let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in
++ Tactics.fold_left mk_and (`True) (init n f)
++ in
++ let lb_def = mk_abs args (`(
++ let l = `#l in
++ let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in
++ FStar.Classical.forall_intro (Seq.lemma_index_is_nth s);
++ assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]);
++ s
++ )) in
++ let lb_typ = mk_arr args (pack_comp comp) in
++ let open FStar.List.Tot in
++ let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in
++ Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] }
++
++%splice[] (init 13 (fun i -> create_gen_tac (i + 1)))
+diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst
+--- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100
++++ extraction-edited/Spec.Kyber.fst 2024-02-01 11:03:26.846759597 +0100
+@@ -0,0 +1,433 @@
++module Spec.Kyber
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++open Core
++open FStar.Mul
++
++(** Utils *)
++let map' #a #b
++ (f:(x:a -> b))
++ (s: t_Slice a): t_Slice b
++ = createi (length s) (fun i -> f (Seq.index s (v i)))
++
++let flatten #t #n
++ (#m: usize {range (v n * v m) usize_inttype})
++ (x: t_Array (t_Array t m) n)
++ : t_Array t (m *! n)
++ = createi (m *! n) (fun i -> Seq.index (Seq.index x (v i / v m)) (v i % v m))
++
++(** Constants *)
++let v_BITS_PER_COEFFICIENT: usize = sz 12
++
++let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256
++
++let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12
++
++let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8
++
++let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32
++
++let v_FIELD_MODULUS: i32 = 3329l
++
++let v_H_DIGEST_SIZE: usize = sz 32
++// Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm)
++
++let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5
++
++let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE
++
++type params_ = {
++ v_RANK: usize;
++ v_ETA1: usize;
++ v_ETA2: usize;
++ v_VECTOR_U_COMPRESSION_FACTOR: usize;
++ v_VECTOR_V_COMPRESSION_FACTOR: usize;
++}
++
++let valid_params p =
++ (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) &&
++ (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) &&
++ p.v_ETA2 =. sz 2 &&
++ (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) &&
++ (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5)
++
++let params = p:params_{valid_params p}
++
++val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192}
++let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64
++
++val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128}
++let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64
++
++val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
++let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT
++
++val v_T_AS_NTT_ENCODED_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
++let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p
++
++val v_CPA_PKE_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
++let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p
++
++val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568}
++let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32
++
++val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168}
++let v_SECRET_KEY_SIZE (p:params) =
++ (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE)
++
++val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR}
++let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR
++
++val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 \/ u <=. sz 1448) /\
++ v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK}
++let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK
++
++val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR }
++let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR
++
++val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)}
++let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p
++
++val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE +
++ v (v_CPA_PKE_CIPHERTEXT_SIZE p)}
++let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) =
++ v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p
++
++val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64}
++let v_KEY_GENERATION_SEED_SIZE: usize =
++ v_CPA_PKE_KEY_GENERATION_SEED_SIZE +!
++ v_SHARED_SECRET_SIZE
++
++(** Types *)
++
++type t_Error = | Error_RejectionSampling : t_Error
++
++type t_Result a b =
++ | Ok: a -> t_Result a b
++ | Err: b -> t_Result a b
++
++type t_KyberPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p)
++type t_KyberPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p)
++type t_KyberKeyPair (p:params) = t_KyberPrivateKey p & t_KyberPublicKey p
++
++type t_KyberCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p)
++type t_KyberCPAKeyPair (p:params) = t_KyberCPAPrivateKey p & t_KyberPublicKey p
++
++type t_KyberCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p)
++type t_KyberSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE)
++
++(** Utility and Hash Function *)
++assume val v_G (input: t_Slice u8) : t_Array u8 (sz 64)
++assume val v_H (input: t_Slice u8) : t_Array u8 (sz 32)
++assume val v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN
++let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input
++assume val v_XOF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN
++
++(** Kyber Math and Sampling *)
++
++type field_element = n:nat{n < v v_FIELD_MODULUS}
++type polynomial = arr: t_Array nat (sz 256) {forall i. Seq.index arr i < v v_FIELD_MODULUS}
++type vector (p:params) = t_Array polynomial p.v_RANK
++type matrix (p:params) = t_Array (vector p) p.v_RANK
++
++assume val poly_add: polynomial -> polynomial -> polynomial
++assume val poly_sub: polynomial -> polynomial -> polynomial
++assume val vector_add: #p:params -> vector p -> vector p -> vector p
++assume val vector_dot_product: #p:params -> vector p -> vector p -> polynomial
++
++assume val matrix_transpose: #p:params -> matrix p -> matrix p
++assume val matrix_vector_mul: #p:params -> matrix p -> vector p -> vector p
++val compute_As_plus_e: #p:params -> a:matrix p -> s:vector p -> e:vector p -> vector p
++let compute_As_plus_e #p a s e = vector_add (matrix_vector_mul a s) e
++
++assume val poly_inv_ntt: #p:params -> polynomial -> polynomial
++assume val vector_ntt: #p:params -> vector p -> vector p
++assume val vector_inv_ntt: #p:params -> vector p -> vector p
++
++// note we take seed of size 32 not 34 as in hacspec
++assume val sample_matrix_A: #p:params -> seed:t_Array u8 (sz 32) -> matrix p
++// note we take seed of size 32 not 33 as in hacspec
++assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p
++// note we take seed of size 32 not 33 as in hacspec
++
++assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial
++
++open Rust_primitives.Integers
++
++val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial
++let sample_poly_cbd #p seed domain_sep =
++ let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in
++ let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in
++ sample_poly_binomial p.v_ETA2 prf_output
++
++let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) =
++ vector_ntt (sample_vector_cbd #p seed domain_sep)
++
++type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12}
++
++let compress_d (d: dT {d <> 12}) (x: field_element): field_element
++ = (pow2 d * x + 1664) / v v_FIELD_MODULUS
++
++let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8))
++ : Pure (t_Array u8 bytes)
++ (requires True)
++ (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i))
++ = bit_vec_to_int_t_array 8 bv
++
++let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes)
++ : Pure (i: bit_vec (v bytes * 8))
++ (requires True)
++ (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i))
++ = bit_vec_of_int_t_array r 8
++
++let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d))
++ = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d)
++
++let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial
++ = let bv = bit_vec_of_int_t_array coefficients 8 in
++ let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in
++ let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in
++ introduce forall i. Seq.index p i < v v_FIELD_MODULUS
++ with assert (Seq.index p i == Seq.index p (v (sz i)));
++ p
++
++let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)
++ = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in
++ flatten s
++
++let vector_decode_12 (#p:params) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p
++ = createi p.v_RANK (fun block ->
++ let block_size = (sz (32 * 12)) in
++ let slice = Seq.slice arr (v block * v block_size)
++ (v block * v block_size + v block_size) in
++ byte_decode 12 slice
++ )
++
++let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d))
++ = let coefs: t_Array nat (sz 256) = map (fun (f: nat {f < v v_FIELD_MODULUS}) ->
++ compress_d d f <: nat
++ ) coefficients
++ in
++ byte_encode d coefficients
++
++let compress_then_encode_message: polynomial -> t_Array u8 v_SHARED_SECRET_SIZE
++ = byte_encode 1
++
++let decode_then_decompress_message: t_Array u8 v_SHARED_SECRET_SIZE -> polynomial
++ = byte_decode 1
++
++let compress_then_encode_u (p:params) (vec: vector p): t_Array u8 (v_C1_SIZE p)
++ = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in
++ flatten (map #_ #_ #(fun _ -> True) (byte_encode (v d)) vec)
++
++let decode_then_decompress_u (p:params) (arr: t_Array u8 (v_C1_SIZE p)): vector p
++ = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in
++ createi p.v_RANK (fun block ->
++ let block_size = v_C1_BLOCK_SIZE p in
++ let slice = Seq.slice arr (v block * v block_size)
++ (v block * v block_size + v block_size) in
++ byte_decode (v d) slice
++ )
++
++let compress_then_encode_v (p:params): polynomial -> t_Array u8 (v_C2_SIZE p)
++ = byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR)
++
++let decode_then_decompress_v (p:params): t_Array u8 (v_C2_SIZE p) -> polynomial
++ = byte_decode (v p.v_VECTOR_V_COMPRESSION_FACTOR)
++
++(** IND-CPA Functions *)
++
++/// This function implements most of Algorithm 12 of the
++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm.
++///
++/// We say "most of" since Algorithm 12 samples the required randomness within
++/// the function itself, whereas this implementation expects it to be provided
++/// through the `key_generation_seed` parameter.
++
++val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) :
++ t_KyberCPAKeyPair p
++let ind_cpa_generate_keypair p randomness =
++ let hashed = v_G randomness in
++ let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in
++ let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in
++ let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in
++ let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in
++ let t_as_ntt = compute_As_plus_e #p matrix_A_as_ntt secret_as_ntt error_as_ntt in
++ let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in
++ let secret_key_serialized = vector_encode_12 #p secret_as_ntt in
++ (secret_key_serialized,public_key_serialized)
++
++/// This function implements Algorithm 13 of the
++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
++
++val ind_cpa_encrypt (p:params) (public_key: t_KyberPublicKey p)
++ (message: t_Array u8 v_SHARED_SECRET_SIZE)
++ (randomness:t_Array u8 v_SHARED_SECRET_SIZE) :
++ t_KyberCiphertext p
++
++let ind_cpa_encrypt p public_key message randomness =
++ let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in
++ let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in
++ let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in
++ let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in
++ let error_1 = sample_vector_cbd #p randomness p.v_RANK in
++ let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in
++ let u = vector_add (vector_inv_ntt (matrix_vector_mul (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in
++ let mu = decode_then_decompress_message message in
++ let v = poly_add (poly_add (vector_dot_product t_as_ntt r_as_ntt) error_2) mu in
++ let c1 = compress_then_encode_u p u in
++ let c2 = compress_then_encode_v p v in
++ concat c1 c2
++
++/// This function implements Algorithm 14 of the
++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
++
++val ind_cpa_decrypt (p:params) (secret_key: t_KyberCPAPrivateKey p)
++ (ciphertext: t_KyberCiphertext p):
++ t_KyberSharedSecret
++
++let ind_cpa_decrypt p secret_key ciphertext =
++ let (c1,c2) = split ciphertext (v_C1_SIZE p) in
++ let u = decode_then_decompress_u p c1 in
++ let v = decode_then_decompress_v p c2 in
++ let secret_as_ntt = vector_decode_12 #p secret_key in
++ let w = poly_sub v (poly_inv_ntt #p (vector_dot_product secret_as_ntt (vector_ntt u))) in
++ compress_then_encode_message w
++
++(** IND-CCA Functions *)
++
++
++/// This function implements most of Algorithm 15 of the
++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM key generation algorithm.
++///
++/// We say "most of" since Algorithm 15 samples the required randomness within
++/// the function itself, whereas this implementation expects it to be provided
++/// through the `randomness` parameter.
++///
++/// TODO: input validation
++
++val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) :
++ t_KyberKeyPair p
++let ind_cca_generate_keypair p randomness =
++ let (ind_cpa_keypair_randomness, implicit_rejection_value) =
++ split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in
++
++ let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in
++ let ind_cca_secret_key = Seq.append ind_cpa_secret_key (
++ Seq.append ind_cpa_public_key (
++ Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in
++ (ind_cca_secret_key, ind_cpa_public_key)
++
++/// This function implements most of Algorithm 16 of the
++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm.
++///
++/// We say "most of" since Algorithm 16 samples the required randomness within
++/// the function itself, whereas this implementation expects it to be provided
++/// through the `randomness` parameter.
++///
++/// TODO: input validation
++
++val ind_cca_encapsulate (p:params) (public_key: t_KyberPublicKey p)
++ (randomness:t_Array u8 v_SHARED_SECRET_SIZE) :
++ (t_KyberCiphertext p & t_KyberSharedSecret)
++let ind_cca_encapsulate p public_key randomness =
++ let to_hash = concat randomness (v_H public_key) in
++ let hashed = v_G to_hash in
++ let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
++ let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in
++ (ciphertext,shared_secret)
++
++
++/// This function implements Algorithm 17 of the
++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm.
++
++val ind_cca_decapsulate (p:params) (secret_key: t_KyberPrivateKey p)
++ (ciphertext: t_KyberCiphertext p):
++ t_KyberSharedSecret
++let ind_cca_decapsulate p secret_key ciphertext =
++ let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in
++ let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in
++ let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in
++
++ let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in
++ let to_hash = concat decrypted ind_cpa_public_key_hash in
++ let hashed = v_G to_hash in
++ let (success_shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
++
++ assert (Seq.length implicit_rejection_value = 32);
++ let to_hash = concat implicit_rejection_value ciphertext in
++ let rejection_shared_secret = v_J to_hash in
++
++ let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in
++ if reencrypted = ciphertext
++ then success_shared_secret
++ else rejection_shared_secret
++
++
++(** Kyber-768 Instantiation *)
++
++let kyber768_params : params = {
++ v_RANK = sz 3;
++ v_ETA1 = sz 2;
++ v_ETA2 = sz 2;
++ v_VECTOR_U_COMPRESSION_FACTOR = sz 10;
++ v_VECTOR_V_COMPRESSION_FACTOR = sz 4;
++}
++
++let kyber768_generate_keypair (randomness:t_Array u8 (sz 64)):
++ (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) =
++ ind_cca_generate_keypair kyber768_params randomness
++
++let kyber768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)):
++ (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) =
++ ind_cca_encapsulate kyber768_params public_key randomness
++
++
++let kyber768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)):
++ t_Array u8 (sz 32) =
++ ind_cca_decapsulate kyber768_params secret_key ciphertext
++
++(** Kyber-1024 Instantiation *)
++
++let kyber1024_params : params = {
++ v_RANK = sz 4;
++ v_ETA1 = sz 2;
++ v_ETA2 = sz 2;
++ v_VECTOR_U_COMPRESSION_FACTOR = sz 11;
++ v_VECTOR_V_COMPRESSION_FACTOR = sz 5;
++}
++
++let kyber1024_generate_keypair (randomness:t_Array u8 (sz 64)):
++ (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) =
++ ind_cca_generate_keypair kyber1024_params randomness
++
++let kyber1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)):
++ (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) =
++ ind_cca_encapsulate kyber1024_params public_key randomness
++
++
++let kyber1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)):
++ t_Array u8 (sz 32) =
++ ind_cca_decapsulate kyber1024_params secret_key ciphertext
++
++(** Kyber-512 Instantiation *)
++
++let kyber512_params : params = {
++ v_RANK = sz 2;
++ v_ETA1 = sz 3;
++ v_ETA2 = sz 2;
++ v_VECTOR_U_COMPRESSION_FACTOR = sz 10;
++ v_VECTOR_V_COMPRESSION_FACTOR = sz 4;
++}
++
++let kyber512_generate_keypair (randomness:t_Array u8 (sz 64)):
++ (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) =
++ ind_cca_generate_keypair kyber512_params randomness
++
++let kyber512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)):
++ (t_Array u8 (sz 768) & t_Array u8 (sz 32)) =
++ ind_cca_encapsulate kyber512_params public_key randomness
++
++
++let kyber512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)):
++ t_Array u8 (sz 32) =
++ ind_cca_decapsulate kyber512_params secret_key ciphertext
diff --git a/proofs/fstar/extraction-edited/.gitignore b/proofs/fstar/extraction-edited/.gitignore
new file mode 100644
index 000000000..4671378ae
--- /dev/null
+++ b/proofs/fstar/extraction-edited/.gitignore
@@ -0,0 +1 @@
+.depend
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints
index 5ff523dac..923ea98ba 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints
@@ -1,5 +1,5 @@
[
- "\u000f\\\u0006$\u000b5\"0M)",
+ "!\u000fh?UKC&G",
[
[
"Core.Array.impl_23__as_slice",
@@ -20,7 +20,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "6f4ce370b8866e98540496030b9ea2bc"
+ "85561bc0b31937bb58fa81295e630a5e"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints
index b6631fc27..52a29fb01 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints
@@ -1,5 +1,5 @@
[
- "h\u0013J\u0019[ל",
+ "T>\u0016\u0004.~eo",
[
[
"Core.Convert.impl_6",
@@ -40,7 +40,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f1bc017bd20d2ef7663ed3a86cfa560d"
+ "776c403496c6101a5e549bedcdf06d68"
],
[
"Core.Convert.impl_6_refined",
@@ -71,7 +71,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "3f9a9ed660e48fd52e177d202c0ea8b2"
+ "4ee3850617bf742063814d94c541060a"
],
[
"Core.Convert.integer_into",
@@ -93,7 +93,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "8fe5bd2209d844468d8621aba258ab14"
+ "2f85519fe3abcc75daa2e1b30615daba"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints
index 99bdfbd8b..8f43c879a 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints
@@ -23,7 +23,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "cbed40f98cd777329f1b2316fb374fde"
+ "3ecc0dd1b3858521a9105734362b2361"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints
index 6ffb9f11c..1d5f30fe6 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints
@@ -23,7 +23,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "540a3ab535433f04a217511a2ee1d003"
+ "792cc060a645ed5b1a7f4c64adcdb56b"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints
index 4bb791ad9..24b7cf23a 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints
@@ -1 +1 @@
-[ "_xqlVD\"Z4xi", [] ]
\ No newline at end of file
+[ "t\f\t\u001fapH\u001a", [] ]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints
index 7ce4e2cdb..8a928bef7 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints
@@ -1 +1 @@
-[ "Z\u0007+->\u000b7l؇", [] ]
\ No newline at end of file
+[ "עZ6DŽ\u0010#Y\u001d", [] ]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints
index fe716f04f..59d60ee5c 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints
@@ -43,7 +43,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ec19e6631c38e3182d7c50839db89cf8"
+ "3a3c9afc9b5e4c1cb03540e357d97eff"
],
[
"Core.Iter.iterator_array_contains",
@@ -64,7 +64,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "f5117c85c72962bb0a58ab19c428ab57"
+ "2d9eb0ecbf9d4cf085c95dbb41ddd32d"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints
index 5f96d1c79..7223e8fc0 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints
@@ -1,5 +1,5 @@
[
- "KWRBF>|]\fSu",
+ "_/ґї2'",
[
[
"Core.Num.impl__i32__abs",
@@ -8,7 +8,7 @@
1,
[ "@query", "equation_Rust_primitives.Integers.i32_inttype" ],
0,
- "9630ee37c31ef00ab4ef862b3a82f753"
+ "312c6ec65c8a63c762b9d3448cc5c92b"
],
[
"Core.Num.impl__u32__from_le_bytes",
@@ -47,7 +47,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "92790a027199601eac121ca1d8f73f11"
+ "5746f48c356c86b82e8cd96f98edb188"
],
[
"Core.Num.impl__u32__from_be_bytes",
@@ -86,7 +86,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "773cfcb5736810e096ed9e306e0fbeca"
+ "e5364e57dad18e8325c7a26e113c09c5"
],
[
"Core.Num.impl__u32__to_le_bytes",
@@ -125,7 +125,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c84b6c59e1c5d821d204cc5c21fa4225"
+ "12454d00d84c02302ace7c6291e3f8d7"
],
[
"Core.Num.impl__u32__to_be_bytes",
@@ -164,7 +164,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "511b8f6ff9d3e6589982c466baf5be68"
+ "1c80570e2bb5a5a5ec00e682a53c0eb8"
],
[
"Core.Num.impl__u64__from_le_bytes",
@@ -203,7 +203,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "712bfc0a8968173e028e4bfdac7bd10b"
+ "022eff849b907bdee54aaf903771d626"
],
[
"Core.Num.impl__u64__from_be_bytes",
@@ -242,7 +242,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "6ee430cca71e4000ec55161d2cc92268"
+ "1c2ee314345badaa4b0a9f37603f4992"
],
[
"Core.Num.impl__u64__to_le_bytes",
@@ -281,7 +281,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b664f1d907ee9a3da2c12bd033d87e40"
+ "16985d5260eded8284e8cfb6d8cc327f"
],
[
"Core.Num.impl__u64__to_be_bytes",
@@ -320,7 +320,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "e58595728c8c2eb19cb37488c1dab3fb"
+ "f63c69cca1ddc958827bf63ffb4a1865"
],
[
"Core.Num.impl__u128__from_le_bytes",
@@ -359,7 +359,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d906bd8158e664764046b75644747e0f"
+ "89745637cff927916d62016d7992dfc0"
],
[
"Core.Num.impl__u128__from_be_bytes",
@@ -398,7 +398,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "2a72008d06176dd0c18e8ff9f9aab93b"
+ "5c5f5e0de34e79f78a9cf3c3921ed4d7"
],
[
"Core.Num.impl__u128__to_le_bytes",
@@ -437,7 +437,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f221d00f0f8273404150142d023d23a7"
+ "d87c0017b522e60736ce6287c02b6525"
],
[
"Core.Num.impl__u128__to_be_bytes",
@@ -476,7 +476,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f3a53fc4fd0707de5776f57375914a00"
+ "90206980db06463ddfb8d2cdeb137621"
],
[
"Core.Num.impl__u16__pow",
@@ -530,7 +530,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "ad786856041d609067afa3239a85cdb6"
+ "844a8a52362dd37b11ef806fd449c26f"
],
[
"Core.Num.impl__u32__pow",
@@ -579,7 +579,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "541e02295b185f69213b941b8bc2dff5"
+ "3cbeeb9b9eef20abb1a42bc3814145dc"
],
[
"Core.Num.impl__i32__pow",
@@ -632,7 +632,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "3e92424cad7be60da6b35e7c91fdac0c"
+ "b92feb66af9dbbca634f3428a03dfce8"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints
index 8c23034c1..b28a285c9 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints
@@ -1,5 +1,5 @@
[
- "%\u0013\u000e\u0001*'[\u001bQ",
+ "\u0003RjP'{b\u0003\t\u0000\u000fU",
[
[
"Core.Ops.Range.t_RangeTo",
@@ -8,7 +8,7 @@
1,
[ "@query" ],
0,
- "599978869034aed653ac2dc914c48182"
+ "5398350df56eb89c20a8ba53b10573fa"
],
[
"Core.Ops.Range.t_RangeFrom",
@@ -17,7 +17,7 @@
1,
[ "@query" ],
0,
- "dcc7765e25f537b833808d4de52f944b"
+ "437362cec397474f5b8925b3245783f2"
],
[
"Core.Ops.Range.t_Range",
@@ -26,7 +26,7 @@
1,
[ "@query" ],
0,
- "f61b2ca1bb24ff07bb1d24b7be03286c"
+ "23b6132c3f6e53c1bc895ac90049e232"
],
[
"Core.Ops.Range.fold_range'",
@@ -113,7 +113,7 @@
"well-founded-ordering-on-nat"
],
0,
- "066b242a5310c3a14051e9dad032ff94"
+ "de7afb4742bd05ac1a2150ce9b2f66ff"
],
[
"Core.Ops.Range.iterator_range",
@@ -146,7 +146,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "f338800437571d0ece3361b2341125f8"
+ "70cffc878822fef0980e4605f5616d5a"
],
[
"Core.Ops.Range.impl_index_range_slice",
@@ -195,7 +195,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "9ff2acb15337e75cd275920883614933"
+ "3de7ca01540ee1194c44d8fa7d0cc728"
],
[
"Core.Ops.Range.impl_index_range_to_slice",
@@ -243,7 +243,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "b7467fd36ca30cd49913262cef19b78d"
+ "b24cda752d36c7df291a1050fec62b4a"
],
[
"Core.Ops.Range.impl_index_range_from_slice",
@@ -285,7 +285,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "1615a0726f007fb31a609c39c15bcf48"
+ "ce04978f6a0585224764eba2b493f2b2"
],
[
"Core.Ops.Range.impl_range_index_array",
@@ -306,7 +306,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "90ae7248866f152fb1ac9e979f2da4ff"
+ "3692684509378c8ea71a01470c75b15b"
],
[
"Core.Ops.Range.impl_range_to_index_array",
@@ -327,7 +327,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "b17cc5ec7b7b8ce2c00704057bd360fa"
+ "66d32ff6feda8c597d7d4116e9f346a2"
],
[
"Core.Ops.Range.impl_range_from_index_array",
@@ -348,7 +348,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "b567d71cc1fb2608bbb605e723b88983"
+ "5fb6376bf677c4b640d4709d955f92d0"
],
[
"Core.Ops.Range.impl_range_full_index_array",
@@ -369,7 +369,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "0e9975537c15d7955c0958aa5fb7f0ca"
+ "230722d2ec5e7889c8f2285ce4bfe03c"
],
[
"Core.Ops.Range.update_at_tc_array_range",
@@ -386,7 +386,7 @@
"token_correspondence_Core.Ops.Index.in_range"
],
0,
- "50ce3c5981834330293ab0a311b0ba9e"
+ "e6d465c3c1745148c6f9478bd5ea1196"
],
[
"Core.Ops.Range.update_at_tc_array_range_to",
@@ -403,7 +403,7 @@
"token_correspondence_Core.Ops.Index.in_range"
],
0,
- "82fe0fdd6bc4b760d56edf1d6432dd25"
+ "63e37c8f5397769c870b7fe556d27916"
],
[
"Core.Ops.Range.update_at_tc_array_range_from",
@@ -420,7 +420,7 @@
"token_correspondence_Core.Ops.Index.in_range"
],
0,
- "01b1538ef1368989f0f8ebfbe5421ba7"
+ "6b197c3ba1b712eb23e9d66f798cd017"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints
index e49870803..ba15328c5 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints
@@ -15,7 +15,7 @@
"token_correspondence_Core.Ops.Index.in_range"
],
0,
- "9a4f699813f6a21267cbaedf31fae292"
+ "2696b555db278ac0471d721e1d1e7fcd"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints
index 99b32211d..417b64e17 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints
@@ -11,7 +11,7 @@
"refinement_interpretation_Tm_refine_f1ecc6ab6882a651504f328937700647"
],
0,
- "82ab84f30432fd12cf60facccfcb3574"
+ "b287358079d8631514c604e1d2ba8f28"
],
[
"Core.Panicking.assert_failed",
@@ -23,7 +23,7 @@
"refinement_interpretation_Tm_refine_f1ecc6ab6882a651504f328937700647"
],
0,
- "84764ee4448f964544c5999fe8579618"
+ "8d32a257d54ea6209af4fa4daed14c75"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints
index 55410d9c0..ff2de0784 100644
--- a/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints
@@ -1,5 +1,5 @@
[
- "\u0014M\f\u00056'\u00020\"P\u0014",
+ "l@¨@@&!I",
[
[
"Core.Slice.impl__len",
@@ -24,7 +24,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bba75b6d0d64d3b38abd48d9af5bf9a4"
+ "9e31505b57f7db6c4aff9cd33bbf8667"
],
[
"Core.Slice.impl__index",
@@ -60,7 +60,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "64d9878bf893ddf00144af6a2248b8b9"
+ "9c3c18cc383c8c95b08b0f624139e938"
],
[
"Core.Slice.impl__split_at",
@@ -91,7 +91,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "0f1a477b7dffbe0ab287f10890259f7f"
+ "31e2491be711c431d115e16b22889e8c"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints
index 774c480bf..4afbbc8ae 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints
@@ -52,7 +52,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "2367eb1397787998f7d4631faa0eb327"
+ "5da8d161accf15cf2ef8015bc7f927a8"
],
[
"Libcrux.Digest.sha3_256_",
@@ -90,7 +90,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "439108f73e08dab063aa1f0d33b2e54f"
+ "264bf2615fbf776da2fae750ea6b4d8c"
],
[
"Libcrux.Digest.sha3_512_",
@@ -128,7 +128,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "0c5e35b2b0d2d2da0c258e520b9ed810"
+ "289a981c77fa6504f972fc7e59a9d2ad"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints
index 1af8ce4bc..85626639f 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints
@@ -24,7 +24,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "56a2ca7e203811d8d859be0a084c2796"
+ "85be0a6251a7c79f8f46c30cccc98f8c"
],
[
"Libcrux.Kem.Kyber.Arithmetic.lemma_mul_i32_range",
@@ -88,7 +88,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "565521c8ceccbcec79baeb49dcb75ab8"
+ "9c34ccd2426244de45403fb21951573f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.lemma_add_i32_range",
@@ -128,7 +128,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "4fe6feb29bc7cd6d88d1b52ec748b127"
+ "9bd607b28d1ceeba549c6a5577d38ec6"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mul_i32_b",
@@ -162,7 +162,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ec39d9b89261bcb683aed81d89b3e10f"
+ "9f2313bad42c63d876bd0181ed6241ba"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mul_i32_b",
@@ -200,7 +200,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "16d9748f01ad466e56b614a858f34e13"
+ "7c73c486db50615ef0b3c8fd632f42f5"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_i32_b",
@@ -214,7 +214,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "6c578730c6aed3ec2ca61de6a57dcd8a"
+ "c1677ca87756e94704adce27931090e7"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_i32_b",
@@ -252,7 +252,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "1f106e6d5c3689ce827beaa8fc69cfb9"
+ "def12a88748d0ee3b1b1568bdc8fdec0"
],
[
"Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
@@ -266,7 +266,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "6374137dd3a1561c83c1e19595cebc33"
+ "22f0918de6554de78d918567972cfcf3"
],
[
"Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
@@ -307,7 +307,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "b11bfb41326e1ed6b68048ea463e64ab"
+ "cee15ba68a8f8231db35a7ce2e19b649"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_i32_b",
@@ -323,7 +323,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "c1f5629cb8080184498ded2b46b9f168"
+ "c118627868bd2245c1d9b772b912646d"
],
[
"Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
@@ -335,6997 +335,2083 @@
"refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
],
0,
- "cfba8c72591de666d7187ab8922e0628"
+ "d9ba5b2da8e172010c9a24289cd78b16"
],
[
"Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 3,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_6b63944b159c15af90180cc02421aeb2"
- ],
- 0,
- "71dbc2c446bd30fcdc16099af8741d44"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 4,
+ 2,
0,
0,
[
- "@MaxIFuel_assumption", "@query",
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion",
"constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Prims.nat", "equation_Prims.pos",
"equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_6b63944b159c15af90180cc02421aeb2"
- ],
- 0,
- "acfb03d4275a0d4e199c530575119e85"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 5,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "f1c2395fd3b62f9a0cdf036fab5de373"
+ "0ec8abf1930330f65b4059c939a8c108"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 6,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ 1,
0,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
+ 1,
+ [ "@query" ],
0,
- "ac67d1c5d398c47bf388a6f9e87164c3"
+ "ca09aa222c3f10c7308f751c8121f8fc"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 7,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ 2,
0,
+ 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S32",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.unsigned",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S64@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
+ "equation_Prims.nat", "equation_Prims.pos",
"equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i64",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.shift_left",
"equation_Rust_primitives.Integers.unsigned",
"equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values",
- "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Lib.IntTypes.pow2_4",
+ "lemma_FStar.Int64.uv_inv", "lemma_FStar.Int64.vu_inv",
"lemma_Rust_primitives.Integers.pow2_values",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
"primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f5200f9f73e8a5e8a8aa0040048ad01d",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
"token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Rust_primitives.Integers.minint",
+ "typing_Lib.IntTypes.pub_int_v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
"typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
"typing_Rust_primitives.Integers.usize_inttype",
- "typing_tok_Lib.IntTypes.S32@tok"
+ "typing_tok_Lib.IntTypes.S64@tok"
],
0,
- "5004d023eabb9964f9dfbcd4e2157e42"
+ "8dff7c5883c6219ac1780cd2503472d0"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 8,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ 1,
0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
+ 1,
+ [ "@query" ],
0,
- "fb3e7478e16c6648284c9c7227abd439"
+ "bf4467dff15d12ba57fc02dcfefdf79c"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 9,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ 2,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Prims.nat", "int_inversion",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv",
+ "lemma_FStar.UInt8.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "8f65bad42836e8b29f4f786029bd8dd5"
+ "1da8e6250c17cf279dfdc340e93da6ae"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 10,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
+ 1,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "typing_Prims.pow2"
],
0,
- "851f67e20afe63bf8a6d8aaeb81e3eaf"
+ "d08d5026b0fd0f430b04ac318e3dab4c"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 11,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.int_to_spec_fe",
+ 1,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.v_FIELD_MODULUS", "int_inversion", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "5a2b2b44ba1af16bc00d86c90b250726"
+ "16b234ecc784afab8b09dda84685ba62"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 12,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 1,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "8cabb86840c58f9a9a1eff51e8c383f0"
+ "b311f29a6dbb07e8dd48ff8417025169"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 13,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 2,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "4b57788208d18a3e27277b6d89526a12"
+ "75ca9c65e4510e5f3fe708518553309d"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 14,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 3,
0,
+ 1,
[
- "@query", "b2t_def", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "9483a3e477a0fb68341697fd3e63418c"
+ "db19cfa1e5783314ff023f1b2b82ab00"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 15,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 4,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "3534f0a8bd3fbb3270c843fc5aa7c469"
+ "89a41c06d80bdb9bbd2917bf0c165693"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 16,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 5,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Prims.nat", "int_inversion",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "72cc555e046b6f06ef3f4ffc3428f70c"
+ "38e2562203d662f0953b5019d075df63"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 17,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 6,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "b2d2b1de2eb1c209f31bb45196fa9897"
+ "6b4be3cd080af9d9acfd9d2c10d1f73a"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 18,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 7,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df"
],
0,
- "c1826237aea4c94fcaf99ae0fe5bee86"
+ "7a4a1370199528e13a34fef671e98c26"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 19,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 8,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df"
],
0,
- "2fea4391b8036e7a50e912768d379514"
+ "ca9362a5a4471be39244f7263faa2096"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 20,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 9,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "refinement_interpretation_Tm_refine_6d9468de833edbf83340bc45737821f0",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
],
0,
- "97ae6a43beb64e8152b35658494a58cb"
+ "b987ee172b9aa04a3d39ea2ac8547784"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 21,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 10,
0,
+ 1,
[
- "@query", "b2t_def", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "14b65ef1235605dd4b2ef42722c0cb9e"
+ "4195cfcafb0bfac403b7fd35c3348a2b"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 22,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 11,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
+ "projection_inverse_BoxBool_proj_0"
],
0,
- "32418b2bc482cc52c239fe3b7df0f0cd"
+ "69100f2b27e4638d57fea05a4fe010e8"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 23,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 12,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "32418b2bc482cc52c239fe3b7df0f0cd"
+ "e328e977a8b43c2ac77eb0f5de9a90df"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 24,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 13,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "6250d155a21e975ff3c8b144abf6e658"
+ "24a86a07364dcd694db7c9964d9534db"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 25,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 14,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
+ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "265a77e2ca37ad84f2383ee543d5942f"
+ "baf51f24f8d11c2a55d83a9744b9770e"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 26,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 15,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion",
- "function_token_typing_Prims.__cache_version_number__",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a",
- "refinement_interpretation_Tm_refine_8a2cb36738bd59880353542ddfcf2306",
- "refinement_interpretation_Tm_refine_fced9469325a21ee5658f91ad6556434"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "76e9cf01032a7acf00bc1fc93aabc791"
+ "ddee053eb6eebaa6d9edd5f037be34b8"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 27,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 16,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
+ "projection_inverse_BoxBool_proj_0"
],
0,
- "195dc1d610ef0b39f9175e6a1a0ae95d"
+ "b51bfe674e9abf064a75ffff07481de1"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 28,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 17,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Prims.nonzero", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values",
+ "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
"refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "22ac8320a53ac68a244acb9c2d93976e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 29,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "0b6d812661a6c83d324fd0433880464c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 30,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "a14ac4dc6d5f4f8c174898ed6fe6e940"
+ "3bba13c27e772271e2203f3a063b2809"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 31,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 18,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "96ec107d5319615f15ed33f5a1078d79"
+ "0170fe8e6a0b83807d912b3f2d26a9bb"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 32,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 19,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt32.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "edda4b832e3ab2e90bc84eaa5c84be77"
+ "addb239b0d1671bd65694992f5468a08"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 33,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 20,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "dd865875704049451849b53cb0a83d4e"
+ "b5c4e1e6842a75e44e566131b2685f9e"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 34,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 21,
0,
+ 1,
[
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
+ "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "a6732e87c2b628a8746fe1afca7663a6"
+ "76d61a1c1ebe55f19a2aa4bf412db017"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 35,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 22,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "74e07d75f04ee8e032786c0fa2e75aa7"
+ "126b3cadc77c79e2dc26f34a046a2ed3"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 36,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 23,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
"refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "refinement_interpretation_Tm_refine_e3fe9b7b2b1f21f6c8f47835047505be"
],
0,
- "b1e5f15a6040f15cdaf13d13ca93d97b"
+ "feb91ada329549a7cbf3ac71decf0099"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 37,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 24,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.Integers.range_t",
+ "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "06b164f12d25a521201473cabb6c5eb0"
+ "d68bb3683a39069a5bcdebff0368afdd"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 38,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 25,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "52805f9f4bef225ae408ed3cf9c35ddb"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 39,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "d14794fffa587006e2cf0702f2827b7f"
+ "718bc617038d3e637415d34f28a1ba5d"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 40,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 26,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
+ "projection_inverse_BoxBool_proj_0"
],
0,
- "d2fe3d030dc8e91a93669bd594843bee"
+ "13d463a2f87c74999c582cfe843317bd"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 41,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 27,
0,
+ 1,
[
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "2255a101406dc4905c0ac62ca36a19f8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 42,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "f8fadab02500b28db89fce39798c8fb2"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 43,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.UInt32.uv_inv",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
+ "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "13e26cbc12c62e4813a1abf9683e530e"
+ "6fc455492ba2c04992deccd5ee4bc7df"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 44,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 28,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "39eab8b68d0a4a209848f0ba551c9dc1"
+ "a26a7f93f017940e70e9412570857f9b"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 45,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 29,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.UInt32.uv_inv",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "e1e57373c21d5d61c1a4ce9670800ac9"
+ "7049bbc2474f1feadaecf92118be7874"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 46,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 30,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "9824d27626931c50e3ced12cf29374c1"
+ "68b18510d3a5c0b25972476989654f10"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 47,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 31,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.Integers.range_t",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "b2f2e83393a847828d2f77df008cdef4"
+ "12c9425948d79dda0c635b32657ca5d6"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 48,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 32,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "b17f8c720a9a7e07687735382757dcd3"
+ "00c4edd08b3eff35f4803dee7570c139"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 49,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 33,
0,
+ 1,
[
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
],
0,
- "8ee1abed6928a7777425390b9ea68a5a"
+ "96f10736962bbcb840b2d195076f7a52"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 50,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 34,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "a456f0309015c65a4874aa97fa3d2db7"
+ "4ea41be76cd59f3c690d99c76e6f2e20"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 51,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 35,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "4f50af4034244da9bf7144e662adce83"
+ "21c88ae18639f6bdc3eeda32eaa33289"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 52,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 36,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "8e83378470ff5d1401c532347c9e9a4e"
+ "c9eefee48fbf45eb86e4b95d755ba3b5"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 53,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 37,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "aa390c57c30008bc0eeda38661101171"
+ "d0917f17b2a70648e406a44c253077a0"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 54,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 38,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "b286ddd6bafa3c8839f60a35c893d173"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 55,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "0ac9541c6234eebc7cfc286c786ea94f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 56,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "9a48d9c416f338bfbe6c732747ac1725"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 57,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "3fa0e50cb05ab8a397f88428bc18c56c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 58,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_373062363cd4174449e04fce764b71f7"
- ],
- 0,
- "e121f95a9f346ae63f5c89943ba8a020"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 59,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "lemma_FStar.UInt32.uv_inv",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "e0d89533525f1e818b5c297d9e9d1e47"
+ "54abed678ebe672414a14a1f669cf4bf"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 60,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 39,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "ca3474dc6687b48f113a39d70f3ca9f6"
+ "faeba5d1e936d55b5629aae3e634091c"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 61,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 40,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
"refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34"
],
0,
- "af8ee0f308f0939ca08c39e928acc5e4"
+ "f9996db052809c52431c65b6fda52263"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 62,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 41,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a"
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.Integers.range_t",
+ "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "1fcc5b7274a8443a330a02fd926a15c0"
+ "0c22a99c2afb22ec603047c004f0f164"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 63,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 42,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "79fa33573cd2886c81e4f10ae1293b4a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 64,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "94c5419df5a8d7bccd0ee150f300416a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 65,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_61800b1d066f53faab1d1b384921f53b",
- "refinement_interpretation_Tm_refine_86e7594d5d7f7028a8cc49d9f20f6af0"
- ],
- 0,
- "283e825a37597eca3a2ab89ea81ab265"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 66,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.pos", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_373062363cd4174449e04fce764b71f7",
- "refinement_interpretation_Tm_refine_53a2a9b64394f36689cfe65c0cefbf17",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10"
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "d22a9995a70a40ff31562d174253b078"
+ "cc54ae4cae4b941a685b3e14dd35d7c5"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 67,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 43,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_58989f0f2bf7e2442ab14fb6b5678592",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
],
0,
- "25a6f2f60f0b29ee43444803728339cc"
+ "baeec75fb0795723b55f369eac63625a"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 68,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 44,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a"
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "077024314c219ac4cfc2d9baf861c2a9"
+ "ad3115770876627f1ad78431509008d0"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 69,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 45,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "749646d01bfde9553229f0064c1d465c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 70,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "5ebbf214b736930d383d35062ed9ce6f"
+ "ef5b4e6cc7422107c7fb30d157bd0f4e"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 71,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 46,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e"
],
0,
- "3cafe04b51e5809f40a1bd53e3327f0d"
+ "1179fc228755ad4de5d9c80bfd5ce268"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 72,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 47,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "528a1a9e07d5cf10633b7c223a50111d"
+ "6dee917eae53050bffd100ebd226aab6"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 73,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 48,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "435354b2f0daf1da2ce79ebf8a6f1dc3"
+ "a988aa4174cf7a5948ffe46605a4f1b1"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 74,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 49,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "d17b74ff7ab47c057ce7ac9f161f94e9"
+ "6f44d9fb7d88951b602e2b0efe4e3b3b"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 75,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 50,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "087c17026a211e75eeb5712999fd42d0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 76,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "6425e63eaf4010349dc98243af244032"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 77,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "32987e208a6b382dde90389c6eb56dfe"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 78,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Addition",
- "primitive_Prims.op_Equality", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0"
- ],
- 0,
- "46860781098f8159997a2626d91a6498"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 79,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "d47270d698107c750e278d890aca613b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 80,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "3b5fdfba8f7304fd690160277099f15a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 81,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "dbe6751bb55aeed2a66f93cdbece106d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 82,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "54932d48b19cf66365bd765d54ce26d0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 83,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "197f88cf5c15181c87e13bf96dff2a99"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 84,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "05ad4986a6dcbdeb0ab85cfd41a079c0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 85,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "cd69e47daeb1ea3d4240820be7efb948"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 86,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "c2c7777d5b515596e0855949e0351bb9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 87,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Addition",
- "primitive_Prims.op_Equality", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0"
- ],
- 0,
- "068d30bad15ca2ecb9d092d24ee0086c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 88,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "d4fd84fcce6f232cfba25a8f776a3456"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 89,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "61fe391a383751a95dc0b5a3b5e2713d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 90,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "fb2a2d8081caa41b1f06606fde117779"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 91,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "03fcd8415074aa568e584d64e3fbfdc2"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 92,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "63bff3bf761cec1fe5d89f6d196efdfc"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 93,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "int_inversion",
- "primitive_Prims.op_Addition", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_96d10e142f70bdc599c296a6327e9c4e"
- ],
- 0,
- "e4a27b1e49f864f039ae61c77db105f3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 94,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "94f9b65d819e2d8cb636314c80bfc741"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 95,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565",
- "equation_Prims.pos",
- "function_token_typing_Prims.__cache_version_number__",
- "int_inversion", "primitive_Prims.op_Equality",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10",
- "refinement_interpretation_Tm_refine_991c8e84c488404d45d3b64beb0c0549",
- "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024"
- ],
- 0,
- "b533274a21af93245127386b8736852b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 96,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.pos",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10"
- ],
- 0,
- "abf6c2bbf2e0c6a0798e40bba4f9abb1"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 97,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "7a1424d3b24ead039b1254f5081e3185"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 98,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "912591cdc53d230885d8e6fb6f50f366"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 99,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "cfec7614ed7fc4a055ec305d2a94fbe6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 100,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "39f9d83a20a20ae4cd221d6be77453ba"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 101,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "6c7838919a9251b0d73f4711cc09f3e3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 102,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8"
- ],
- 0,
- "09257a25c082880f00fc1c62025946ed"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 103,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "ada1e62524d5529ffdbf9b65f379f705"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 104,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "6a7bafd9c8b834c55a85f0780ac70c22"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 105,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "primitive_Prims.op_Addition", "primitive_Prims.op_Equality",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8"
- ],
- 0,
- "4632b31458facda6b2e29a8121f73a7a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 106,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "5604635404a9703eab30c944fe0548d9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 107,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b"
- ],
- 0,
- "a49e1d030504939f8f82206bee59f706"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 108,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "int_inversion",
- "primitive_Prims.op_Addition", "primitive_Prims.op_Equality",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8",
- "refinement_interpretation_Tm_refine_96d10e142f70bdc599c296a6327e9c4e"
- ],
- 0,
- "0b8835c1a704f262c6155084f2852f1e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 109,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "db0cf8d537339a53c0dec9f5f4de04a7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 110,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024"
- ],
- 0,
- "038171f4498fec500553c30f65a79da5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 111,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "refinement_interpretation_Tm_refine_42cf014fd435f15d06a8770f66c1c816",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_86e7594d5d7f7028a8cc49d9f20f6af0"
- ],
- 0,
- "f3a5af88b8747b6c6b6bb46cf77aa055"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 112,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.pos",
- "function_token_typing_Prims.__cache_version_number__",
- "int_inversion", "primitive_Prims.op_Addition",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_53a2a9b64394f36689cfe65c0cefbf17",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10",
- "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8",
- "refinement_interpretation_Tm_refine_991c8e84c488404d45d3b64beb0c0549",
- "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024"
- ],
- 0,
- "e64f07c8f8769eb7fb49d2be1fd75522"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 113,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
- ],
- 0,
- "c644c26f77cc082d5ed2b39c37024a1b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- 114,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024"
- ],
- 0,
- "6b3632cf06e237af83392d248f9bd070"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- 1,
- 0,
- 1,
- [ "@query" ],
- 0,
- "da2f323a35e642616a6e81c21b58b78b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- 2,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S64",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S64@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i64",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int64.uv_inv", "lemma_FStar.Int64.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_FStar.Int.fits", "typing_Lib.IntTypes.pub_int_v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_tok_Lib.IntTypes.S64@tok"
- ],
- 0,
- "4b45971de7331dc214b89952ec454ceb"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- 1,
- 0,
- 1,
- [ "@query" ],
- 0,
- "24139d88f2a97a658276e4aaf19fb469"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- 2,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv",
- "lemma_FStar.UInt8.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "3a4061f15c8cc285b283d735c3ae61f4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
- 1,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2"
- ],
- 0,
- "824e898718fb0cfd445b0d2cde55f4c9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.int_to_spec_fe",
- 1,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "equation_Spec.Kyber.v_FIELD_MODULUS", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "dd7b571a31f6b468e6dceea73ddf711d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 1,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "55a8e8cc2ed8874837be785c3d52a1b2"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 2,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "0a32a101cc661008cd347f0da7fcdecf"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 3,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.u32_inttype",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "f75e660fc9f7179810495076b907a703"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 4,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.u32_inttype",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "cb558ecb6065fccb902f98eca6a0d923"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 5,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "072a25f196042973e3b9b1f75e6d1c23"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 6,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "01bacdf8f55c088ab5121aedf979f118"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 7,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.BitVectors.bit_num",
- "equation_Rust_primitives.Integers.u32_inttype",
- "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
- "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df"
- ],
- 0,
- "ca39f86cf53083d9b954a643d34f59d5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 8,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.BitVectors.bit_num",
- "equation_Rust_primitives.Integers.u32_inttype",
- "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
- "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df"
- ],
- 0,
- "980dc1ad080b246aac4bcecfd1511130"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 9,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u32_inttype",
- "refinement_interpretation_Tm_refine_6d9468de833edbf83340bc45737821f0",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
- ],
- 0,
- "cc182e54adfc35052402874f5c2b6401"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 10,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "d554dcba416f7444bb69a6d841281a44"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 11,
- 0,
- 1,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "927adf990bc43f010069662a71575a62"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 12,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "03531906e606a9a71d713b59c7b59c63"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 13,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "0d8f77cca69a0e21263a6c9255806031"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 14,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
- "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
- "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "bb6ed03ee494d736e34cf8c75f584f57"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 15,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "e739dec272ba77c4acb3341269e95ed3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 16,
- 0,
- 1,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "e83a97c8a6dd28fc858885f65a5e5c41"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 17,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Prims.nat",
- "equation_Prims.nonzero", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values",
- "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
- "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "58861a1fdaddb4e9b29c56deee5e9195"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 18,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "c24490617a5308669ae6a1f41d460f24"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 19,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Prims.nat",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt32.vu_inv",
- "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Lib.IntTypes.pow2_4",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "384fb3488891c2d9cfb3fc4db9235225"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 20,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "2faca346e8a8943166592e5cbfedad59"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 21,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "c2203ca1ef33e795af092ee378758481"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 22,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "bf85cba2c700a100020dd59f37295bfa"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 23,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_e3fe9b7b2b1f21f6c8f47835047505be"
- ],
- 0,
- "26ce028b3cd1a131e1d173896a768a1e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 24,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "5e83969aa5e82c8d6a693c6a43a1c3d7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 25,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "050a070e5213ebdbc99a036439bbfb76"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 26,
- 0,
- 1,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "2bfa3b1b706ab51d0dc18de9a4e2fdcc"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 27,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt32.uv_inv",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
- "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "b112dbc8d6ce533caaf0d8da2626d59e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 28,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "a1edff52dc3a71b8d5ba8c1008d6bd8e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 29,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt32.uv_inv",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "87c14c227b9011c7e9661df496b8a375"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 30,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "0addc2edcc694911fc163c6ae9e12b02"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 31,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "555ef49b224331b53a03b8b2e25c4740"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 32,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "7a4453ba1ed0727c3cfd2916e8c118e7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 33,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
- ],
- 0,
- "af2017cd6d344c6752c20925f8bd77f4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 34,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "d8d29c2026a4da8c90e0cc31afbc4090"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 35,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "d33424c2cae3fc88fda60ffa3fb97761"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 36,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "fe39b297f3409b04d85c01e73249cf05"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 37,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "bfe6d94de6d8cf852507442c2abc9137"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 38,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "lemma_FStar.UInt32.uv_inv",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "c25496d527cb3e1ec645b4c792ff0e02"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 39,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "e9ebe78c433ba79bd85281de412c1b0f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 40,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34"
- ],
- 0,
- "190ce5fc992241fe1d7bd50691d861f1"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 41,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "556142838eb04e5b1f5b07b68a1deb90"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 42,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "774df252836b9180e3cde5ee0f86430b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 43,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_58989f0f2bf7e2442ab14fb6b5678592",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
- ],
- 0,
- "2e1cd3f050ac8159c432fa650476ea98"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 44,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "2bb9281ce1eed013a77ff0402b398742"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 45,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "d3e673ec6956cc60bdfd01989d937d1b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 46,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e"
- ],
- 0,
- "cf15317f282b02d7334e41e8d1fc713a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 47,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "f263bb742515dbd8837bfb3f90fc230a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 48,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "3b7ababe09318f3654e2233f483106fd"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 49,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "f7d2c4b2bf75d380c9387da2bc88ca69"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 50,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "71002d5de802ba69bab919671f354066"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 51,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_5fb62de32c2b59e562a01925f9014194",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
- ],
- 0,
- "106751d9b0f2519fb43cf62777355c75"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 52,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "ddf79b0d5f10ca31fdb6bc8000941fe3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 53,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
- ],
- 0,
- "1a0e90daba81b398cb5f9b22082a40c8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 54,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e"
- ],
- 0,
- "b0a43489e22da22da0b75cbb1cca0bf2"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 55,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
- ],
- 0,
- "7a123a339482cb72f59d392d808f1039"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 56,
- 0,
- 1,
- [
- "@query", "constructor_distinct_Lib.IntTypes.U32", "eq2-interp",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.Integers.u32_inttype"
- ],
- 0,
- "6cf4d75a29fea4466a18875d012be104"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 57,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_58989f0f2bf7e2442ab14fb6b5678592",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "80064f40c65900ce9fe0c9af51232e98"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 58,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "39ee46ed002f4d07409d1e8572703f82"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 59,
- 0,
- 1,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "eefd094143f2419106c7379b516e1952"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 60,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_2e7d84708fbc0bcb932f6514065f3ce8",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_FStar.UInt32.v", "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "f61bf60e436ea1bff63f2d4eb960c5c5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 61,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "9ff5721e0f089e4fa0d1f19d37fb9209"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 62,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
- ],
- 0,
- "8ea62f45b08571c49b4c9d515327b524"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 63,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Prims.nat",
- "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.sub",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.v_injective",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
- "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
- "refinement_interpretation_Tm_refine_a64483c1efbc8f8e5865b44303b72b4b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
- "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "4d548ff662910a647605d3e2ed9eb0a3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 64,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "811624aa1d8c946b4ab6081432d6f0d6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 65,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
- ],
- 0,
- "be8eedd5a04a82589f821a35b7e87d11"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 66,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "f435d500363e958c68a49b70a657f867"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 67,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
- ],
- 0,
- "351b88452aece3ab516fd5cc3c5f5546"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 68,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equation_Rust_primitives.Integers.inttype",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Modulus",
- "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
- "refinement_interpretation_Tm_refine_e507adb2e21c90dbd1a515687ea6b915",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "095fd50fda360785b62d64370fc0ac89"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 69,
- 0,
- 1,
- [ "@query" ],
- 0,
- "fb5592f86fc8638d233f3d70b8f12a4a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 70,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
- ],
- 0,
- "984717eb05ca07f785d98d43a642d4d0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 71,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Prims.pos", "primitive_Prims.op_Modulus",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e"
- ],
- 0,
- "a47fc361d23530fc818f2e338367923a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 72,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "equation_Prims.pos",
- "equation_Rust_primitives.BitVectors.bounded",
- "equation_Rust_primitives.Integers.u32_inttype",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_Modulus",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e"
- ],
- 0,
- "3ec38a1471f0b76a6304979bb909adc9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- 73,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa",
- "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e",
- "refinement_interpretation_Tm_refine_e52b4600b58a10f95ba9a5252b69d191"
- ],
- 0,
- "d77750aa2a4476c73b8b59e3acc0d244"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.barrett_post",
- 1,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "a6dd563c42e7164e131b63bca516ef62"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.barrett_post",
- 2,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_da29c9b9e29d9389ae9376ed75fe59eb"
- ],
- 0,
- "5310f939e00519ca6bd6633113e3bd42"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
- 1,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S64@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "typing_Prims.pow2"
- ],
- 0,
- "5444c5d326d5ca493b94c03c6be3ff8a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
- 2,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S64@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "typing_Prims.pow2"
- ],
- 0,
- "38bae4599c4a6ca2ce68c4ef6cd62b98"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
- 3,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S64",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.S64@tok", "equation_Core.Convert.f_from",
- "equation_Core.Convert.integer_into", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.barrett_post",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_MULTIPLIER",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.add",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.i64",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.mul",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_right",
- "equation_Rust_primitives.Integers.sub",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers",
- "function_token_typing_Prims.__cache_version_number__",
- "int_inversion", "int_typing",
- "interpretation_Tm_abs_72f48fcc9d60c06731d9c4abb4f9ff9d",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_db8cd405d3f0871788b1d0edf4fda3fa",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.Int64.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Convert.Mkt_From_f_from",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "token_correspondence_Core.Convert.f_from",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
- "typing_FStar.Int64.v", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.S64@tok"
- ],
- 0,
- "aeaa02428cb37a2e326e5ebe26b869ff"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_post",
- 1,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "49b551367612e1691c7ff0f2d2d1c48b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 1,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2"
- ],
- 0,
- "0955c12f4d9581dd2bb12dba167729c7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 3,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "417808de8b3e400238045a8e211cc82a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 4,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "323d42080a007920c8ea7d94f43439c7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 5,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "871f698679ed0425f59fc99d52b03fc6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 6,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "20a45be7f6c1a6dc826375d7c9444b39"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 7,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "2b7444b98543890ae053ad934c0b5a91"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 8,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.v",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474"
- ],
- 0,
- "6bc58296483ac15b6f23b739c34dfaaf"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 9,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34"
- ],
- 0,
- "c6eccc3cc8f20d1173acaa67717c4575"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 10,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "49c2169ebbe8634494abdd606f695816"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 11,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_6576e6c09a03745344f633d265cb3f26",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b04592758f973c958406cef575d95452",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "a6d9319bd4bbe37be91c8daed1f3c7a5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 12,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0b17177b3f69bbd4a34a81dc78b77eef"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 13,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "5c3f4beb8d5e721fae800dda7083c7ef"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 14,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_cd82abf5ed469bbb90bb940041fe6aba",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "cd0907a5d25d214609dc7b8947119814"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 15,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "f1be5f8769760fbf2a0d05e18b59b54f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 16,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.BitVectors.bounded",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.mul",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_cd82abf5ed469bbb90bb940041fe6aba",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "34129de8fb78ea0c1af172bd057180f8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 17,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "b888e5bd542f2b1db180a8bac0c2477f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 18,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "59ea6e8b63de26fbf24caa3a031e9ca6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 19,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "676b5c95635948a6f15cd65ecdc6d22d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 20,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.v",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f"
- ],
- 0,
- "e9e09be366469cd8dfc4d94a6a2a6f66"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 21,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "632d0e432ffc563aae6b3c089939b53a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 22,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S16@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i16",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_inversion",
- "int_typing",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.cast_mod",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S16@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "16768694021c645c3c629397fef41e59"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 23,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "d16180f0a41a1222531db6056cf491f5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 24,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0b7e06879ae6781d48c0dd9fb0f3e172"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 25,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "48520dd74737e39f8f4b4e1e33897690"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 26,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "e733a4f8859710ae4f4ab87cfc946a22"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 27,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "127aeb933fad368b75af0f27b87451f7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 28,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "3c30f9c8bdfea6a4bc43d327ceb604e9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 29,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "e7e9fbbac595e5a3d79b04f63018b5de"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 30,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "7b40d450d8fe9a9e68b9417376e1f2c8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 31,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "5536149524018c8e67045a14bdd07996"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 32,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "4433fa2f57bc481cd6ec767caecace19"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 33,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "9c7cd75b82159022c6f23b07f4e68bec"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 34,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "e1df75c56e4e5ad0c959fc2413f17642"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 35,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "836b3299f6458c2141945427e57d714b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 36,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "e847d2d6b4dc40761298b5ff46c36a29"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 37,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "8751f83f61e0109a5f1e9b53b8c4a8e6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 38,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "4f3a3523d4531f6a967d5a4b4b89303a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 39,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "a7fd26825f15162d976c4aa20be77e86"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 40,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S16@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.BitVectors.bounded",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i16",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_inversion",
- "int_typing",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5f7fa9b529eca53c4df25c4a759eb466",
- "refinement_interpretation_Tm_refine_6d682983791da2c4664c5528218ce247",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
- "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.cast_mod",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "4402923e78fae3b42992d4a9290b42c4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 41,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.BitVectors.bounded",
- "equation_Rust_primitives.BitVectors.int_t_d",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_1b065e36c75eb80aaac7221311953753",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5f7fa9b529eca53c4df25c4a759eb466",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
- "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "695c3b37f6fc95ef435f093c68b81180"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 42,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "008032ce5f10496ca1f3de0a4060b816"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 43,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "043d80acf171bff183efc6afcfec1f1b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 44,
- 0,
- 0,
- [ "@query" ],
- 0,
- "8114df4f47a8867b1dd2eac5fca781ae"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 45,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "33cf47306048c51ca9f2fe2bea74d959"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 46,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "f47c57437e6450f88fed66bfc134ece3"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 47,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_3d634d9126feef2181d7b74928a5cdcd",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_cd00f128e06f90e942810ff77aaa9ddf",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "c276251fb0f1e6f2c97e3f641be71a54"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 48,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "5516c7c9c0f8d7b6c64409e60d9fad7f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 49,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "f153e3d7b6fdaf485efdc72a30067b72"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 50,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "2cdf2c8dde0f9f081806b25894a57193"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 51,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "1d0fc4e20d052f29d55406ad3fc1c1aa"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 52,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "b05238589a6a08561b11309eb8cd5104"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 53,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "1b848697d35a55496dde47194be2e0ad"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 54,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "b79f4d0e5095840ad3c1fc660821fb76"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 55,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "e35a384c6c46f0cebc9b45532134064a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 56,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0e7e4385c3a0385b664e9ebe9022f1cb"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 57,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "f109b0558b31362f9a9d780e98047dbf"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 58,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0c5ffec1e4e15160c779585557a1bc48"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 59,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "a615b26ca07be9f5882ca39aec853906"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 60,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "91a8ec3cb2f89fbb09593bfd106a87a4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 61,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "2395fe6510de57da2e3d8c7f77182a00"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 62,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "29cd7b58be3976b928f4b0983139f829"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 63,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "ce00bf93df857d03dadfc739cd4b1037"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 64,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "028c94a1ead82562614b5be703e4732f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 65,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0b422603f55373b938af00be8c5fdec4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 66,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "5edf5e7e070a331073ce4f983c705ae0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 67,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "0f0ee1a05ad02086a5ce82c89a7ac3c8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 68,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "8973f3b2d0f3b505cf56261ec4644c72"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 69,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "4de9bcb4b7fa9fc12962acf1f2a6352c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 70,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "ff27f9ff6acdbcefa965779b630c1b2b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 71,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "965ec5f197665080ac2f5ff5aeda96f6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 72,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "f83cd147f943637a523cb23735f3866a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 73,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "30417cd876e1088b2dd3a6ca8e256403"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 74,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "868394d2daf9f65ee20ccd2aaf2d9e7d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 75,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "77734e979238698af45378025c524478"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 76,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_7cc7c724c397498f3947c652abdb267b"
- ],
- 0,
- "2fe08fca10bf4c0d6558eef07732611d"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 77,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "58f440f4423212e0cce01bf499dfcddb"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 78,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "7d2da6a8008d5da2fbcc48253cc54277"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 79,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "f550371b235515d666fe4f13e9b3d31a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 80,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c"
- ],
- 0,
- "74a695d4b6449fdac1968a7eb28b4563"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 81,
- 0,
- 0,
- [ "@query" ],
- 0,
- "899563a3ba3351a24100aae572949f90"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 82,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877"
- ],
- 0,
- "a88216d4939ee28284ea38fb06deebe1"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 83,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "be9547c89b0416802141367ba94d56eb"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 84,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1"
- ],
- 0,
- "4a94792f1d50999fe2ec00f1f0d14648"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 85,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "04164d2a9319d651306a4e135e743946"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 86,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R"
- ],
- 0,
- "14d70b12a1f22641cb35c8eca52a17b4"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 87,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_9a12fcaca914d2eece947e1efebb6b3c",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "87225d38ba37c2e71779ddc3f1943eca"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 88,
- 0,
- 0,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f"
- ],
- 0,
- "1beedc1afb971c961f99750218375057"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 89,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "a7d277a633aee60c04450ece0603bfca"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 90,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "d326612425514d45bd08d51e64b42f5b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 91,
- 0,
- 0,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "39dc4b7c9f5685726ba550411e2b3643"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 92,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df"
- ],
- 0,
- "74663ccc17664d43658097a9dd122019"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 93,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "1f9d6afac772956b170a30067d9e8327"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 94,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "5c15254a45cea0ed694fdc7742635442"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 95,
- 0,
- 0,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nat", "equation_Prims.pos", "int_typing",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2"
- ],
- 0,
- "a965b8da218cff1fa0822af24dbd76f5"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 96,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "fd652e86530ce3c8687268ced7d412b0"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 97,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "e46942316195c3b57219ee844134314f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 98,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "a001587c8b761924b0bf5a4798cd93d2"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 99,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "ec73f89cba526c70ff80b5e1a17554ce"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 100,
- 0,
- 0,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_right",
- "equation_Rust_primitives.Integers.u32",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__",
- "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv",
- "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_022afc646c86a2c3ebe1e9e2457828a2",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1",
- "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "040685d9bea63f2031760a76f3f66a62"
+ "8c2f1453589098f7bf6f1da8e55654ee"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 101,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 51,
0,
+ 1,
[
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nat", "equation_Prims.pos", "int_typing",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_5fb62de32c2b59e562a01925f9014194",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592"
],
0,
- "7724a994e555fae91fb9657ce8c2bfc0"
+ "766e756436207c19e6ddcee120eb52a4"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 102,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 52,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
+ ],
0,
+ "27cafa272034d475692f2d3d2539626c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 53,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_6990c7652f46e2c49e748c5fa474730d"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785"
],
0,
- "99cc3fc9d513e829438efdad11769fa1"
+ "077742117d762ede0209eb4b7e5babeb"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 103,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 54,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e"
+ ],
0,
+ "8dfce732fd4f066186ce8c98375a28e5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 55,
0,
+ 1,
[
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Prims.nat", "equation_Prims.pos", "int_typing",
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2"
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
],
0,
- "7724a994e555fae91fb9657ce8c2bfc0"
+ "da916f663bfb41fe65a4b7c4ad1cbca8"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 104,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 56,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U32", "eq2-interp",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.Integers.u32_inttype"
+ ],
0,
+ "2ddf388e30580e3e97540c289d125586"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 57,
0,
+ 1,
[
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
+ "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.shift_left",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_58989f0f2bf7e2442ab14fb6b5678592",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "081a7a2875f41d40b1d7018107bc9155"
+ "50847051fd1b43c53a25a3b5f3f9f322"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 105,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 58,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "00e0bf92df80706a29566c5bed43bb72"
+ "049a529a783253fdec60709ddc8c9895"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 106,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 59,
+ 0,
+ 1,
+ [
+ "@query", "b2t_def", "primitive_Prims.op_GreaterThan",
+ "projection_inverse_BoxBool_proj_0"
+ ],
0,
+ "51f8a20e10882224c822ed513654e3dd"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 60,
0,
+ 1,
[
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
"b2t_def", "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u32",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
"primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
+ "refinement_interpretation_Tm_refine_2e7d84708fbc0bcb932f6514065f3ce8",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
"refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int.fits", "typing_FStar.Int32.v",
- "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_FStar.UInt32.v", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "15333863514965af1f71cced5382487d"
+ "b4ce2e102dee28b510b7b0c273f5dd11"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 107,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 61,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "914c8b81c56ca23634efbd8115a8198c"
+ "08a3439cdcb5a7cce1dc97416f5a4880"
],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 108,
- 0,
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 62,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
],
0,
- "a7d44e44387fbcda471d83e6abe97693"
+ "c8bedc5ff0c468937ee49ffec421b35b"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 109,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 63,
0,
+ 1,
[
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
"b2t_def", "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.sub",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.UInt32.vu_inv", "lemma_Lib.IntTypes.v_injective",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Subtraction",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_2fb07467973203ab74a1e903d3d29f60",
+ "refinement_interpretation_Tm_refine_38e5ead592f018c5e2b671e5b1df38a6",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_80c447f0437d95bc8a415c8c22b2aaff",
+ "refinement_interpretation_Tm_refine_a64483c1efbc8f8e5865b44303b72b4b",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
- "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877",
- "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
+ "refinement_interpretation_Tm_refine_ae4ad67316a677f516c67f09b0e8b963",
+ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
"refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
"typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "b6fd7495f6a1cc89e0ca0de9265ef0af"
+ "ac447018c827196fe4c5a96037ab7ed7"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 110,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 64,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "c7731529f78673a5232b527f5da9a77a"
+ "4e8c7050d4b8df83a91b626996b87878"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 111,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 65,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87"
+ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
],
0,
- "3fa6c358d9a3ff0f37493ea09c38734b"
+ "f26a80b665475fb7c98289abf657f989"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 112,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 66,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "primitive_Prims.op_Addition", "primitive_Prims.op_Subtraction",
- "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "7d20c3dbf5823969070c3bc67eed00d4"
+ "2bf298555d36f7c4ec0fd7c220c5bac7"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 113,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 67,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa"
],
0,
- "466a5514d0a340b0cf74a11e95135f82"
+ "0f3c7e74941b0d89843aef00bf3606d4"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 114,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 68,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
+ "@MaxIFuel_assumption", "@query",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equation_Rust_primitives.Integers.inttype",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Modulus",
+ "refinement_interpretation_Tm_refine_2ff13a3e8f8a7017d4901bbac8041bac",
+ "refinement_interpretation_Tm_refine_e507adb2e21c90dbd1a515687ea6b915",
+ "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "a39a554e90094e41076e25ae359e5dc3"
+ "645cd4d945ae347e89215e6ab2fe7ab8"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 115,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 69,
0,
+ 1,
+ [ "@query" ],
+ 0,
+ "8bdc538d271969318498b4dbefcff61d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 70,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_6fcd03f0c12381b64db38d32618a58aa",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
+ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761"
],
0,
- "fb4c3193058b1ea1c76f111449b3a4c2"
+ "48f02744b72d3511b4cd7eee0da4e24f"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 116,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 71,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.range_t",
- "refinement_interpretation_Tm_refine_10ea5e92051011afe0e422930947f59c",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0"
+ "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "equation_Prims.pos", "primitive_Prims.op_Modulus",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e"
],
0,
- "28dd4259862eebbe2bc4951223257927"
+ "5877666924e298ca6764cfeb672d05ed"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 117,
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 72,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "equation_Prims.pos",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_Modulus",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_43386fe1fe73a595f6a26a3f7c26044c",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e"
+ ],
0,
+ "ebc6adeac2202968a2c457f967dd7935"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
+ 73,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2",
- "refinement_interpretation_Tm_refine_4787d0a0d97065c6a181a66dcc5cb837"
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa",
+ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e",
+ "refinement_interpretation_Tm_refine_e52b4600b58a10f95ba9a5252b69d191"
],
0,
- "d267a6a70916a466cf408229efc29213"
+ "4032f5283b06bc418ca893abcd00a2b4"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 118,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.barrett_post",
+ 1,
0,
+ 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
"b2t_def", "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
"equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.mul_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
"equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_right",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
"lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
- "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877",
- "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
"typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
+ "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "f2456a0889cfc169f522bd5b4d99aea6"
+ "b64e994fd66a180556ba9f35a9ffe782"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 119,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.barrett_post",
+ 2,
0,
+ 1,
[
- "@MaxIFuel_assumption", "@query", "equation_Prims.pos",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5"
+ "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
+ "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
+ "refinement_interpretation_Tm_refine_da29c9b9e29d9389ae9376ed75fe59eb"
],
0,
- "b70d25a314fa4e7ccbd75bf5dc5c7641"
+ "1b613170449b50d365286188e9b8cfdf"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 120,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
+ 1,
0,
+ 1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec"
+ "equality_tok_Lib.IntTypes.S64@tok",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "typing_Prims.pow2"
],
0,
- "62bef640c5d87b267c177c88c13843e3"
+ "379ae486e10f528a9ae284af561923e3"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 121,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
+ 2,
0,
+ 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
"constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.S64@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Core.Convert.f_from",
+ "equation_Core.Convert.integer_into", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
"equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.barrett_post",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
"equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_MULTIPLIER",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
"equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
"equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.add",
"equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast",
+ "equation_Rust_primitives.Integers.cast_mod",
"equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i64",
"equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
"equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.sub",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_72f48fcc9d60c06731d9c4abb4f9ff9d",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "interpretation_Tm_abs_db8cd405d3f0871788b1d0edf4fda3fa",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.Int64.vu_inv",
"lemma_Rust_primitives.Integers.pow2_values",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "projection_inverse_Core.Convert.Mkt_From_f_from",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
"refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
- "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877",
- "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864",
- "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Core.Convert.f_from",
"token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.range",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int64.v", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
"typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "33cbedee78ac6de2b548c31b4599fc4c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 122,
- 0,
- 0,
- [ "@query" ],
- 0,
- "4ece426085862d61f77ad300d4b84e2f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 123,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "267d50e9359f0c8d04fb9e136bd98fa7"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 124,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "3d7b4adbce99e14d7dc7ae2edca1b2d6"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 125,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "f01b9d56b67907241e2bf902251ba428"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 126,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "a62287fc9bff8ca59f87c37d5235e01e"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 127,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "bc93b64c7faf68c00a5c4a9b5b7a2cb9"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 128,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "691be9b898bacd572cb4ae2f5d7e8a7b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 129,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.pos",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5"
- ],
- 0,
- "6b04dffc14a69a29392e3ddd2cf6ed1c"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 130,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec"
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.S64@tok"
],
0,
- "36ea213b70825178a812f7edbb94ba35"
+ "83e44ecc44f698be0eeb7f705680b2ab"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 131,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
+ 3,
0,
+ 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
"constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
+ "constructor_distinct_Lib.IntTypes.S64",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equality_tok_Lib.IntTypes.S64@tok", "equation_Core.Convert.f_from",
+ "equation_Core.Convert.integer_into", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
"equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
"equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.barrett_post",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
- "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_MULTIPLIER",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
"equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.add",
"equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast",
+ "equation_Rust_primitives.Integers.cast_mod",
"equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i64",
"equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.sub",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_72f48fcc9d60c06731d9c4abb4f9ff9d",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "interpretation_Tm_abs_db8cd405d3f0871788b1d0edf4fda3fa",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.Int64.vu_inv",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
"primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
"primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "projection_inverse_Core.Convert.Mkt_From_f_from",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
"refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c",
- "refinement_interpretation_Tm_refine_6bfcf7db4f48bbf372a8d2dfa74e15b5",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b",
"refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_891cf327b2a58324b2af048eda42d114",
- "refinement_interpretation_Tm_refine_9d1b816da7077db463e73321431a64f3",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_cee45baf9a63db1c89fa378a39be1dc0",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Core.Convert.f_from",
"token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int64.v", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
"typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
"typing_Rust_primitives.Integers.v",
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "41f8b649b122b851ff7778e654bfdbc8"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 132,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "d543032a580b2f379cd08640bd346880"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 133,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "161573286db359654f1aa75ffdd2625b"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 134,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero",
- "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33"
- ],
- 0,
- "305227ea8a8f38f6b357f08dcede4403"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 135,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "4ed13a021b6b73e0d6c94b5082479121"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 136,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.pos",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5"
- ],
- 0,
- "91ec5f28970173fa7a1b90e04080b4c1"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 137,
- 0,
- 0,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec"
- ],
- 0,
- "d6b9d691f9e8f3de963f310c5dbeb5cd"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 138,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0"
+ "typing_tok_Lib.IntTypes.S64@tok"
],
0,
- "219c0fe20e9828ccb1bb9037d67bc282"
+ "5cd283354e9a57e6fb03205a864cf15d"
],
[
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 139,
- 0,
+ "Libcrux.Kem.Kyber.Arithmetic.montgomery_post",
+ 1,
0,
+ 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
+ "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
"constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
- "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
- "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
"equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
- "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
"equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.unsigned",
"equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
+ "lemma_FStar.Int32.vu_inv",
"lemma_Rust_primitives.Integers.pow2_values",
"primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33",
- "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "192c4054c2f52cedfa56ca82f623e532"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 140,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
- ],
- 0,
- "fb300dfd0b6eed95243d4ce96ac4b68f"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 141,
- 0,
- 0,
- [ "@query", "primitive_Prims.op_Multiply" ],
- 0,
- "151cf410d6997a308907bf998a61155a"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 142,
- 0,
- 0,
- [
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c647ed2655e7f3e6094612ebd8413821"
+ "aff931f93c12ef122538a2fa1fba8686"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 143,
+ 1,
0,
0,
[
- "@query", "b2t_def", "primitive_Prims.op_Equality",
- "projection_inverse_BoxBool_proj_0"
+ "@MaxIFuel_assumption", "@query",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "typing_Prims.pow2"
],
0,
- "7303ba94ecc1c337b5a0dbba62099252"
- ],
- [
- "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 144,
- 0,
- 0,
- [ "@query" ],
- 0,
- "01a69e60dfeebedef2fba17eddf7b354"
+ "b41d164f99a1d878a55e99e5ab7b8301"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
- 145,
+ 2,
0,
0,
[
@@ -7334,11 +2420,14 @@
"Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
"bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S16@tok",
"equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
"equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
@@ -7346,52 +2435,99 @@
"equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
"equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
"equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
"equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
"equation_Libcrux.Kem.Kyber.Arithmetic.montgomery_post",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R",
"equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
"equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
"equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i16",
"equation_Rust_primitives.Integers.i32",
"equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
"equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__", "int_typing",
- "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
- "lemma_Lib.IntTypes.pow2_3",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
+ "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_GreaterThanOrEqual",
"primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_09274165c5a70fc322c881338ab414f6",
- "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f",
+ "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2",
"refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
- "refinement_interpretation_Tm_refine_443715b95b52c40b08e892e330553198",
- "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778",
- "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87",
- "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd",
- "refinement_interpretation_Tm_refine_d30b094c6e9cba7da47a33b554179da6",
- "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864",
+ "refinement_interpretation_Tm_refine_cee45baf9a63db1c89fa378a39be1dc0",
"refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
"token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.v", "typing_FStar.UInt.fits",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
"typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "0313d541d563512c549e2003c3694ffd"
+ "296286f05b3c82ed64e47e71da75bec0"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer",
@@ -7437,7 +2573,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "23c40c172a8b813df376eed01777d827"
+ "7eedbc6e59035e2e2f38cfd207cf0864"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer",
@@ -7454,7 +2590,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "47fd2154966a24df4246271b6b057759"
+ "1d1a4d25082593781e92acb944bcbdf8"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_standard_domain",
@@ -7528,7 +2664,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "f0e0e0b8b6b97901c45958a1cea72b91"
+ "87396f8ad959249ca5395cfaf5dd7f45"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_standard_domain",
@@ -7588,7 +2724,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "d826b700888349c174458b20197797dd"
+ "0ee2a545d9dc14e938fce7f3d1cc4fec"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative",
@@ -7608,7 +2744,7 @@
"refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
],
0,
- "e9be338f018f3353d896e7e65c2655d9"
+ "d9d9bb7ee00d0d182f660a29fddf0304"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative",
@@ -7715,7 +2851,7 @@
"typing_tok_Lib.IntTypes.U16@tok"
],
0,
- "770e11e0f65d5a2792573c708b605152"
+ "3338a0f0de9695c67cffa84f18af65dc"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -7753,7 +2889,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b19c414dc1bcd4f421a62b47d72cc577"
+ "c15684bf96f9de5576932e72f8d60e95"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -7791,7 +2927,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "02c8d63fecc8d1e8f537b7d42fdc8756"
+ "2c37abab5e40dbbd56166e80f6577042"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -7816,7 +2952,7 @@
"typing_FStar.Int32.t"
],
0,
- "c5a95862457255661aa81e1b276314c7"
+ "c400030890969130fb6001c6766acd01"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
@@ -7854,7 +2990,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "858e111cbf227eae8463bbc64c61a577"
+ "b92269903359daffc5ff0af49f1c9b01"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
@@ -7892,7 +3028,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "4a985e894676392c37c6e192212fb731"
+ "eccd6ae77b0d64bb912f7650e8f687f7"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -7930,7 +3066,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9ed4a41109e471e447fb9cdf054a6aec"
+ "81573750b4920dcf9a84e9f8a5209896"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -7968,7 +3104,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9f906c21c16adc2c70f148c1ab6c6936"
+ "0e9fbbdc0b6a6f4bd60b629beed30c1a"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -7996,7 +3132,7 @@
"typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b"
],
0,
- "b4bd182bdbe941578d9796aa68dcc975"
+ "6d3379e3dc1deb1c1c863f0583903b24"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
@@ -8034,7 +3170,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b8a333e2efd129f78717675e32894c25"
+ "49040f02eb11928faeb9e2e8bb29161d"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
@@ -8072,7 +3208,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "4a85882369d2047e82f9b0f4a0bd7c98"
+ "e9b6d4dccf905ac8a1b1c1cd177dbb76"
],
[
"Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
@@ -8123,7 +3259,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "1be3dc8343f883e3883f68be8f4a04e7"
+ "455463324ee7d2863959b3062560ca26"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
@@ -8202,7 +3338,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "ba9167bc6b2fab6e04f3f07821ce2b4f"
+ "b13ddf98cdbaa230e6b301013f2218e1"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
@@ -8292,7 +3428,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "ec28403cd503026897181f98c1da8677"
+ "b2159801c66b97dc28dffa3ace622c6e"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b",
@@ -8326,7 +3462,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "579019e21bf67db3494a3fa2386a1a30"
+ "5107b7fe76c17b62cd259601818978ad"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b",
@@ -8370,7 +3506,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "2f5d78b58f4c43cda9e7b0d2fabd0d65"
+ "5867092ded5974bbc53393c6ed525125"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b",
@@ -8404,7 +3540,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "e53d79215887395f1225851d2dd15811"
+ "0fe5175cdfbb12b3db958316aacfca0f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b",
@@ -8448,7 +3584,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "412d5f48adc080cd832dace28ff58289"
+ "ee3338c8df2b452460a822ecefd34880"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
@@ -8527,7 +3663,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "319bac79e78b4323f373863601493027"
+ "b0a5c68fc4d87377d781e2c986c80e4f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
@@ -8632,7 +3768,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "e1b240ee9c8ee39c446c946ea85559f3"
+ "bb7774b440377939089733c46cd82589"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_vector_b",
@@ -8676,7 +3812,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "3d513ff05c4c46d07d17a0164b1afeff"
+ "a53f1bc08cf35eb243024e7fa2f02985"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_vector_b",
@@ -8753,7 +3889,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "c783d3f07be72a5296d8e9b7f9c357f7"
+ "7a9a71aecaf9e9d90527b2475dbe9185"
],
[
"Libcrux.Kem.Kyber.Arithmetic.poly_range",
@@ -8829,7 +3965,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "89d7a3a617f668520e4bcfed68395beb"
+ "c3bbbdb6074c078960405e16829f4c1b"
],
[
"Libcrux.Kem.Kyber.Arithmetic.vector_range",
@@ -8874,7 +4010,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "709977cfbe60a8eaa26fa52e30cf0dc0"
+ "24c87ded66a7a2dacb229844d5de7e17"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b",
@@ -8954,7 +4090,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "e6a8531bde5ece54028ba756cef24b0e"
+ "6310e5e1a54ef2d0ce69c58105a597ff"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b",
@@ -9059,7 +4195,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "fea9533b4ca6f5353a007a573d6f450b"
+ "5987574b41b6acac0856eb2a510ca2a3"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b",
@@ -9103,7 +4239,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "a711b9d08437ee86861c389f2f6e7c72"
+ "e33ae52dd8c0bc5b0ea09c10ab49a75f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b",
@@ -9182,7 +4318,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "100365028d2807cfe29f7c5ff56a5b2e"
+ "e8c9f992e365fe4a7ee7a8cd846fb637"
],
[
"Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
@@ -9228,7 +4364,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "78d1ded3f6e1c8ccb3cf988d87af415b"
+ "6cbd1561b6303d362ba28120abf8e03a"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_poly",
@@ -9307,7 +4443,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "f667ec84780ae3dde5e6941a3c582a9e"
+ "ca2d123af61c0da2f8fa055102fe5153"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly",
@@ -9382,7 +4518,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "fcbc5204451c8154149f6d83e1d0f731"
+ "4beac8a4894a529e4355d374336ca8a4"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_vector",
@@ -9395,7 +4531,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "83140ffe1afabe29156d8b1db62bbca1"
+ "d5c54657332de365a6584574b590bf9e"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector",
@@ -9408,7 +4544,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "d9ef7d1ce627d56795517bc3501e1f6c"
+ "03eb14c08668b17637f71b3ce01f307e"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix",
@@ -9421,7 +4557,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "63e9e0d052e9560f4d5d803abedae2d7"
+ "fc7299ce7953d3014f7657a4dc84d75f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix",
@@ -9434,7 +4570,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "8426614909cf08de3eb14bf1af008b93"
+ "d9779e7c6c011bbb65d369b7156b5dcd"
],
[
"Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
@@ -9501,7 +4637,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "483e503d3f200480cd1424269295f49a"
+ "a8a35f880de4a8bf59aa547504798f00"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element",
@@ -9542,7 +4678,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "abe3bbbcd49891782f1b6ee3f5351f24"
+ "f721e641c917d45bb5bd64935f8b284c"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element",
@@ -9668,7 +4804,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "9e5317409ee92f1570466b17ac13d6c4"
+ "f4439ea944490ffc1731750cfc73e140"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints
index 969150e78..bead05964 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints
@@ -1,5 +1,5 @@
[
- "i\f$\u000b\\'9]S",
+ "\u001cx:xĨ\u0006\u0013",
[
[
"Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
@@ -24,7 +24,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "e655a601eba58e488c1adafd4c3dc7b9"
+ "13931f2278fef6b7cf88235ef14fadbb"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mul_i32_b",
@@ -41,7 +41,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "2d7c7964dd351ed46db1a921ea654400"
+ "5755a268f477785543b50cb91561655d"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_i32_b",
@@ -55,7 +55,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "267a89b42f476c24b3d301dac0dd9dc0"
+ "92c879854dfafb75af4724e82cec2641"
],
[
"Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
@@ -69,7 +69,7 @@
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
],
0,
- "b8a0a37b5a6bd2e03054b2131f8afbca"
+ "c475c64c4ac5759766139cad49821083"
],
[
"Libcrux.Kem.Kyber.Arithmetic.shr_i32_b",
@@ -81,7 +81,7 @@
"refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54"
],
0,
- "a1a80d03656cc5db2616433ce0b1004c"
+ "8b90348be04fc4e7b1dd3d0ba0373c69"
],
[
"Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R",
@@ -90,7 +90,7 @@
1,
[ "@query" ],
0,
- "b5bd75ccbe37aadfc822729dc9dde5ac"
+ "b8ab710f79caf4b5cad9c8e47c5d68db"
],
[
"Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
@@ -99,7 +99,7 @@
1,
[ "@query" ],
0,
- "95c138f9dc3482a8b852e8c9459d660d"
+ "c7fc411b1c10fdc016f0feb7c0554459"
],
[
"Libcrux.Kem.Kyber.Arithmetic.int_to_spec_fe",
@@ -154,7 +154,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c72709f50c4ae9ca41d022f9a38053d5"
+ "b98d2d2ec26921651d1856af647b7143"
],
[
"Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits",
@@ -180,7 +180,7 @@
"refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
],
0,
- "53a7afa892400e9db9ade3d02be0fc3b"
+ "817e248357530373ff121fa70237d205"
],
[
"Libcrux.Kem.Kyber.Arithmetic.barrett_post",
@@ -221,7 +221,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "38b6e3ea023a22c5881b3202dc60d290"
+ "41a53e9ff6b60c7dadb70fd0600edaa7"
],
[
"Libcrux.Kem.Kyber.Arithmetic.barrett_reduce",
@@ -240,7 +240,7 @@
"typing_Prims.pow2"
],
0,
- "41faa5cd1e8745b41ad78f2c6fb96c98"
+ "116abc430847eb0995014f3c874bb2d9"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_post",
@@ -281,7 +281,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "915f899e1460bb39be5a03e33d98be11"
+ "1976da03f8ae64b31a7cd274cce96cb0"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce",
@@ -301,7 +301,7 @@
"typing_Prims.pow2"
],
0,
- "d92571fe4fddba2a3e34e66cd8379df3"
+ "3dfb4b1b62562d505a3c842cd2ac4062"
],
[
"Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer",
@@ -326,7 +326,7 @@
"typing_Prims.pow2"
],
0,
- "34a045722ea77d2338d4be13dc12bd09"
+ "a18f93507cb282f4687118704eb8d0d4"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_standard_domain",
@@ -388,7 +388,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "96c4e01f64709b9ce3e841e733dbf8b2"
+ "6970d4b3ffbaee1b76a5f122c46fdba4"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative",
@@ -408,7 +408,7 @@
"refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
],
0,
- "963ef621c4bb5f9e0812977745794bbf"
+ "0b4d22c91c8ce85e958c910b72cf4ad3"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -446,7 +446,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9e801d727357bbcdfba5f319b3a030b2"
+ "581c478b13b673248973b29041af8b98"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -484,7 +484,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "90f90c7163bbe42a6a43726729d3048b"
+ "c7759c46fa27e52eee95b326226e22e3"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
@@ -509,7 +509,7 @@
"typing_FStar.Int32.t"
],
0,
- "6c322458453cd337103704fd5a83867c"
+ "6797ea739480f2a668fcbeca0554d779"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
@@ -547,7 +547,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "2c3f42164195c7efcc58720708afb7c4"
+ "13c3adf7a321a2990e8ed68429fb9716"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
@@ -585,7 +585,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "e524b6f0b95c86b4363613fd55d457a8"
+ "7160564061456b18dfc675e4daff5c20"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -623,7 +623,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ae3cefb2a3b9538b0e2fd26fc0e88ce8"
+ "3c106b00f51d95865482b71502455a68"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -661,7 +661,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d016137a73b6a1d0ff28fd43447b1f55"
+ "ad9274617708c09d929d4868afff6aba"
],
[
"Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
@@ -689,7 +689,7 @@
"typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b"
],
0,
- "88f7d190ba8345fc555b61a2c4199536"
+ "3a70fbb276d52c778be648878c07a5fc"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
@@ -727,7 +727,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "3ce66b75aa85cb7566b34b888e740a1d"
+ "242a45e08fc06b9afae8376e6c555db6"
],
[
"Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
@@ -765,7 +765,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "24fcd8228f5faec71549009776e9e9cc"
+ "389d255920be81f175ab10d68b4a879b"
],
[
"Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
@@ -816,7 +816,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "04d82458061d6ee53b8e54dd0aff7405"
+ "6591da1dfd1000ad246c0c3619607fb3"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
@@ -895,7 +895,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "a39a09ee8e52544dd8d4d9fda2f40449"
+ "a1cdbee4c91ca4a3a73d895ab998b72b"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b",
@@ -929,7 +929,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "b40ff323f1d6587dda1697d0996f765a"
+ "84bc421dc6cc0d7da7d288e7f1c561d8"
],
[
"Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b",
@@ -963,7 +963,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "2bc58385579f5717c9c8715ae147e316"
+ "8917ad251847b9efddc69364a530da16"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
@@ -1042,7 +1042,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "aec6e8731792158e398514af6eee1a12"
+ "93b83c2f1f2da4b378f3f373f84a803f"
],
[
"Libcrux.Kem.Kyber.Arithmetic.cast_vector_b",
@@ -1086,7 +1086,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "af0f5d8499ac1b4ee24a63d6634217c8"
+ "2a17070c639d812cfab5486e27ec9827"
],
[
"Libcrux.Kem.Kyber.Arithmetic.poly_range",
@@ -1162,7 +1162,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "2950b0055924138f94c42645772c90a8"
+ "9a0010f507d6acd47673328f0a19304e"
],
[
"Libcrux.Kem.Kyber.Arithmetic.vector_range",
@@ -1207,7 +1207,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "1cd41ad7a9b6f455909527c43d57badd"
+ "a6f2e2b0dd77137126f772fb0f91b591"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b",
@@ -1287,7 +1287,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "af9643c554b612a90856786acae6a35b"
+ "6515284f1386bc6656ac938707c6d18d"
],
[
"Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b",
@@ -1331,7 +1331,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "e72e49ea6214d264995f61ec10f8f26b"
+ "d6221e2b6d7a2111e9d9030c845e8ed7"
],
[
"Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
@@ -1377,7 +1377,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "42337dd8c91938e05f3a98264c4729b6"
+ "b9ad7e5e7c8447da197f746087ec5aef"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_poly",
@@ -1456,7 +1456,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "b8a34faf2d9a3a7e5d2a644ff5490efb"
+ "fb1a8d26d637562a352f2f9e7953c72b"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly",
@@ -1531,7 +1531,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "4a7a00ae046eeda7b26478b81b40bd77"
+ "a59c3100a1fdfd49cf5d71f7e0cfadad"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_vector",
@@ -1544,7 +1544,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "2237f5b0ebfea6ea885cbe256d77f765"
+ "fa5495ce712dce2d517965b827f13e62"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector",
@@ -1557,7 +1557,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "a624e99ca7db0e580f99766017341958"
+ "acb0cdeb0ada9328fc1aff38c1422dbe"
],
[
"Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix",
@@ -1570,7 +1570,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "183bdf712d602e7cfa0fcd4571f2ced7"
+ "56be73cf53ec3aa6dc0370f22db10547"
],
[
"Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix",
@@ -1583,7 +1583,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "2d5d0e5ace22bcc876ac97ab6b47086d"
+ "7ed1ffdfab0bf547eaee49060f38a90d"
],
[
"Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
@@ -1650,7 +1650,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "af2a429aeaec38eedd8a788addcf0368"
+ "38479e7d705cab4b9edab1b3addf13e4"
],
[
"Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element",
@@ -1691,7 +1691,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c4a55642444fff2d56dd6452beb2985b"
+ "96dd8102665a598db0eea7ebc44ea471"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints
index 8729e2a41..e899f0a18 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints
@@ -112,7 +112,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "51c15f6a6e8af2dc72bb3e03fc73c7b1"
+ "6a75850c22064278f630d33a12cae12f"
],
[
"Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient",
@@ -134,7 +134,7 @@
"refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f"
],
0,
- "997643d9b07b9b02496efec13e1964f9"
+ "52fb7dd7e933a505c53b820325e3eb6c"
],
[
"Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient",
@@ -241,7 +241,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "5fcb37837e63ab579df13e7a4e314934"
+ "7d410cf9b8486850d0a56a3b9327eb4c"
],
[
"Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient",
@@ -303,7 +303,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "a180c0875b2d2f79083c9fb9c489af4c"
+ "a6c587afaf97b12ebc9426f69b86136d"
],
[
"Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient",
@@ -315,42 +315,90 @@
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
"b2t_def", "bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits",
- "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
- "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.add",
"equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast",
+ "equation_Rust_primitives.Integers.i32",
"equation_Rust_primitives.Integers.i32_inttype",
"equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.shift_right",
"equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.UInt8.vu_inv",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv",
+ "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_4",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Division",
+ "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
"refinement_interpretation_Tm_refine_1896583600abe7c45780fa9268536bbd",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
"refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e477cd5567f25e8e57e00f0185fa1ab0",
"refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
- "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits",
- "typing_Lib.IntTypes.v", "typing_tok_Lib.IntTypes.PUB@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_FStar.Int.fits", "typing_FStar.UInt.fits",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.mul",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "62c877a0d96e675179d86b5c0ed37cea"
+ "8af7f2af4f392060e6d062306cad85c8"
],
[
"Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient",
@@ -442,7 +490,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "a721ee651ec971e32c1d0b93b5808dc8"
+ "30c0e1d2b214879edf6c47a530c94e1e"
],
[
"Libcrux.Kem.Kyber.Compress.decompress_message_coefficient",
@@ -512,7 +560,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "6f7728f244b1f7fe55a41ff4427cfcc8"
+ "b5ca91977d3b864358266b45f3015c59"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints
index ab8316079..f18ca2e4e 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints
@@ -21,7 +21,7 @@
"refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f"
],
0,
- "2ac009fb949fbb2738b6839e1b9dc804"
+ "0ba8f9f6744261f24af4e1caf5351269"
],
[
"Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient",
@@ -85,7 +85,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "6facccb801e2f7c636dca8bec56aa28e"
+ "877339940ab0e7a966ddbb5adce32951"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints
index ff69abd42..158e90231 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints
@@ -96,7 +96,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "bf757a8cedc5e0892f9cd779c6180e33"
+ "09ecbfc7efe2c77697240b54065d14bd"
],
[
"Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time",
@@ -120,7 +120,7 @@
"typing_FStar.UInt8.t"
],
0,
- "292bba9aa30bcbd336ab0bef83af1b81"
+ "015ce96d492b9706b4d16e0d1dc4052d"
],
[
"Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time",
@@ -233,7 +233,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "124986828210bfdc995c85b19c6a0534"
+ "667c7074c780365e4f7e2a48896df1b7"
],
[
"Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time",
@@ -282,7 +282,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "78c7478c7587be54189c0781b0ff7537"
+ "0d721c969f1b50e9dc91d53a399d8091"
],
[
"Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time",
@@ -442,7 +442,7 @@
"typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "242f77f2291a016082648390ed9add65"
+ "2a94efd3f1f12da9e3f83b9a20f88099"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints
index 32a233a53..69094542a 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints
@@ -23,7 +23,7 @@
"typing_FStar.UInt8.t"
],
0,
- "9acc741880953195efc6c9aaf3e98391"
+ "b1d5da54fd13fbfe797a463d9e1cc05a"
],
[
"Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time",
@@ -72,7 +72,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "914c8270c54ab59570760334b9ceb664"
+ "844f5978d09ebc4e7901c7296c1fa782"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints
index 29d17ec90..3f55832c5 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints
@@ -37,7 +37,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f15641905a172ae9e591d152f9c96d6c"
+ "2ccca6d50fa42c88525da2a8714f6e14"
],
[
"Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
@@ -75,7 +75,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "47d1fcdd9b9a891ddd9d5189294e1a11"
+ "92872cdfc311e2f8cb9e4db831d019c9"
],
[
"Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT",
@@ -120,7 +120,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "51dd5bf561247cdffd3d5c23fb955022"
+ "06b26553678d0318731d8621a32872c4"
],
[
"Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT",
@@ -163,7 +163,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "96fc4186b10707302ab4b72932cea661"
+ "f99f9a93db1cd6c6717b48072e0932fc"
],
[
"Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE",
@@ -201,7 +201,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b0b0e8d4a076a6cb79f9ff8cf2268dae"
+ "1089300a691515198a9bbfad3af04f41"
],
[
"Libcrux.Kem.Kyber.Constants.v_REJECTION_SAMPLING_SEED_SIZE",
@@ -245,7 +245,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "8c118bf1f93b3be468797f30e5f4e89c"
+ "6cf935d8a2aeb522cdbb6217e65cda61"
],
[
"Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE",
@@ -283,7 +283,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bb37f46fa9e261e3b2281a3dc3d145c0"
+ "f6fc4f0b582f57b6e169eb1babf6807e"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints
index 3b1c7e4f2..c1b858be7 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints
@@ -38,7 +38,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "424f51ce2afaa60006e68464a1817e0e"
+ "c3898719d9111eb9b13089ced6449a85"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_G",
@@ -76,7 +76,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "0a8b8daca19ab55a1c36273cb635de28"
+ "ee149743e1d622ae3eb9dfa5bfda336c"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_H",
@@ -115,7 +115,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "2259a304060a6b11285cddbcf15a1b7e"
+ "1559cc8f2e4b659d2c42a44817e22a32"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_H",
@@ -153,7 +153,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "28729d43abb5581ea330deb821337893"
+ "4b262cd264339ac6961c4f9282ebee56"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_XOFx4",
@@ -204,7 +204,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "4eb0f409f728ac1da3363ba0e07f69b2"
+ "212f4818b9bd8207fb34e4692d46e285"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_XOFx4",
@@ -214,7 +214,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -222,27 +224,77 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equation_Core.Iter.Traits.Collect.f_into_iter",
+ "equation_Core.Ops.Index.in_range",
+ "equation_Core.Ops.Range.iterator_range",
+ "equation_Core.Ops.negation_for_bool",
+ "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Hax.impl__index",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40",
+ "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2",
+ "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
+ "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f",
+ "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
+ "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
+ "l_and-interp", "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_Item",
+ "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_IntoIter",
+ "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter",
+ "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_Item",
+ "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
+ "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "refinement_interpretation_Tm_refine_08126773a0ec43652fb7d75527aeafb2",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "token_correspondence_Core.Iter.Traits.Collect.f_into_iter",
+ "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains",
+ "token_correspondence_Core.Ops.Index.in_range",
+ "token_correspondence_Core.Ops.op_Tilde_Dot",
+ "token_correspondence_Prims.op_Negation", "typing_Lib.IntTypes.v",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "1b9f8e1e049dbb3b3f3be3b6f010ad66"
+ "32c81201712ea482da4cdea699644caa"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_XOFx4",
@@ -332,7 +384,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "13fc9c35bc530e5c7d9181e652676548"
+ "6e79cfb1e7d7bb8225fba245af449e06"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints
index abd7569c9..91e0d50e1 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints
@@ -38,7 +38,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "543170cc5562719525c42f907396b084"
+ "fab022463f1e61fb6c138a5c321a9093"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_H",
@@ -77,7 +77,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "fcdd8dbeda3b3219304d46811ded18c5"
+ "7ea5885f51173b8a93f92fc48d4207a6"
],
[
"Libcrux.Kem.Kyber.Hash_functions.v_XOFx4",
@@ -128,7 +128,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "a98ebc15720ee01edfd12d37b4058933"
+ "dc3975a75dd7cc8cc0dbdd1f76252368"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints
index 9ea5abd4f..b110b7234 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints
@@ -47,7 +47,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "f5d82786a12d058bd6169a673c9dfe39"
+ "e59a5c323cad2e69ea5165b1915f943d"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.into_padded_array",
@@ -140,7 +140,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "46f170e1c4519b8b728250d43f7cc2a2"
+ "776e4fb7b7aeec0e75a77324a0befd47"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.acc_t",
@@ -181,7 +181,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a31d15eb299c2c5ad348a19212bd79d9"
+ "30d35a3c79993000e2fe499566fd9469"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.wfZero",
@@ -193,7 +193,7 @@
"projection_inverse_BoxInt_proj_0"
],
0,
- "5359d27105b6e5b608bf9eb837f52a7d"
+ "a08375c17c0f09409f03d28c78dc2929"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.etaZero",
@@ -219,7 +219,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "3ddd4a69ea8abb98c1a078bc2a4033ca"
+ "7038e8a6ee0911f59c991375a8d63375"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd",
@@ -303,7 +303,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "7fc5eb5c3809ee10b95d7fd77a7bd0d2"
+ "f8f75e06fad13a1152f79c4ff674c8d4"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd",
@@ -313,7 +313,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -321,27 +323,97 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_FStar.Pervasives.Native.Mktuple3",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Core.Slice.impl__len",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.gte",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.valid_params",
+ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple3",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d",
+ "refinement_interpretation_Tm_refine_303f3ed7da7fa515960d4d09b7f6f790",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.UInt8.t", "typing_Lib.IntTypes.bits",
+ "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.gte",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "e4f8935b5c4cf6f29acd403006a841ad"
+ "1c47c1bc0aaebdcba9b54031b7086ae5"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd",
@@ -451,7 +523,7 @@
"typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "3c04eaabca4ee28a59d699dd07fba3e2"
+ "f1ae045c299b25ed0aa61383e56e628d"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt",
@@ -531,7 +603,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "00c631d3d02e629a355ac09c7d953562"
+ "dfe624bf8e2313e7b7d22627adcc8423"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt",
@@ -541,7 +613,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -549,27 +623,108 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_FStar.Pervasives.Native.Mktuple3",
+ "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Core.Slice.impl__len",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.gte",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.valid_params",
+ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple3",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement",
+ "fuel_guarded_inversion_Spec.Kyber.params_", "int_inversion",
+ "int_typing",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_303f3ed7da7fa515960d4d09b7f6f790",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_6429d8e304d352f05a83669146e6cacf",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d9709c468a55d1c148eb4fc0d0233e6f",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.UInt.fits", "typing_FStar.UInt8.t",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.gte",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.__proj__Mkparams___item__v_ETA2",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "3e92ded985cd7f31d01cb1b4ee38ff1a"
+ "8e4901e31dd83747399fd96899bf26f6"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt",
@@ -688,7 +843,7 @@
"typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "31aac3b3662de6d97ded9a613dac7345"
+ "7a457d8d6c4785a4c2948e63143ddf76"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u",
@@ -752,7 +907,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "ec30557ba772ea45e48a3170d97c2b04"
+ "a37e8e7c5927d6459c6ed473e3c9179a"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u",
@@ -885,7 +1040,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "c3dbc59b7d0fd8789af08b0c0f477203"
+ "47462c80da4a42028cb648f4ee43f778"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -935,7 +1090,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "0648e0eb4d8aa9dac4fffc48f7a1ccdb"
+ "727d6d746a48cc9312a23a8c163eec74"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -949,7 +1104,7 @@
"refinement_interpretation_Tm_refine_257ddf45d97229b8c327236723913127"
],
0,
- "a0d53ab46855dcdba04f85b59a1a69fe"
+ "6a024e654630366a75842a950371386c"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -970,7 +1125,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "90522bb98a8a8c12b13bd252b296f028"
+ "0230d766a36244e4baecdd15765420df"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -991,7 +1146,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d068aa27db85ce3aa8b2db83b0ef7450"
+ "6b141e37465667ae31d1660aa58dd2b3"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1028,7 +1183,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "5a7b42d85c5121cd4adc8dd0412d25d6"
+ "dd47652e8c6b1718266bb98131de1ae0"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1057,14 +1212,12 @@
"refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647",
"refinement_interpretation_Tm_refine_84b2ac843dbb7ecfb6a9a7e0dad290a7",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_d87987f504b518e52f51d8b3c3b4380a",
- "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.minint",
"typing_Rust_primitives.Integers.unsigned",
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ed0d37ed257421f307ea13dc0f4e60a0"
+ "7d86f7b392c3e605afcb4333e45eb4a7"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1120,7 +1273,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "6e7c578dbfab310235161ee49892888f"
+ "de7478574faa7a2ff57a80caa8ed1ac1"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1200,7 +1353,7 @@
"typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE"
],
0,
- "6f5392cef8b94a877fd37bb4102c7de9"
+ "d816926d51c40f79417cbdb3c59d6bb0"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1253,7 +1406,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "47cdeeadb1cdf9a50ac2703142d34713"
+ "59a6195352cffbcdb6a2943ad07af81a"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1293,7 +1446,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "69ccad123e4dde2687331d928faebfff"
+ "80e82f69a0b33661f9f36581226b55c9"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1343,7 +1496,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "5740c53b845b04ec629b9d16138ec157"
+ "3bea21db4db5b9b803cb638c343f8711"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1398,7 +1551,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "c28f8d2ebab01017283dbce1f57a3197"
+ "ca13fb996285305cfaac912b84f96f13"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1464,7 +1617,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "9a876bef6c7e023558928b7eeaade812"
+ "84179668e4e0e0fa9e7e88719ea990a2"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1477,7 +1630,7 @@
"refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5"
],
0,
- "b0642417b20101cf891dcf24d2377f72"
+ "da17e3402e3f116d4e5c789375e846df"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1564,7 +1717,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "79bf17f6aae9528d02597b5d8b30c586"
+ "be3f47e40d94821b2d7aa045a0285d8f"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1576,7 +1729,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "c49eb0a8c2984cf00c1a193288fd8627"
+ "e032e45a78e08f4cf025652b33cb8e9e"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1585,7 +1738,7 @@
1,
[ "@query", "b2t_def" ],
0,
- "29e7a050bcb322f3ebad11a09218ec0a"
+ "709c6122f8381a7e969ca852fcb861df"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1628,7 +1781,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "6e91cde2cf129e6c05f3deb6612c4d5e"
+ "e33c2a66e108c857e6b016ae3fc336ab"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1641,7 +1794,7 @@
"refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5"
],
0,
- "a9d1dcdd519e3bdc1ea053ec4116d56f"
+ "9d225169555733e3efddfb32028477db"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1712,7 +1865,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "ea84e6feac9f0a61ec31901e710ed34a"
+ "f369750674de059e3960adb604d9986e"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1726,7 +1879,7 @@
"refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5"
],
0,
- "f99a02a82813420976bbbdbdafbe5f0a"
+ "e1f9b674fe7276c44e637accabe9de94"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1741,7 +1894,7 @@
"typing_Rust_primitives.Hax.repeat"
],
0,
- "1086ebcb2e78b17fcd834de630663a67"
+ "6be43a954b2777c2ed571efd8974d74d"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1755,7 +1908,7 @@
"refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5"
],
0,
- "187003252e0423572f5aa5cc6965607b"
+ "edf96f52ab34ee74ca368a8e3ad21581"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1764,7 +1917,7 @@
1,
[ "@query" ],
0,
- "94c7c5ff3573650a98e32a1a553473f8"
+ "d6c2eaf50168b9728afc44dc34cfe127"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1799,7 +1952,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "63adf77b49b957f85568ae1782ee8210"
+ "a959f45fe15163be004f6136ed1e1b17"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1852,7 +2005,7 @@
"typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "625d9db81352cb458104394c2a2c48ef"
+ "6f96730ccd379939e20bb20be1746305"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1883,7 +2036,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "f46b276c31f0e851625e654d8142a32c"
+ "5bd964c3fffb53a2309a5fb2b27472c0"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1905,7 +2058,7 @@
"typing_Spec.Kyber.v_C1_BLOCK_SIZE"
],
0,
- "4db9fc552df44be63ce1d061060017b8"
+ "fcb90648828f91eea47ceac52af397ff"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1927,7 +2080,7 @@
"typing_Spec.Kyber.v_C1_BLOCK_SIZE"
],
0,
- "07b4d3a74479228580523c902abd7317"
+ "68d1d77e422eb06073da4568d99e6f9a"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -1982,7 +2135,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "8022a8c74278f44ea49449b801189549"
+ "3606f0c6eec3af47b544be99f9d1d37b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2007,7 +2160,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "134a395903ecd7f0f065a08b12fe3f23"
+ "34daa9f858e984e916fc18827fc40189"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2024,7 +2177,7 @@
"refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688"
],
0,
- "824bec19679bf2f71fcafc1686a64e6b"
+ "cd5b2f23ddbbf4734bad598dfd524114"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2044,7 +2197,7 @@
"refinement_interpretation_Tm_refine_e2e762f87b9fab3208089befe760c551"
],
0,
- "8a24e40b8479131ea53f8af276a02e4f"
+ "4e7a315725ae8039fcd8dba888be7de3"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2071,7 +2224,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "0711dd03fc55a77c050522f9c7be3d8a"
+ "fe98c7edf5ff81b0fff5e687dca2286b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2087,7 +2240,7 @@
"refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178"
],
0,
- "7490217f8ccbd777da633c33cbe25e6a"
+ "10fdb4193715ee1d60744082a1119dd9"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2103,14 +2256,14 @@
"equation_Rust_primitives.Integers.usize",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
"refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
- "refinement_interpretation_Tm_refine_2c21fbc891ed88ece0f7cbd3426a8a63",
+ "refinement_interpretation_Tm_refine_1152491a9a408dbb2a69fa5eb7c3eea1",
"refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"typing_Rust_primitives.Integers.usize_inttype",
"typing_Rust_primitives.Integers.v"
],
0,
- "f9b0516209228ba45b220855c3935c35"
+ "815ae84cfbd97f414dcb6adb9368aa2c"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2119,10 +2272,10 @@
1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3228273f48688dd5bc6a47cc71b63644"
+ "refinement_interpretation_Tm_refine_1780e3e3423d75725ae206b5df95a0a6"
],
0,
- "7d91de0a587ea5a88799f5bd788eb131"
+ "60486d7456385e993423a14e23da4f61"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -2131,10 +2284,10 @@
1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_5c9c497c51ef2bfd23dc566251e18cd1"
+ "refinement_interpretation_Tm_refine_bb4a6fcea4effb263c4c9aec6fa6b2f7"
],
0,
- "c738719fa6e58069acbc529deead9104"
+ "2517a242089b5054b5a9e1fe36a2228f"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key",
@@ -2218,7 +2371,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "2f238c17396411e65eaa9c43f5219a98"
+ "7b1d9e649746b4d90049dae485843577"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key",
@@ -2355,7 +2508,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "82e36ab3ca3960079569913edd26d723"
+ "cd56e7031712c60316df4ac3cb89ad7d"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2405,7 +2558,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "80ad170912a78323267f8cd17c23d546"
+ "c3b3ddf2fcc24c180604d8d688181a48"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2419,7 +2572,7 @@
"refinement_interpretation_Tm_refine_04d1a41375cb265cfbd8785ad22877c0"
],
0,
- "c8fa97a63f96d9d6e26f8a6553c46f96"
+ "e12c93d4471c40153c7ebb2fc169c1bb"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2456,7 +2609,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "15b13bc7de64dd7c0f1b7b993dd93b2e"
+ "03e916fc52d2db8ccceddfb824002d65"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2510,7 +2663,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "41a658a1156a94e26687e239671540b9"
+ "1f7645ba7b1305136d9754d8e1637fdb"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2522,7 +2675,7 @@
"projection_inverse_BoxBool_proj_0"
],
0,
- "3c4d3c67e95bf2753a7d8009218a6864"
+ "bab5d9bbcbafd2ee4133325849ba38f9"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2531,7 +2684,7 @@
1,
[ "@query", "b2t_def" ],
0,
- "3988ac529e447122123eef67fc04c247"
+ "4f6a8d3f12e89b888df1132f3465facf"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2568,7 +2721,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "95b4a1d2ca2767e3fea5b50068428b68"
+ "23879d451a0b175208f949f679dcfe9f"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2644,7 +2797,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "d1232bdefa22388137446c092d7ab89e"
+ "e26cc7af6d3739a1eec35aef7e379fc2"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2656,7 +2809,7 @@
"refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec"
],
0,
- "3e5b8e3da43177ef9aa3d0b11c877ec7"
+ "4a192b3649fa328f29b613d81f949a69"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2671,7 +2824,7 @@
"typing_Rust_primitives.Hax.repeat"
],
0,
- "79d0ba3045d8f5f3d2e655860a14bb14"
+ "4e6a2d9e764e5c39371523c522604585"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2683,7 +2836,7 @@
"refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec"
],
0,
- "70a26e1ffc64e4941bae35e9ac4d1fbb"
+ "0046d4d8bdc6ae72a8f290bb9456d83f"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2692,7 +2845,7 @@
1,
[ "@query" ],
0,
- "eabe5ee1a4e90b71f4f181f13a177759"
+ "99f46e9dd41c3c4dc3a8fac877698ead"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2725,7 +2878,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "314ab0636a88b7a09757b3a029ef6f7e"
+ "7711a6cf0fa82669498d284d1871a56b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2776,7 +2929,7 @@
"typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.valid_params"
],
0,
- "5c2710a29d4deb31f0ba07a0d48a1ddb"
+ "97e04257863a5862070c95b5a890120a"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2799,7 +2952,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "c2df478091f1995541fbc9fad74c4d53"
+ "bee8a9764048cb152bab526373531979"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2821,7 +2974,7 @@
"refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9"
],
0,
- "1dcba185b5fca17c9a34454f93da1855"
+ "17bc19c669a0bc9e1f37625fad9f3364"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2841,7 +2994,7 @@
"refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec"
],
0,
- "54c997e90cdf1d6530a2cdd97ef2ed86"
+ "23df95e25d15ad50e35f17268035ce2b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2867,7 +3020,7 @@
"refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9"
],
0,
- "698d330b6d133741572cb1b0ad84378e"
+ "88696527b5359a18c6f60f96f4d06a40"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2883,14 +3036,14 @@
"equation_Rust_primitives.Integers.usize",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
"refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_2a445ee76d816ee5dc6456b15866fd0d",
"refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_a2ce4182f623d51af4f01507dbac81cf",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"typing_Rust_primitives.Integers.usize_inttype",
"typing_Rust_primitives.Integers.v"
],
0,
- "03155974d3b0769d9dd8cc4a2d74d09c"
+ "83324114da879bb7a37755c35bedd76e"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2899,10 +3052,10 @@
1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_d2d32f632f378aa1e2fe5b24c42ccb20"
+ "refinement_interpretation_Tm_refine_91aef11d36a5ef4d927e7ba47e560947"
],
0,
- "262099b3c813961bdd25bb5df5465e73"
+ "5afeb1d03dd2ad2720b59def1a48d008"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -2911,10 +3064,10 @@
1,
[
"@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_729eb4d164a2255861c24fbe8bcd08ac"
+ "refinement_interpretation_Tm_refine_584f0eb673831c31e84c27dd07e5ce0a"
],
0,
- "620d6760dc3efd07574d6ab512f7f39a"
+ "66855dde4b52897477374f1b0f80f87d"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.decrypt",
@@ -2974,7 +3127,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "61ac361099f3cefa7d06552113c45d81"
+ "cd312079bb9459c6faa686a30cbba0b5"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.decrypt",
@@ -3111,7 +3264,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "0299d54f8da6d660e67fef0b24181481"
+ "10c59a6053c9799fa9fbfd1b55a0b71c"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.encrypt",
@@ -3182,7 +3335,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "de9184e9cc63d1debaf39092a6cd0a15"
+ "891607c78ff6864f4bc4ed666a25683e"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.encrypt",
@@ -3192,7 +3345,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -3200,27 +3355,181 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_FStar.Pervasives.Native.Mktuple2",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Core.Array.impl_23__as_slice",
+ "equation_Core.Ops.Index.f_index",
+ "equation_Core.Ops.Index.in_range",
+ "equation_Core.Ops.Range.impl_index_range_from_slice",
+ "equation_Core.Ops.Range.impl_range_from_index_array",
+ "equation_Core.Ops.op_String_Access",
+ "equation_Core.Slice.impl__copy_from_slice",
+ "equation_Core.Slice.impl__len", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.size",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Ind_cpa.wfZero", "equation_Prims.eqtype",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.slice",
+ "equation_Rust_primitives.Arrays.split",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sub",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize",
+ "equation_Spec.Kyber.ind_cpa_encrypt", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.sample_poly_cbd",
+ "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "equation_Spec.Kyber.valid_params",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "fuel_guarded_inversion_Spec.Kyber.params_",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "function_token_typing_Rust_primitives.Integers.u8", "int_inversion",
+ "int_typing",
+ "interpretation_Tm_abs_0cb90ffdaac009e5428b856a53fc2c98",
+ "interpretation_Tm_abs_4bb6412701dfeac9ce6df5500b93361d",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
+ "interpretation_Tm_abs_c383c10040deb921f8edacb536247c52",
+ "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "l_and-interp", "lemma_FStar.Seq.Base.lemma_create_len",
+ "lemma_FStar.Seq.Base.lemma_eq_elim",
+ "lemma_FStar.Seq.Base.lemma_eq_intro",
+ "lemma_FStar.Seq.Base.lemma_index_app1",
+ "lemma_FStar.Seq.Base.lemma_index_app2",
+ "lemma_FStar.Seq.Base.lemma_index_create",
+ "lemma_FStar.Seq.Base.lemma_index_slice",
+ "lemma_FStar.Seq.Base.lemma_index_upd1",
+ "lemma_FStar.Seq.Base.lemma_index_upd2",
+ "lemma_FStar.Seq.Base.lemma_len_append",
+ "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_FStar.UInt8.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
+ "proj_equation_Core.Ops.Index.Mkt_Index_in_range",
+ "proj_equation_Core.Ops.Range.Mkt_RangeFrom_f_start",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
+ "projection_inverse_Core.Ops.Range.Mkt_RangeFrom_f_start",
+ "projection_inverse_Core.Ops.Range.Mkt_RangeTo_f_end",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_0a1fc74b53c69a41eceb9d7368f73b62",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_1d1f1ecbbef37067035a7c7f276e4e21",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d26fa327c2c1ff0a9633e2624291cd2a",
+ "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_ed95cbcc65ce70ece9e84ad5f1db743e",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Core.Ops.Index.__proj__Mkt_Index__item__in_range",
+ "token_correspondence_Core.Ops.Index.f_index",
+ "token_correspondence_Core.Ops.Index.in_range",
+ "token_correspondence_Core.Ops.op_String_Access",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.Int32.v", "typing_FStar.Seq.Base.append",
+ "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length",
+ "typing_FStar.Seq.Base.upd", "typing_FStar.UInt32.t",
+ "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Libcrux.Kem.Kyber.Ind_cpa.wfZero", "typing_Prims.pow2",
+ "typing_Rust_primitives.Arrays.length",
+ "typing_Rust_primitives.Arrays.slice",
+ "typing_Rust_primitives.Arrays.split",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "9295d30481de5a82e34858191a751466"
+ "07c194699d4bacf1144d95dab7ac9980"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.encrypt",
@@ -3412,7 +3721,7 @@
"typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "cc446721e441ddb27cdc460ebdba2b78"
+ "101a7ae8a434449d0f371ac5dacf36b4"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key",
@@ -3466,7 +3775,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "62b9628713a4e0acd9a8a6587d756c48"
+ "ce0d5da893bb2976139844c021b75cca"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key",
@@ -3617,7 +3926,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "b2c2c8cf965711c26d2957a8d515c03c"
+ "a047adc38d5af1fd310a200f54ee376e"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key",
@@ -3687,7 +3996,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "ed68da75b36bc8b834a05c8ea130f70f"
+ "b404bb38ac71ececa9ec8049363ae3b5"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key",
@@ -3813,7 +4122,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "c0f47a05e2de187a43f1d645ed24c9b5"
+ "a84d618591ceddfc2b8b2ae6f1b2edc4"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.generate_keypair",
@@ -3850,7 +4159,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b9a029874497ce347734521f54bfadb7"
+ "f02a58f4d2d25977bc0a0e18df91154b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.generate_keypair",
@@ -3962,7 +4271,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "9651c0b89c98a54c29417957482fc0f9"
+ "3c1df48304d3337a3c6fe207e3e6982f"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints
index 45f64c730..891bbbb44 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints
@@ -47,7 +47,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "46374f0fbf1d9f7d58a113766f953d75"
+ "9f758f61350b1360455f6f174c0696aa"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd",
@@ -132,7 +132,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "8d9b6b20767f2919cbbed0cfb879bc12"
+ "d263ac21f92213ab15d9691ea50c76f3"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt",
@@ -211,7 +211,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "d1cbf319aa1cb6648393f35ca7c767a4"
+ "affa5a85950e24589138e843ef0d548b"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u",
@@ -275,7 +275,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "e75a553725bc59d233e349156be53f1b"
+ "2686c81df8533b9b6919362196b912d4"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u",
@@ -343,7 +343,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "eef8404afdef48b9f50c07e7ef47c454"
+ "2243d269ee4093014d488b96b025f9c4"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key",
@@ -431,7 +431,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "7d5832fb3e1f3622a610f26fc9fa2e68"
+ "65eff9a56116b8bc6dfa681fa23c2f5c"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key",
@@ -495,7 +495,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "1f515cbb315269b679e569d5be5fea68"
+ "9a92b08b061ecd8f7c53353fb33eb476"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.decrypt",
@@ -555,7 +555,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a4935ae135d9acb1877b66d74f7ed6c5"
+ "ee6f20799269100e15d08dedf9ce9ec7"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.encrypt",
@@ -626,7 +626,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "0bb59e8ec28acff8237047a40770e0dc"
+ "737de230017e971992fda8e7176906fa"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key",
@@ -680,7 +680,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "27068b859652ed84e1e1d4ea241d6b50"
+ "0bc5b44bdd469619464e681494b15511"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key",
@@ -750,7 +750,7 @@
"typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "be4244631a08bfc7a26e9038611bfc44"
+ "54bb589d9c33d85e5a74378d504172b8"
],
[
"Libcrux.Kem.Kyber.Ind_cpa.generate_keypair",
@@ -787,7 +787,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "5dff4f5f9172343f0e88d9d6649e0e66"
+ "344cd08f227190d304292f72fb5a95d1"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints
index a78f91a86..4ebe0ce48 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints
@@ -40,7 +40,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f9d7e870d75451e9fda40ae9a6794a42"
+ "541e9050a5fdb4db4a93fd468c5c0df6"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA1_RANDOMNESS_SIZE",
@@ -94,7 +94,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "5c2b8e6ea82f25ec7b00d0a59e5f500e"
+ "23c542c1b6a81441e01126649225b3f5"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA2",
@@ -135,7 +135,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "8ab1aa1a62025cdd9459a4127d63977d"
+ "45dd91a616a5400c4fdf8da48c06ddc2"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA2_RANDOMNESS_SIZE",
@@ -189,7 +189,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "f33c0e6d30e405a025bbf5d189312212"
+ "7e68d738cee193573ec5bc4482aeb8df"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_RANK_1024_",
@@ -228,7 +228,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "923a56669e1227678616bde86f4aea89"
+ "e4406709b7f108335cfea9aa8dff2748"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_SECRET_KEY_SIZE_1024_",
@@ -288,7 +288,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "1b6e11a85829a871ab32e28f3ac3c596"
+ "cf16f962175659625fc8b03bb586b542"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_RANKED_BYTES_PER_RING_ELEMENT_1024_",
@@ -347,7 +347,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "3c0232eb7c79f3b983927605adb182c8"
+ "febac0f402e84b7c4a5e87a1ae643559"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_T_AS_NTT_ENCODED_SIZE_1024_",
@@ -407,7 +407,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "1e91b3fdc79a06d2c84f9a4207c87581"
+ "1e195314580f09301aea86da6b96ee8b"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_",
@@ -472,7 +472,7 @@
"typing_Spec.Kyber.v_SHARED_SECRET_SIZE"
],
0,
- "7c5854d3632f12b7f6161ffd8dfa7364"
+ "6ec49faa252af5b33490216fee42427f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_",
@@ -494,9 +494,10 @@
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
"equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_",
@@ -547,7 +548,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "38a14b5936b093cac85b4f2dd5a0c3c1"
+ "439843412ca27d7ad10558c09c420987"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_",
@@ -574,9 +575,9 @@
"equality_tok_Lib.IntTypes.U64@tok",
"equality_tok_Libcrux.Digest.Algorithm_Sha3_256_@tok",
"equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v", "equation_Libcrux.Digest.digest_size",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Digest.digest_size",
"equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE",
@@ -630,7 +631,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "fc7b55372d8323f4d3aee0af1a2549dc"
+ "30624ff43256a936443687fbc9c84be5"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_",
@@ -712,7 +713,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "ee63d7dc3289e401ba71a2e349188b0e"
+ "edf42f41c1948fb25aee8b76e5a469d1"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_U_COMPRESSION_FACTOR_1024_",
@@ -751,7 +752,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "fd7e044ae2cab749a2a3aedbbeac0856"
+ "3af59bb1b90236616898465a3150138a"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C1_BLOCK_SIZE_1024_",
@@ -808,7 +809,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "57653cfdc92442e61f637dc70c73e6f1"
+ "76282440741f5b1f14609c44dc20ce81"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C1_SIZE_1024_",
@@ -875,7 +876,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "4f0f4cb3ecb18b5062dcb922331077a6"
+ "2ddf1c190c7f83e7f471b158aae98e7f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_V_COMPRESSION_FACTOR_1024_",
@@ -914,7 +915,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bb3cbad87dbdf53e5860bb723af93bba"
+ "6e9e4052d81592f69656c7d22e81aad7"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C2_SIZE_1024_",
@@ -971,7 +972,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "2c2c6f75219eb0c259db41e3a86cd54c"
+ "0b75a181cd612c31a90ab895762a7812"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_CIPHERTEXT_SIZE_1024_",
@@ -1048,7 +1049,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "fc9fc4f32c9ea62a724ddd9fa7d6b8b6"
+ "16dd24f3fad574689dd09785afe94a3f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -1125,7 +1126,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "a0ed8f9bebdaa296e3cea523129c146a"
+ "9f1c4889b6ac39e9f6e8bd6f9945e2da"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024Ciphertext",
@@ -1164,7 +1165,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9e876369dfce574683491b9768693c55"
+ "96f22d3e794088bc1e527cf5d6df862d"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PrivateKey",
@@ -1203,7 +1204,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "245818d44634e1020482ea80eb3dfb5c"
+ "e92f9c8326065f12162f808dbe6d54b5"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PublicKey",
@@ -1242,7 +1243,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "1d3ea4c2e84da4ebc0a511b4bbc20cf9"
+ "a093dc1a40d239a1b48565f728abb5b8"
],
[
"Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_",
@@ -1280,7 +1281,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "331d472daf8f0086cd406aab81f624d9"
+ "69ec0d10fec2c5a6c94c20ee75651c1d"
],
[
"Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_",
@@ -1290,7 +1291,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1298,27 +1300,92 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
"equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber1024_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", "int_inversion",
+ "int_typing", "lemma_Lib.IntTypes.v_injective",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA2",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44",
+ "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber1024_params",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "47ffa48b284ed7cbda3996ebe3cbfd7c"
+ "e6c2e08bed6728c309c6579d1b8e628e"
],
[
"Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_",
@@ -1422,7 +1489,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "754c0e88051dc2da9fe9467c4c16bab4"
+ "bf5bc9189ddb12202ad553e254f7cdce"
],
[
"Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_",
@@ -1460,7 +1527,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "5164f1072bad4915bbc3f69244152e2e"
+ "b15548bf53410612b8c5c71bba3f1618"
],
[
"Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_",
@@ -1470,7 +1537,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1479,26 +1547,82 @@
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber1024_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_inversion",
+ "int_typing", "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA2",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber1024_params",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "e78499fd470134433b44b0130dafd7e3"
+ "c578acb0b937086812c50bba7b1014f4"
],
[
"Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_",
@@ -1593,7 +1717,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "0d8b87ebe5c41e07ef1a2663ea846791"
+ "58a3a66637f743c8e8aa5ba2a0576dcd"
],
[
"Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_",
@@ -1632,7 +1756,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "fc06954cd4c3e8517a03d7445f73093f"
+ "02c3ce76b6baa7d16336fd6de3b1fedf"
],
[
"Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_",
@@ -1642,7 +1766,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1650,27 +1775,66 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber1024_params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_typing",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber1024_params",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "01bde0961cad3e72014735bfb00cf103"
+ "fdd8b8f54b27b5142ceb693eb763a59f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_",
@@ -1748,7 +1912,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "a60faf25196fc564f58cd279479c426a"
+ "71bf966aa7f536c84ce0f7ee38a138a0"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints
index 49b61d4ce..4369037e3 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints
@@ -37,7 +37,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ffe2a1b6bf9e100c151c883659b8729d"
+ "5ee0c6527ecbddae5f78d850e87b8c21"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA1_RANDOMNESS_SIZE",
@@ -83,7 +83,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "0082b1f921cb8e3e9d3ef0e06fa6869e"
+ "6f1a3d13bd08f271a74ffa8e266522a4"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA2",
@@ -121,7 +121,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f2251612a626594e9d534d69d04782eb"
+ "89aa166050788aa07047541864b31524"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_ETA2_RANDOMNESS_SIZE",
@@ -167,7 +167,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "1d8e591fdc80d05184be44b9467f37a0"
+ "b1bb492a5a3cfeaa04bf241cab15febf"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_RANK_1024_",
@@ -205,7 +205,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d2138d63ff4ef135fd6fe6458353ade2"
+ "bb1d7addede1d4316bd3ce57317fbe2f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_SECRET_KEY_SIZE_1024_",
@@ -263,7 +263,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "2100c1bee48d3cc70d8ff311443f375d"
+ "900d9048b1b6628a16d410c5527dba55"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_RANKED_BYTES_PER_RING_ELEMENT_1024_",
@@ -321,7 +321,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "0d3ff33e3d14c74d1a2e9ec4e8b3443b"
+ "572cb2dbd37834d6184a0ed6047ed596"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_T_AS_NTT_ENCODED_SIZE_1024_",
@@ -379,7 +379,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "d73bb340eb53c2874aa56376b84632fb"
+ "dbdb4625a51a414b118687d0a85b24b9"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_",
@@ -442,7 +442,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "87c9b686cdb5d8baf512931206783897"
+ "d06b32a478d73c58759ff149e42bff89"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_",
@@ -523,7 +523,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "08f4fac21275977a2078c9ec26ec184d"
+ "2c616e014799f29fcc3f65e8b3a92d2f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_U_COMPRESSION_FACTOR_1024_",
@@ -561,7 +561,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "7c23e09cee4f504af76d1ce1597a879c"
+ "a7b5bb4ed1aaeeba60b35a697fe996ca"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C1_BLOCK_SIZE_1024_",
@@ -617,7 +617,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "075474bc24edaa327769ca9a1d278953"
+ "69147969574892400f539979635e401b"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C1_SIZE_1024_",
@@ -683,7 +683,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "4af5c8ebee447c0b4bf7fedfba119401"
+ "4612128d255d2dd13ca7b96e1f90088f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_V_COMPRESSION_FACTOR_1024_",
@@ -721,7 +721,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "47280cc2328c633aeb7e2be08ef88b35"
+ "4525317c5e80b34b4813b1b07143e074"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_C2_SIZE_1024_",
@@ -777,7 +777,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "adacd225e5c923b218dfb646b5502507"
+ "3672d3d798980407512a774d948f1c4f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_CIPHERTEXT_SIZE_1024_",
@@ -844,7 +844,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "fb3b04f012f89d1b7a4a5e802a532d03"
+ "c78fd58a22dc53ba46243499d01c2f70"
],
[
"Libcrux.Kem.Kyber.Kyber1024.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -916,7 +916,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "47f190d2e8dea329f4e10f79a49881f9"
+ "fb07bcf64c48334d86fc46bddcd3cc41"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024Ciphertext",
@@ -954,7 +954,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c44484bd73367ef96b6b47237e88cdf7"
+ "15167fb4283b57dac32ecc86e20ae89f"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PrivateKey",
@@ -992,7 +992,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "1ff4b930694d81392cd40d1c1bd9bfd3"
+ "a82cab568a9d0c8ab58b6c30299e1768"
],
[
"Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PublicKey",
@@ -1030,7 +1030,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "87df4e3ea0852ee34104f16ee0833311"
+ "d915e55b735f49347b04ab2bd8790cde"
],
[
"Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_",
@@ -1068,7 +1068,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bd400dfa36df989c506ab5a46503a56f"
+ "673647cea8e0d31b7f6fad328a00a08c"
],
[
"Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_",
@@ -1106,7 +1106,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "144861e696f5cffc6e297fcf75f37c1b"
+ "1bd4291531b213d4db89d97be6c15a5e"
],
[
"Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_",
@@ -1145,7 +1145,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "be72f60b0c79de14a22f09d796ec1143"
+ "398199c9dc2b19b0900cc6c930016260"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints
index e7b178a2a..7b16a20f6 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints
@@ -40,7 +40,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a2262631289adc8cbb6afe63def356ec"
+ "b73ed56355508687c62ceb125aa2f5c7"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA1_RANDOMNESS_SIZE",
@@ -94,7 +94,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "afdbd858a7b3408ea2d48c0155730d2c"
+ "102a848eb0b56d2893afb3fe85ef731c"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA2",
@@ -135,7 +135,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a9822d209e9f75a838b30cd09f2e03f7"
+ "c3e8c6b78affb25424aeab05845ac515"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA2_RANDOMNESS_SIZE",
@@ -189,7 +189,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "7b15834298fa56ccb6526a4dcae5f96e"
+ "3377c38dfda4873219a3175c4c129e73"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_RANK_512_",
@@ -230,7 +230,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "37d0d20b42d5b31db16fb8400dfdaff6"
+ "134ff5a9e13602b56262f17efa723cd3"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_SECRET_KEY_SIZE_512_",
@@ -294,7 +294,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "5183e47d11bd1e6507c99e1f0a7dcd6a"
+ "a97c75782118ed9585d8b4eec41f9a6b"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_RANKED_BYTES_PER_RING_ELEMENT_512_",
@@ -358,7 +358,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "57bd4a468324206aff5e3af8b54e7413"
+ "63146c94f53d2733b5271427ee1e644e"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_T_AS_NTT_ENCODED_SIZE_512_",
@@ -422,7 +422,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "9484e9b5e85fdd2b6c2c03fa5fd273c9"
+ "bbf746be6223de75297d253270e1e84f"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_",
@@ -487,7 +487,7 @@
"typing_Spec.Kyber.v_SHARED_SECRET_SIZE"
],
0,
- "89256b0cf97d0e7bb8908a25a8fdaedd"
+ "26310847e7a1438576b2e1b715a5b953"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_",
@@ -509,9 +509,10 @@
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
"equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_",
@@ -563,7 +564,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "cf5f9e281d5e5481209f5477409aa298"
+ "2012eab9ef460ae50973a9b14c9ff96d"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_",
@@ -614,8 +615,7 @@
"equation_Rust_primitives.Integers.usize",
"equation_Rust_primitives.Integers.v",
"equation_Spec.Kyber.v_H_DIGEST_SIZE",
- "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
- "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion",
"int_typing", "lemma_Rust_primitives.Integers.pow2_values",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
"primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
@@ -646,7 +646,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "052c8a6004d4368c484033b77055b7a3"
+ "018bf2e65fefb2f38d042e89f06dd81e"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_",
@@ -672,9 +672,10 @@
"equality_tok_Lib.IntTypes.U32@tok",
"equality_tok_Lib.IntTypes.U64@tok",
"equality_tok_Libcrux.Digest.Algorithm_Sha3_256_@tok",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v", "equation_Libcrux.Digest.digest_size",
+ "equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Digest.digest_size",
"equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE",
@@ -729,7 +730,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "4a2f90a4bb0d3539b14e014adf0b52f2"
+ "23835f79e0c47471dab12a1f6691d402"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_VECTOR_U_COMPRESSION_FACTOR_512_",
@@ -768,7 +769,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c28d181a9948ceec5fcfa68dba2c95ce"
+ "6591763fd0a2905ebc7641e0d021a682"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C1_BLOCK_SIZE_512_",
@@ -825,7 +826,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "b3dc43bdf00482673ef7e1d71fd42855"
+ "2212169017039d967585c9cbafb07b9a"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C1_SIZE_512_",
@@ -896,7 +897,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "cfb631a802e560054aa6a227364f5ea2"
+ "a4f3dc0c2d34921c6543bf11253a4faa"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_VECTOR_V_COMPRESSION_FACTOR_512_",
@@ -935,7 +936,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c98bfd9dbd039bee833f22f8441c4082"
+ "9369aea6558823273d55cb0d83b405bb"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C2_SIZE_512_",
@@ -992,7 +993,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "2760fb5be62545ff840e0caeb3bd0977"
+ "fb8bfbb43b51e65692ca0cacad0b5a7e"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_CIPHERTEXT_SIZE_512_",
@@ -1065,7 +1066,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "1c56d7db20878202a6e7b02ff7c69a9a"
+ "87835225df3b289c0b0539bd88906a72"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -1143,7 +1144,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "734a513a4b61fad415a57ca9bbfd8d68"
+ "5b98256a0b87f03b81b8f0e489e35ce6"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512Ciphertext",
@@ -1182,7 +1183,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9fd223e9fe004716ea3f97f922b5e6ca"
+ "3ba6953098aaa8e4a3ec3cc9514127ad"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512PrivateKey",
@@ -1221,7 +1222,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "25f2edaecc3da5720b31972fbd28b38e"
+ "b863142d653a11fe0556e6d571d22e55"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512PublicKey",
@@ -1260,7 +1261,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "7f313c50f7140ecf8a729bbb010b7382"
+ "028726431d36cc211fc9f406ca39e587"
],
[
"Libcrux.Kem.Kyber.Kyber512.decapsulate_512_",
@@ -1298,7 +1299,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b53c655cd01deff208d1ec6835fbe3b8"
+ "5037d225f3306f27cafbe8537ac567ef"
],
[
"Libcrux.Kem.Kyber.Kyber512.decapsulate_512_",
@@ -1308,7 +1309,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1316,27 +1319,96 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_Libcrux.Kem.Kyber.Types.Mkt_KyberCiphertext",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberCiphertext",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_inversion",
+ "int_typing", "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_769d89d2adb5ba14177e537ed06ba341",
+ "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44",
+ "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber512_params",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "typing_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "91e8a96ac275d88ad3dd8337c041bab8"
+ "0821f6d72cbf905a6000470ef20551e0"
],
[
"Libcrux.Kem.Kyber.Kyber512.decapsulate_512_",
@@ -1445,7 +1517,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "12c38e27825fc7a30748a1723835082e"
+ "b2e78c3be696f9e6c4dbb19a649b9918"
],
[
"Libcrux.Kem.Kyber.Kyber512.encapsulate_512_",
@@ -1484,7 +1556,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "414a16de85e9a69711b8a63195ea526c"
+ "052203a817a4cad24c731bee1fae13d7"
],
[
"Libcrux.Kem.Kyber.Kyber512.encapsulate_512_",
@@ -1494,7 +1566,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1503,26 +1576,79 @@
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_inversion",
+ "int_typing", "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_769d89d2adb5ba14177e537ed06ba341",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber512_params",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE"
],
0,
- "214b07d64d3b9e4f647bc98e976841c2"
+ "951e29637cf0c95f408f7a98d8637f8f"
],
[
"Libcrux.Kem.Kyber.Kyber512.encapsulate_512_",
@@ -1615,7 +1741,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "f0f72587621621e831768763379adfda"
+ "23afb342ba4dce72911478e5625c8d62"
],
[
"Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_",
@@ -1654,7 +1780,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "3392d5e1cf4275b625b6f9c3c3f4ea39"
+ "b7ed9c99258a9ca8cadcfa9e8cdc8908"
],
[
"Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_",
@@ -1664,7 +1790,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1672,27 +1799,64 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber512_params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_typing",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber512_params",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "01bde0961cad3e72014735bfb00cf103"
+ "a2e964f38d16accc18cdbf434168bd39"
],
[
"Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_",
@@ -1768,7 +1932,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "4711e93618ffacef35418b8fd6756026"
+ "8bd8a1f8d8c2327c37bc9ad733f41119"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints
index be5c320d4..0b60ea92d 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints
@@ -37,7 +37,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f643af25a005832c5dc7a4ec77534860"
+ "700a0c1f50539a17f8d01b27a3dd2d34"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA1_RANDOMNESS_SIZE",
@@ -83,7 +83,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "a798a09561a38ebe9e3d30f53a1624a3"
+ "4ca90695fc0dfca3bca0a671bdf9c337"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA2",
@@ -121,7 +121,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d6b9411e499ec1056723c9b7a704ef58"
+ "1c5ef3158052a63db14e2fdebde7e623"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_ETA2_RANDOMNESS_SIZE",
@@ -167,7 +167,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "20dc6aa3398c30cf844b94b991729905"
+ "d1de9a8bd10505db30ce79742fb1a2ad"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_RANK_512_",
@@ -205,7 +205,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a02eea15ed06eeb1b4375eadfbc43022"
+ "119d0b2c92d1b8535abbdec573dfb4b0"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_SECRET_KEY_SIZE_512_",
@@ -263,7 +263,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "788caf79bef18ca865db6ed28489b395"
+ "42f234ebeee900b672267b4eaf138509"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_RANKED_BYTES_PER_RING_ELEMENT_512_",
@@ -323,7 +323,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "dd51e3fb52b2a84bcfb5e3e4345ee51d"
+ "5142dc824a2257a3c95b8e20ebd21754"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_T_AS_NTT_ENCODED_SIZE_512_",
@@ -382,7 +382,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "bb5d71a16672c873033c24cf86a1561f"
+ "68f4d5bdac5be2ef37383f6d2d368689"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_",
@@ -445,7 +445,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "8a7b9c51a6e00568c0f0187bf51c81cf"
+ "edb8ffc5e46a7c9b6359d03c38f32083"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_",
@@ -525,7 +525,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "302ee4a7f73625897c6984441d9a01b0"
+ "4c2e737e56ab7f52237a00d23a38bab1"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_VECTOR_U_COMPRESSION_FACTOR_512_",
@@ -563,7 +563,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "970f2e1f2c0e778b871fb127dae60b30"
+ "f231124768e5156cc8c479cb933608c2"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C1_BLOCK_SIZE_512_",
@@ -619,7 +619,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "d8df0c1cf15abfba48e243d3d2bf8df1"
+ "44777921dd49d49fa821d57190837391"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C1_SIZE_512_",
@@ -685,7 +685,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "fb5285ad40b1dcd6fd10a5a50b9c7b81"
+ "c874fd59272048154dd6ff6d2d69ec30"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_VECTOR_V_COMPRESSION_FACTOR_512_",
@@ -723,7 +723,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "33c68a6b36fa6c7f0074a0ca035a0579"
+ "fc213c4ae2ea0ed55770b1caaf8625aa"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_C2_SIZE_512_",
@@ -779,7 +779,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "252774e4212788843eca27ac87d90188"
+ "92d5a78ed1818521f213ae7479eedc22"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_CIPHERTEXT_SIZE_512_",
@@ -846,7 +846,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "e19f57250d414963f0d3cd1bfbf46f35"
+ "cc3ff479e20ed4d68a406c9f25cc61c6"
],
[
"Libcrux.Kem.Kyber.Kyber512.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -922,7 +922,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "97aea39f4984e1e90f64ea813682c4e6"
+ "349a12e28bfff4ce79d45ea3cfe92ffe"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512Ciphertext",
@@ -960,7 +960,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bb7090f941cae6d606cc3e6a3a961197"
+ "77d2562039fc666b1f359133c3f5a7ed"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512PrivateKey",
@@ -998,7 +998,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f7d5a6e5dbf0fa3c2656b1f6f91cbb81"
+ "9e729f1f699295683108ab2ef17034b6"
],
[
"Libcrux.Kem.Kyber.Kyber512.t_Kyber512PublicKey",
@@ -1036,7 +1036,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bde6725300e657cff5570bd22cd32cc1"
+ "9590bb93eafea5a85cf5b9dd0145cddf"
],
[
"Libcrux.Kem.Kyber.Kyber512.decapsulate_512_",
@@ -1074,7 +1074,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "423260315baf8fc2ce56fa68aec6736c"
+ "07f97c5c1f5d06c2d0a2fb944b89995b"
],
[
"Libcrux.Kem.Kyber.Kyber512.encapsulate_512_",
@@ -1113,7 +1113,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f5ad920aa87d0162200d09a2f0ed9238"
+ "b77f37fa7df9f90e5bcb0c8d281063b5"
],
[
"Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_",
@@ -1152,7 +1152,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "544d1b5e690ba39d1813de1d78e8a8d2"
+ "2e4b351854d277ae06d4bca2299b8d65"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints
index bc4bd1622..9be6eae67 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints
@@ -40,7 +40,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "f9d7e870d75451e9fda40ae9a6794a42"
+ "541e9050a5fdb4db4a93fd468c5c0df6"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA1_RANDOMNESS_SIZE",
@@ -94,7 +94,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "0f4fdc587f387ff53ca38176c32ff0f1"
+ "c2758d6f0d34f887b854fc8f5c885626"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA2",
@@ -135,7 +135,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "d895b078aff884875e245fefccd1adc3"
+ "d36cce2e1f36911e98141a3d319130ad"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA2_RANDOMNESS_SIZE",
@@ -189,7 +189,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "a5d485f6930ff41c55f22e375518c861"
+ "c74b230b3bf0a80a21bd535fa7bae451"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_RANK_768_",
@@ -230,7 +230,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9bf06006c91f1aced3a3a8938567707d"
+ "e021fc13d25d1b3c7cc1ebeb542e394e"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_",
@@ -293,7 +293,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "cc1bab74c6f99a3a4e57b90280a65f8f"
+ "a2e0ebc68dbe1950b5ef310deece9288"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_RANKED_BYTES_PER_RING_ELEMENT_768_",
@@ -353,7 +353,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "94f5d4be384f791293f080b46745e2d2"
+ "6c926cd50b2db20e3e6ecadeb97ebb39"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_T_AS_NTT_ENCODED_SIZE_768_",
@@ -416,7 +416,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "688d6fbfe8466b01f0d758683be43d3b"
+ "b77f402b6a4cf8d8adcac71a51f65481"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_",
@@ -478,7 +478,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "686a932102c8304ff349f356eed709cc"
+ "d0c16fec4e6639a17045e30635c0c62a"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_",
@@ -500,10 +500,9 @@
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
"equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_",
@@ -538,15 +537,10 @@
"refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e477cd5567f25e8e57e00f0185fa1ab0",
"typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"typing_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_",
"typing_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_",
- "typing_Libcrux.Kem.Kyber.Kyber768.v_RANK_768_",
"typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.mul",
"typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
"typing_Rust_primitives.Integers.usize_inttype",
@@ -555,7 +549,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "4e6be58aba3f4c0d1b17047c619b5db2"
+ "e94af2e3d2a7cca106c37fc107d3d5eb"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_",
@@ -606,8 +600,7 @@
"equation_Rust_primitives.Integers.usize",
"equation_Rust_primitives.Integers.v",
"equation_Spec.Kyber.v_H_DIGEST_SIZE",
- "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
- "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_typing",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_typing",
"lemma_Rust_primitives.Integers.pow2_values",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
"primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
@@ -638,7 +631,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "ca037a953c1ced095852a8705d8c2a21"
+ "10da19c6aa9670e5ece7098cd999a8e6"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_",
@@ -721,7 +714,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "a726cf76e4d89ca72016f8f192b1dc24"
+ "c6f6005ccff9f45848fe969305a5f96c"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_VECTOR_U_COMPRESSION_FACTOR_768_",
@@ -760,7 +753,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "613d58229cb215accf91aa723e807747"
+ "311f23abac501033b5a772ba4a0f49aa"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C1_BLOCK_SIZE_768_",
@@ -817,7 +810,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "7894565fdf471e20f0b7655915ff6248"
+ "5729bb73d9bb3cda0b3997edc15efac6"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C1_SIZE_768_",
@@ -888,7 +881,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "74a3a8060b1d6e5ad16b2b606bfe32e3"
+ "e7abbce5979671529c25a70a99f5ca21"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_VECTOR_V_COMPRESSION_FACTOR_768_",
@@ -927,7 +920,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "01d9f6d89443745e3e39f5e87f25815e"
+ "11aeee28608b3a69900bbd6dc6164eaf"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C2_SIZE_768_",
@@ -986,7 +979,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "bcece07fa41b7ef4b17f532922598ca6"
+ "f3f368cf0e92bb77e0d2c448b67460eb"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_CIPHERTEXT_SIZE_768_",
@@ -1059,7 +1052,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "36c4070cd1fbdc37a19e86305ce61173"
+ "b2231d972be64fb015707b54f2b6fe78"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -1137,7 +1130,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "ae069e23b9643ab2a8c82f7cd88091b1"
+ "0af8b9e81d142473508476bb64ea697f"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768Ciphertext",
@@ -1176,7 +1169,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "cf1d60079e3882f3ded5441b88875055"
+ "a1dae7a7519f5e91182f1b4e7977cade"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768PrivateKey",
@@ -1215,7 +1208,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "b15fe1cc78bb0a9436a037f9f0618d3a"
+ "ae115b763f08f95985c3712751f9d007"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768PublicKey",
@@ -1254,7 +1247,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "376c0e3e5ef8b99eca79f35b85640df9"
+ "82c635b26398b2855d362e29def5535f"
],
[
"Libcrux.Kem.Kyber.Kyber768.decapsulate_768_",
@@ -1292,7 +1285,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "9a81e57180ab552a0dcbcd1b79c032c0"
+ "96fc23cc7393bfeb01bfef6be4fec069"
],
[
"Libcrux.Kem.Kyber.Kyber768.decapsulate_768_",
@@ -1302,7 +1295,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1310,27 +1304,92 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
"equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber768_decapsulate",
+ "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberCiphertext",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberPrivateKey",
+ "int_inversion", "int_typing", "lemma_Lib.IntTypes.v_injective",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberCiphertext_f_value",
+ "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberPrivateKey_f_value",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA2",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44",
+ "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber768_params",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "47dcf3b6558b804379b931789a4e49a2"
+ "21c3658232488bb584636fdc54bb0d19"
],
[
"Libcrux.Kem.Kyber.Kyber768.decapsulate_768_",
@@ -1434,7 +1493,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "52b60087f37343541abb85dbdad59481"
+ "c79866f6299aca76c07206cd83f79eb5"
],
[
"Libcrux.Kem.Kyber.Kyber768.encapsulate_768_",
@@ -1473,7 +1532,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "21412c8c9c93aeeb057ba7bf327ea0d7"
+ "8701e8b4c81230e75181c9ba4ce0d767"
],
[
"Libcrux.Kem.Kyber.Kyber768.encapsulate_768_",
@@ -1483,7 +1542,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1492,26 +1552,86 @@
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.unsigned", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber768_encapsulate",
+ "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.t_KyberSharedSecret",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_C1_BLOCK_SIZE",
+ "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberPublicKey",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_inversion",
+ "int_typing", "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberPublicKey_f_value",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA2",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR",
+ "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR",
+ "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486",
+ "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5",
+ "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "typing_FStar.Seq.Base.length",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber768_params",
+ "typing_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE",
+ "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "979dd9765d144c6c3e02a9081a15449e"
+ "96a6212d6d999f3b4a86c56d8ca37cf8"
],
[
"Libcrux.Kem.Kyber.Kyber768.encapsulate_768_",
@@ -1609,7 +1729,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "9f593e3d40fed22b953c4a23f6263cf8"
+ "6b6724adae5f7b9879e1e9493b1b1eae"
],
[
"Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_",
@@ -1649,7 +1769,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a6852f73ee01ecce4821a2d1b0b440c4"
+ "18d0d552c98acf50bff6e74cae2ee310"
],
[
"Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_",
@@ -1659,7 +1779,8 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1667,27 +1788,59 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
"equality_tok_Lib.IntTypes.U32@tok",
"equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.inttype",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
"equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.kyber768_generate_keypair",
+ "equation_Spec.Kyber.kyber768_params",
+ "equation_Spec.Kyber.t_KyberPublicKey",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE",
+ "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "equation_Spec.Kyber.v_SECRET_KEY_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion",
+ "int_typing", "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA1",
+ "proj_equation_Spec.Kyber.Mkparams__v_RANK",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Spec.Kyber.Mkparams__v_ETA1",
+ "projection_inverse_Spec.Kyber.Mkparams__v_RANK",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036",
"typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.kyber768_params",
+ "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "01bde0961cad3e72014735bfb00cf103"
+ "f8e8082f252de7038c2c4386dc475832"
],
[
"Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_",
@@ -1758,7 +1911,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "a48a6177df2c3318e82dd0a2b90ef4d2"
+ "8b4f90d2a655569a10f79af5c8a4ac0d"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints
index f261d424c..59945fa9a 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints
@@ -37,7 +37,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "56208c412b9de42479751b700fa92b28"
+ "8ea5ec7baa3130e3af95e6c2fb61c6fc"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA1_RANDOMNESS_SIZE",
@@ -82,7 +82,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a65e24d9cbb541bb7097e9879edc3b53"
+ "71c2e892aa0a9a967398a5d9b406306d"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA2",
@@ -120,7 +120,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "a98b0e2d698762f3970bb7830cb26b1f"
+ "b1036532c5c0f65af7f7707124064ef6"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_ETA2_RANDOMNESS_SIZE",
@@ -168,7 +168,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "67805a52dc5efab0caf26e658e34690e"
+ "14a627bc9b3598e6e26cfe8b57e4b913"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_RANK_768_",
@@ -206,7 +206,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ca8a47f0580cb8708a94f80f6499058e"
+ "830653279c8ec451b40b736855769581"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_",
@@ -264,7 +264,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "f4fd19359dd793ad55995ae8f242498b"
+ "110a3bd85db5cda1f9b14a767112d02e"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_RANKED_BYTES_PER_RING_ELEMENT_768_",
@@ -322,7 +322,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "d275bc70a224cab676dd896fb93acba3"
+ "904b6ee23baaaec234545c5dc8274b8e"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_T_AS_NTT_ENCODED_SIZE_768_",
@@ -381,7 +381,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "f8bf8969a9f04d3e2e4a66e58cdcc484"
+ "8b39c786f76defbd4b8c6e8abfb9b9bc"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_",
@@ -444,7 +444,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "31cfd379c1863fd690dff7d3cfd8d1f8"
+ "c7ab219ef44fd9fed630087af3f01729"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_",
@@ -526,7 +526,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "faf83eba5619d9918cf11e3808472e50"
+ "0aa760eafd24c15118a377219d340399"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_VECTOR_U_COMPRESSION_FACTOR_768_",
@@ -564,7 +564,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "0ba5a01132c210a13116e8ff43be4581"
+ "89d15d2afb4a7e35483d85f8bffdd5bb"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C1_BLOCK_SIZE_768_",
@@ -620,7 +620,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "17117215d7323aed9edac5f416ccb387"
+ "9d17efdd713db7d409d1dce6da8623f3"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C1_SIZE_768_",
@@ -686,7 +686,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "2667663faf5d8ad8f59dd112756d3e8a"
+ "e143ea15a392bd0a27a97b1175b034af"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_VECTOR_V_COMPRESSION_FACTOR_768_",
@@ -724,7 +724,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ade4c0d8278f478a1cf4bbf3f2ba9bbc"
+ "9373846a1eb17adc32b946cc5bed7405"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_C2_SIZE_768_",
@@ -780,7 +780,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "09f79ee3cd5b5f7fa7b35cd54f5a25f3"
+ "4ce95cac359078a2c200ca69f87428ae"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_CIPHERTEXT_SIZE_768_",
@@ -851,7 +851,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "5913f4c24758433aaa231577d26eb79e"
+ "c29c1a33460bc4e2b6661a05d018f4f2"
],
[
"Libcrux.Kem.Kyber.Kyber768.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE",
@@ -927,7 +927,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "a1b52630c2fec507e94c86e2b899b603"
+ "1c917a12248f00ef7a6df5b1c2a72d3f"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768Ciphertext",
@@ -965,7 +965,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "8bce0631e37ba7075007e654528acb21"
+ "c49746abef44f84b3819eb79de65823d"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768PrivateKey",
@@ -1003,7 +1003,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "85306f73d8c89c465128fa0856221917"
+ "3926b188d0d64db60c03cfff5e0a826b"
],
[
"Libcrux.Kem.Kyber.Kyber768.t_Kyber768PublicKey",
@@ -1041,7 +1041,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "ba497f97df6ab65d3d74baf038fe67fb"
+ "8e94edea74f5bbbd050428e90d87438e"
],
[
"Libcrux.Kem.Kyber.Kyber768.decapsulate_768_",
@@ -1079,7 +1079,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "6f62c5b8784d674752c86d14ce0185ae"
+ "34ad49f7873920f266f3b3a8616307bc"
],
[
"Libcrux.Kem.Kyber.Kyber768.encapsulate_768_",
@@ -1118,7 +1118,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "298be40bc8121472a80ec91f8aebd730"
+ "b2728ec12cb4af5c675d855a37a952b2"
],
[
"Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_",
@@ -1158,7 +1158,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "7c0744280258a7716cc56ce5f74c52cf"
+ "97b20e3016cc0f338bb37356bb8b225a"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints
index 4ba1ca852..01ed82564 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints
@@ -60,7 +60,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "3feed56d4cd53ef92aad181a34839260"
+ "1d4f0e76fa91b31022ccaa099711f10a"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_As_plus_e",
@@ -118,7 +118,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "3e6edb931138967770665dad5edd2e14"
+ "48468c572146e16bfa7a2840b05e5653"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_As_plus_e",
@@ -297,7 +297,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "53a0fdc3955101f0cdf61505dd0c086a"
+ "491ef94da7d623e46f7287f3d22da1fc"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_message",
@@ -344,7 +344,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "f97cba69ebbb744c9fd9d04849076e99"
+ "35af93c30faeb5ca0ac339d9d573abeb"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_message",
@@ -510,7 +510,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "27c92a8cc43462263c1b6f370d54858d"
+ "707595d0de70771cdb19be1993e87e99"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_ring_element_v",
@@ -557,7 +557,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "5e57dcfbeab41c0103f5c6472838099c"
+ "eaafb151f1b01e1960f58c3e93fff263"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_ring_element_v",
@@ -723,7 +723,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "69ed99e941ca0c804f383a805f83a804"
+ "9f7df60f9ba8281e9228e2f9fdd090f6"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_vector_u",
@@ -770,7 +770,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "d26eee00f4e195a8642a6d20bc3dbea6"
+ "39916bfc380441ce9ae29b99e0716d0f"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_vector_u",
@@ -959,7 +959,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "0cd700817290affd1cd2d3a06193b866"
+ "5154b72bc4a4103c18d9e41c390a75e4"
],
[
"Libcrux.Kem.Kyber.Matrix.sample_matrix_A",
@@ -1038,7 +1038,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "0f55551acc718bd19bd400640a077f4c"
+ "cc87b93fe4dc4a1bd200dea715959727"
],
[
"Libcrux.Kem.Kyber.Matrix.sample_matrix_A",
@@ -1048,7 +1048,9 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
"constructor_distinct_Lib.IntTypes.U1",
@@ -1056,27 +1058,84 @@
"constructor_distinct_Lib.IntTypes.U32",
"constructor_distinct_Lib.IntTypes.U64",
"constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
"equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Core.Iter.Traits.Collect.f_into_iter",
+ "equation_Core.Ops.Range.iterator_range", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
"equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
"equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.valid_params",
+ "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing",
+ "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40",
+ "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2",
+ "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f",
+ "l_and-interp", "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
"lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
+ "proj_equation_Spec.Kyber.Mkparams__v_ETA2",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_IntoIter",
+ "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter",
+ "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "refinement_interpretation_Tm_refine_08126773a0ec43652fb7d75527aeafb2",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Rust_primitives.Integers.bits",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "token_correspondence_Core.Iter.Traits.Collect.f_into_iter",
+ "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.__proj__Mkparams___item__v_ETA2",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "04d07d2119e2c1770309c60843115a20"
+ "cc07d67fa446757c0372fc101dc95a80"
],
[
"Libcrux.Kem.Kyber.Matrix.sample_matrix_A",
@@ -1173,7 +1232,7 @@
"typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "a00e422dcd0141371c539b81db72f331"
+ "63eeb907e49aadf8d5699f76d869e78c"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints
index 90bfd481e..a252b3811 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints
@@ -57,7 +57,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "4734187037118e4d8d5be46be29c3652"
+ "0de7c542d2608c460d0a0c91d043ed78"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_message",
@@ -76,7 +76,7 @@
"refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e"
],
0,
- "55ca5cee44d92bf47f7e6ae8607405cb"
+ "5f50ce2ffb27334996096fa9cc9b05d6"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_ring_element_v",
@@ -95,7 +95,7 @@
"refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e"
],
0,
- "a1b90a294b595d1f261ca4e066d03a00"
+ "58c61e1eb09fc553cb5f234ce43f332b"
],
[
"Libcrux.Kem.Kyber.Matrix.compute_vector_u",
@@ -142,7 +142,7 @@
"typing_Spec.Kyber.valid_params"
],
0,
- "01d3589e869a0d94d8f82d713cc45c93"
+ "81c38cbb25011422497761466ff95cd9"
],
[
"Libcrux.Kem.Kyber.Matrix.sample_matrix_A",
@@ -221,7 +221,7 @@
"typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "eb2914af3cfe815432dd68284d7a6778"
+ "72a3accf7967684e3d1cf87663bed61c"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints
index c81a4b327..0a4dead32 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints
@@ -1,5 +1,5 @@
[
- "g$f63\"AP!2S",
+ "\r\u0001w>\u00105vj5",
[
[
"Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R",
@@ -73,7 +73,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "50b0b90d327b6b0c8e73a928c0838c4f"
+ "9a1f3b8d09fcfaf4a3a24fef3ae40dff"
],
[
"Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R",
@@ -164,7 +164,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "2ce8881d2681172f19ec13d23fa5cf9c"
+ "f355799070db2cbb08a49a94f62c76b1"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_multiply_binomials",
@@ -229,7 +229,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "abe55f38f1027418dda3c40796b0270f"
+ "e74c18347e7f8fc1d7a47d68cc34e876"
],
[
"Libcrux.Kem.Kyber.Ntt.mul_zeta_red",
@@ -251,7 +251,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "bc8dbe6ecf40c1520b1409b0ea33dfee"
+ "b2cbed5a79bc71f63720498edd48083b"
],
[
"Libcrux.Kem.Kyber.Ntt.mul_zeta_red",
@@ -259,21 +259,105 @@
0,
1,
[
- "@MaxIFuel_assumption", "@query", "bool_inversion",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.inttype",
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equation_Core.Ops.Index.f_index",
+ "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R",
+ "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Hax.impl__index",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.unsigned", "int_inversion",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sub",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
+ "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
+ "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
+ "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8df96e43ae266c076dc3f473846d2cdc",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a98b317897b1e4c2837553dddb4b95a2",
"refinement_interpretation_Tm_refine_b094c95ff178317720d7295ce1fdcbef",
+ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06",
"refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6",
+ "token_correspondence_Core.Ops.Index.f_index",
+ "token_correspondence_Core.Ops.op_String_Access",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_FStar.Int.fits", "typing_FStar.UInt32.t",
+ "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "99392cf2c5f12ec6d00062216e1b53ea"
+ "630542eb8e703c877f74166df583266b"
],
[
"Libcrux.Kem.Kyber.Ntt.mul_zeta_red",
@@ -379,7 +463,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "239ec6fbd9f0b2f2117f844cc392881f"
+ "7b79ff0b9a877a468b58e915d45cd2a2"
],
[
"Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr",
@@ -408,7 +492,7 @@
"typing_Rust_primitives.Integers.v"
],
0,
- "4f374a7ce8f6b752b785e34c49fb2e8c"
+ "dd96cde942ab2885b66a667712488b2f"
],
[
"Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr",
@@ -466,7 +550,7 @@
"typing_tok_Lib.IntTypes.PUB@tok"
],
0,
- "f7bb73ab18f5e5effd513921e132437b"
+ "d54da0b50c8afad5b2cc14ad2e2a02eb"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
@@ -484,7 +568,7 @@
"refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6"
],
0,
- "d4bca7f5ce2fc8e66f29cd862ca45e5f"
+ "0ab3362d5883add954a7a399e343ad41"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
@@ -492,11 +576,132 @@
0,
0,
[
- "@query", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxInt_proj_0"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equation_Core.Ops.Index.f_index",
+ "equation_Core.Ops.op_String_Access", "equation_FStar.UInt.max_int",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Hax.impl__index",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.div",
+ "equation_Rust_primitives.Integers.gte",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.sub",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Rust_primitives.Integers.usize",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
+ "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
+ "lemma_FStar.Int.pow2_values",
+ "lemma_FStar.Seq.Base.lemma_index_upd2", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_43453cb4d924052da16edc30727cedb1",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b094c95ff178317720d7295ce1fdcbef",
+ "refinement_interpretation_Tm_refine_b44d5c1f88f048774ee7f4587bf43549",
+ "refinement_interpretation_Tm_refine_b55456d17f7702005ad46ac39eb6ff1f",
+ "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
+ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c6e59d564177cec47542202264fb74df",
+ "refinement_interpretation_Tm_refine_c943115eee9824e31978d2201ce69912",
+ "refinement_interpretation_Tm_refine_cdb746ef12ad546404e15996fdd7203c",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb",
+ "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292",
+ "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6",
+ "token_correspondence_Core.Ops.Index.f_index",
+ "token_correspondence_Core.Ops.op_String_Access",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_start",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.add",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.lte",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "5e73baae075d14083d8d83619cdfa321"
+ "1c8f201419e28f94c72ffeb062c2ffaa"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
@@ -652,7 +857,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "9cab8738eccdf5fcd9802929e305ed7b"
+ "0092d44f9ffb043d6ce4c4c42e5eafd5"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery",
@@ -665,26 +870,13 @@
"refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1"
],
0,
- "8cacd779b12f7cbea7dd77fde73cfcc5"
+ "b1cefa86d697f3a5d50a071f5425e171"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery",
2,
0,
1,
- [
- "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Multiply",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1"
- ],
- 0,
- "fad437f9147b9b263bdf8e5b6f6d0744"
- ],
- [
- "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery",
- 3,
- 0,
- 1,
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
@@ -713,10 +905,10 @@
"equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.size_t", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
+ "equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.size_t",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
"equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
"equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
@@ -724,8 +916,7 @@
"equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
"equation_Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
"equation_Prims.eq2", "equation_Prims.logical", "equation_Prims.nat",
- "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Integers.bits",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
"equation_Rust_primitives.Integers.div",
"equation_Rust_primitives.Integers.i32",
"equation_Rust_primitives.Integers.int_t",
@@ -766,7 +957,6 @@
"proj_equation_Core.Ops.Range.Mkt_Range_f_end",
"proj_equation_Core.Ops.Range.Mkt_Range_f_start",
"proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
- "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_f_coefficients",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
"projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
@@ -781,7 +971,6 @@
"refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1",
"refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f",
"refinement_interpretation_Tm_refine_4bb22e36e30d68c2db3a3c9c632a2fcd",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
"refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b",
"refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
@@ -795,9 +984,7 @@
"refinement_interpretation_Tm_refine_c525f4bc3aa418afe0bd65cc4d0f6cd8",
"refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb",
"token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end",
"typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
"typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
"typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
"typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
@@ -818,33 +1005,157 @@
"typing_Tm_abs_6dff373001dc1d906d6042062048722d",
"typing_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36",
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok"
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "8a7d00174b2a2a7d70c93dc325cd68d6"
+ "8279f14b619d624718a742d460e358e6"
],
[
- "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2",
- 1,
+ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery",
+ 3,
0,
1,
[
- "@MaxIFuel_assumption", "@query", "bool_inversion",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "88e7d2c21c0349a0047be6f82cf7d5f3"
- ],
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_20f40d9ee1256a2a68373ae4ecd3f1d7",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_cc42e9585ff647700033da40cc9a7026",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.Iterators_interpretation_Tm_arrow_3eb481ea9c18f8e60186c8a373e66673",
+ "Rust_primitives.Iterators_interpretation_Tm_arrow_983b3ba85e9317f2f487483cb7071e8b",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_FStar.Pervasives.Native.Mktuple2",
+ "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b",
+ "data_typing_intro_Core.Ops.Range.Mkt_Range@tok",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok",
+ "eq2-interp", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.size_t", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
+ "equation_Prims.eq2", "equation_Prims.logical", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.div",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Lib.IntTypes.size_t",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.Integers.usize",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_6dff373001dc1d906d6042062048722d",
+ "interpretation_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36",
+ "kinding_FStar.Pervasives.Native.tuple2@tok", "l_and-interp",
+ "l_quant_interp_3524d72b7e55c1565267a3ae64984311",
+ "l_quant_interp_f40cf458c0341f143affa4bb088a3ae2",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "refinement_interpretation_Tm_refine_0a1fc74b53c69a41eceb9d7368f73b62",
+ "refinement_interpretation_Tm_refine_1774adebc4a11b344df7bc2ecbb2e9b4",
+ "refinement_interpretation_Tm_refine_1cc075782412c91ec7de7e656d2b474e",
+ "refinement_interpretation_Tm_refine_3073dbb1695e5d5c87e62d3770f0bf8b",
+ "refinement_interpretation_Tm_refine_3399a824ff354d64b8173aab366396cb",
+ "refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1",
+ "refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f",
+ "refinement_interpretation_Tm_refine_4bb22e36e30d68c2db3a3c9c632a2fcd",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b44d5c1f88f048774ee7f4587bf43549",
+ "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
+ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_c525f4bc3aa418afe0bd65cc4d0f6cd8",
+ "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.div",
+ "typing_Rust_primitives.Integers.gte",
+ "typing_Rust_primitives.Integers.lt",
+ "typing_Rust_primitives.Integers.lte",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Rust_primitives.Iterators.foldi_range",
+ "typing_Tm_abs_6dff373001dc1d906d6042062048722d",
+ "typing_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok"
+ ],
+ 0,
+ "3ca54cb65d6b42a45281dffafa7f5cca"
+ ],
[
"Libcrux.Kem.Kyber.Ntt.mul_zeta_red2",
- 2,
+ 1,
0,
1,
[
@@ -859,7 +1170,95 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "e9aaca3dadf8ca157791faa13ab375f8"
+ "0b8c94c2c928ef9e172126bd9eb43c56"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2",
+ 2,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_4dec773fe9b7ed3c95b1326ceaa3ab75",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3",
+ "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_FStar.Int.fits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "6f067ba7292c7ff0f097ee3a0a5b64f8"
],
[
"Libcrux.Kem.Kyber.Ntt.mul_zeta_red2",
@@ -945,7 +1344,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "e38f634f5b2d49f8dbb82fe7dd895485"
+ "f410488447a6e19c055740112f838068"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer",
@@ -964,7 +1363,7 @@
"refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3"
],
0,
- "fb0451a17bd18b1f965a120996520bef"
+ "8d9fe7c40d71fd0d2250b5e15e49d4c2"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer",
@@ -972,11 +1371,176 @@
0,
0,
[
- "@query", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxInt_proj_0"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_6b574e907f7e629d541dba716cf842c8",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_d261ac4a865360e5423e441478620aa5",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_e459e54a957e11470f0dae0b667e53fe",
+ "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_ec16ca589400ddab2e4dc33550b57e9e",
+ "Rust_primitives.Iterators_interpretation_Tm_arrow_3eb481ea9c18f8e60186c8a373e66673",
+ "Rust_primitives.Iterators_interpretation_Tm_arrow_983b3ba85e9317f2f487483cb7071e8b",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b@tok",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equation_Core.Ops.Index.f_index",
+ "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Hax.impl__index",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.div",
+ "equation_Rust_primitives.Integers.gte",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.lte",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Rust_primitives.Integers.usize",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_270ada60bfef4b2b4637b8e7dfa256e9",
+ "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
+ "interpretation_Tm_abs_99f3c02610693e81d614723104d77c28",
+ "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
+ "kinding_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b@tok",
+ "l_and-interp", "l_quant_interp_2d1e48269a3bfc46924a64aa24c65441",
+ "l_quant_interp_8adb376c57f5ba6d816784eaa3aec8ec",
+ "l_quant_interp_9229f3ec7efe6449082b5b465532a55f",
+ "l_quant_interp_f6f5d988ac86313e18fdfdb63844e0b7",
+ "lemma_FStar.Int.pow2_values", "lemma_FStar.Int32.vu_inv",
+ "lemma_FStar.Seq.Base.lemma_index_upd2", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_start",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_start",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_0958ecb529068e0c597be1e8c0b332e7",
+ "refinement_interpretation_Tm_refine_1774adebc4a11b344df7bc2ecbb2e9b4",
+ "refinement_interpretation_Tm_refine_1cc075782412c91ec7de7e656d2b474e",
+ "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d",
+ "refinement_interpretation_Tm_refine_3073dbb1695e5d5c87e62d3770f0bf8b",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_3399a824ff354d64b8173aab366396cb",
+ "refinement_interpretation_Tm_refine_3c83aab0f3ed58858f3edd0aef5b02c6",
+ "refinement_interpretation_Tm_refine_3feb4186f64b0773dea35af0afb6f3ea",
+ "refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1",
+ "refinement_interpretation_Tm_refine_4dec773fe9b7ed3c95b1326ceaa3ab75",
+ "refinement_interpretation_Tm_refine_51327043faa516b5685376abdec710bd",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_64d867a2413c4d634f87fcc53fdd1fae",
+ "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342",
+ "refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b",
+ "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_7ab4c08e82642b7b946f13776623927e",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_85f37737fcaee5faaf970c3740562c64",
+ "refinement_interpretation_Tm_refine_8ecf99b1cfd2713dd412eccfdc2ae3e7",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a8dbbf15b8d53fa1d8c3021449bbf7b6",
+ "refinement_interpretation_Tm_refine_b1bbc26c188ac642e23787f17d05a6d8",
+ "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06",
+ "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb",
+ "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292",
+ "refinement_interpretation_Tm_refine_e01cc15d0a06443a7c241193033ff5d0",
+ "refinement_interpretation_Tm_refine_f19379f9495f73ef08ae00f02cadf0d4",
+ "token_correspondence_Core.Ops.Index.f_index",
+ "token_correspondence_Core.Ops.op_String_Access",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_start",
+ "typing_FStar.Seq.Base.upd", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.add_i32_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.op_String_Access",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", "typing_Prims.pow2",
+ "typing_Rust_primitives.Hax.Monomorphized_update_at.update_at_usize",
+ "typing_Rust_primitives.Integers.add",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.gte",
+ "typing_Rust_primitives.Integers.lt",
+ "typing_Rust_primitives.Integers.lte",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Rust_primitives.Iterators.foldi_range",
+ "typing_Tm_abs_270ada60bfef4b2b4637b8e7dfa256e9",
+ "typing_Tm_abs_99f3c02610693e81d614723104d77c28",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "55f9d22d49904a8d77ccde8c8cf917f7"
+ "46ede34b9aa295281ba24927509ef519"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer",
@@ -1136,7 +1700,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "f89f3a8cfe23178b3bd474b575f5a04c"
+ "5c90e202a78d92c1bb09ce22e8f7ddca"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_",
@@ -1152,7 +1716,7 @@
"refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb"
],
0,
- "6453acf7c7f1dbbe7485c50408fc3533"
+ "f3e6dd02221c5de9989cbae47f561569"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_",
@@ -1160,11 +1724,67 @@
0,
1,
[
- "@query", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxInt_proj_0"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "fe8a5913ed94f71637d2f85f8f4953cc"
+ "d0aea49982d80ba8e81f734f7d7514d1"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_",
@@ -1232,7 +1852,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "31e52ef25acc77131dcdec19dcda9547"
+ "ad3c56fc4ac0ca442588e4f5148b75df"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_",
@@ -1248,7 +1868,7 @@
"refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329"
],
0,
- "5e8cd391f3b07709f5526563fb58c346"
+ "74a262b668363eee4a2ce4660aa84f4b"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_",
@@ -1256,11 +1876,68 @@
0,
1,
[
- "@query", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxInt_proj_0"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_f10d9518a75d6adcaee3453a23814005",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "2bb8db56edea4d0bb02fb4df0eb1d58a"
+ "6d8a33a9cdd496f12526f2fd366548e5"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_",
@@ -1329,7 +2006,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "953d15ec87cc81a2e957d2427086540f"
+ "c979083a7f359dd444b84ddc02082c43"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element",
@@ -1477,7 +2154,7 @@
"typing_tok_Lib.IntTypes.S64@tok", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "9834cf64fc8e1c814912996dbaa0eb33"
+ "74053562571e680e4601ec3f9bf6729f"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_multiply",
@@ -1582,7 +2259,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "9f122bc3fe91acb27b558591c578b75c"
+ "2ef04c3218d99763ccfa86ce826596dd"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_vector_u",
@@ -1703,7 +2380,7 @@
"typing_tok_Lib.IntTypes.S64@tok"
],
0,
- "d7110524d30e95609605e710a4e644b1"
+ "b8df67492a729c6e06f690b696a082f1"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints
index ee586b27d..4945a2d26 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints
@@ -54,7 +54,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "fe5ca2e81f1b1092d21729cd6783381f"
+ "2b3b76579b36ac40142dbe88e92e0c26"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer",
@@ -72,7 +72,7 @@
"refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6"
],
0,
- "694e02a9f82b4fae74d0d64d5b573107"
+ "ad152f65676d4433ae95c559064196b5"
],
[
"Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery",
@@ -85,7 +85,7 @@
"refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1"
],
0,
- "e201f83e53e79f381e063ada9bb70f7d"
+ "42df19b0dbf785682a59a0939de6bdde"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer",
@@ -104,7 +104,7 @@
"refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3"
],
0,
- "65462661929a00494f5a69658e677a39"
+ "63899756015da60ad11e912eebd6bc66"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_",
@@ -120,7 +120,7 @@
"refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb"
],
0,
- "ed7de5f6bb062d73633b30c7ce097560"
+ "be162df816b9c933ca736beb61294a1a"
],
[
"Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_",
@@ -136,7 +136,7 @@
"refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329"
],
0,
- "ecbce2e7af002c54bf711b6631c9362e"
+ "b8260ca9999852a52058e8e9fa1753d4"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints
index c9d3538aa..aa2bfc5e9 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints
@@ -1,5 +1,5 @@
[
- "+d -?\u007f(X)P",
+ "%[\u0003_V\u001b)\n0]\u001f",
[
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_2_",
@@ -68,7 +68,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "e494df984d02c875eec6ac35758231ca"
+ "5df1d90ca2164cc55c3d7d2636f462ea"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_2_",
@@ -238,7 +238,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "85b3c40300fc50f04d443da25823e768"
+ "bae1e88c9d197ce67a01177754e6a506"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_",
@@ -308,7 +308,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "05f26b2f8b82f04cf76566f70213a679"
+ "795dd188ec154cd92ce4483969f2b9e9"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_",
@@ -472,7 +472,7 @@
"typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "d1c6289f506ebb085a9c7f08d3a19b9f"
+ "f818123d443b6c516bbb12fd0c3b87d8"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution",
@@ -542,7 +542,7 @@
"typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "2555a127ce51fd413c62be028a2b18d5"
+ "e1394e38bb279cfed0bae567e34b0f70"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution",
@@ -632,7 +632,7 @@
"typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
],
0,
- "8c14bcc151803fdd207a1e370fa83bdb"
+ "7b5142d6da856587f33629ecf1e1497f"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
@@ -670,7 +670,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "482ef029521adfd6bc2ab208603063c2"
+ "debd39a1a5671e6ae8701571acc1a905"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
@@ -680,2619 +680,10 @@
[
"@MaxFuel_assumption", "@MaxIFuel_assumption",
"@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "267860fefee09d21384e24de091cd264"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 4,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "c47d1c9e94561ec005844fae50cb8c13"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 5,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "fa8017151e3d8e75164423ba12747222"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 6,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Prims.__cache_version_number__", "int_typing",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "9d44be87a98264c225403efcef6fab76"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 7,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "typing_FStar.Int32.v", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "3e3d985b942bcf503a66016cb29ccd32"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 8,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.max_usize",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_827bf57e8124de12749af0ef2606190d",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "43ac32aad31f13f65d3cb8224eb53683"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 9,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype"
- ],
- 0,
- "d88c14ff51fdf5a4a2313fe3872dfa05"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 10,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "0d3882a468fea2f659489d925c6fbade"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 11,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "bool_typing",
- "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "equation_Prims.eqtype", "equation_Rust_primitives.Integers.usize",
- "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "function_token_typing_Prims.bool",
- "function_token_typing_Rust_primitives.Integers.usize",
- "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3",
- "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
- "refinement_interpretation_Tm_refine_653f92d03090e1262e36d306191c30aa"
- ],
- 0,
- "cd980704b81efe047162bc98f37581ec"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 12,
- 0,
- 1,
- [ "@query" ],
- 0,
- "a8951fec91672be9fbd8e5fde29d5f88"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 13,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "bool_inversion",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t",
- "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "function_token_typing_Lib.IntTypes.byte_t",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "typing_FStar.Seq.Base.length",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v"
- ],
- 0,
- "3d64da3d74d0a16925a638e4128dbbf4"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 14,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "function_token_typing_Lib.IntTypes.byte_t",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
- "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
- ],
- 0,
- "c7b62e2eb0e9c890e1efcb86a46a7994"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 15,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v"
- ],
- 0,
- "4474a978419745d960fb1a2d6b462b00"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 16,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
- ],
- 0,
- "a557d6a3d1ab996b3123e2349d006c12"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 17,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "1a3adf09898aa912f6dc0bab037a27e1"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 18,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits",
- "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a7a18b3d2bbe32ad1d7773e62663094f",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
- ],
- 0,
- "da98050454bec4bc18c6ddd9312d2053"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 19,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_58b08ee6d3705c72cbf8dd19e56fb235",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e0708a3637ec59f8fe2b5ad4ff97a293",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Rust_primitives.cast",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "da994f2546f758bd42bc9ed9e81805a8"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 20,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_58b08ee6d3705c72cbf8dd19e56fb235",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e0708a3637ec59f8fe2b5ad4ff97a293",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "ab200db03b0389a40bda981b1eef632f"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 21,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_90b99f160de9cbf4eaeaa5b9e7bfaa27",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c2aa097d9a475c761626af9eff4f1f24",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Rust_primitives.cast",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "84f362ad8efd473de5c7eddee1c7e7dd"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 22,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_90b99f160de9cbf4eaeaa5b9e7bfaa27",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c2aa097d9a475c761626af9eff4f1f24",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "e88a1e429f5d100e66dc61e9849c6688"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 23,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_9d7d21f76736b7c8c8b0b99ca5e01e87",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Rust_primitives.cast",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "89dd964f51729524939aa59287a953fe"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 24,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits",
- "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_9d7d21f76736b7c8c8b0b99ca5e01e87",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "8369a955ff25f0ed21f8875b9d1463c9"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 25,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "528ca13362bb661b4677aa9434f744bc"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 26,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "ed4e73e9c5df20335880bfe17f7ad4ff"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 27,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "equation_Prims.nat", "int_typing", "lemma_Lib.IntTypes.pow2_4",
- "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
- ],
- 0,
- "363d913f59b8133dbfd7aa6a98a93284"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 28,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_Lib.IntTypes.pow2_4",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.i32_inttype",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "1eeac7b43211a95b4b4d2c6836548591"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 29,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_Lib.IntTypes.bits",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "lemma_Lib.IntTypes.pow2_4",
- "lemma_Rust_primitives.Integers.pow2_values",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "47e8c0ab8e91fc0d0bc26e6c2c4def9e"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 30,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15"
- ],
- 0,
- "5eb78a98d614e3cd385e9c6a2e19fd08"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 31,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "dbdbf607ec4460f3c2407bb2d9e6be38"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 32,
- 0,
- 1,
- [
- "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.S32", "eq2-interp",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sub",
- "equation_Rust_primitives.Integers.unsigned", "int_typing",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "21095c30329b6857c52b864e35568984"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 33,
- 0,
- 1,
- [
- "@query", "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "projection_inverse_BoxInt_proj_0"
- ],
- 0,
- "170d75c54c889cb6c49b6d74e836344a"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 34,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1"
- ],
- 0,
- "1c5870cabe6c0f3a97b5305d023b6b8d"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 35,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1"
- ],
- 0,
- "9376798d3396209bd79be063d02c4db2"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 36,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_3",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a7a18b3d2bbe32ad1d7773e62663094f",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e3e88c78705eb62ab8369ef37656c18c",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "token_correspondence_Prims.pow2.fuel_instrumented",
- "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "7b55c34f02bfb6e78f85263209227770"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 37,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1"
- ],
- 0,
- "e62167743b05c0b48f2e282d45ec9253"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 38,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1"
- ],
- 0,
- "394708e979983fd0747d505843e7a560"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 39,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
- "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_4b9f0a6a391cac6a0b080c6155bcd0bd",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e3e88c78705eb62ab8369ef37656c18c",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f45f1e836de41f4e5a2f921540111cab",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits",
- "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "f6a3e641e6e7e2f1974db931bee2ade8"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 40,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "primitive_Prims.op_GreaterThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a"
- ],
- 0,
- "cac19b69f02ab246d2a072a64ec1830d"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 41,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "ef3c97befdad7910fcd5429b3b883609"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 42,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.v", "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.v", "int_typing",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation",
- "typing_Rust_primitives.Integers.range",
- "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "8602c8f2cdaadb2fceed7c02f8a26ddb"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 43,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "94e5c17b287203fd6ebaed0ca507b1d4"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 44,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "789f854d983951e2c8ed21cdf5d5fd9a"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 45,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "05d233be1330eca3616dbe3e44609436"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 46,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "48757a9cd50754d3cdf5014b0e5bcc5f"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 47,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "a95a89121d25f41025509323761455ab"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 48,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8"
- ],
- 0,
- "1d5bda4f809eb2344cff24521abb4a42"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 49,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S16",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.S8",
- "constructor_distinct_Lib.IntTypes.U1",
- "constructor_distinct_Lib.IntTypes.U16",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "constructor_distinct_Lib.IntTypes.U8",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
- "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
- "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
- "equation_Prims.nat", "equation_Prims.pos",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.shift_left",
- "equation_Rust_primitives.Integers.shift_right",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_FStar.Int32.vu_inv",
- "lemma_Rust_primitives.Integers.pow2_values",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "refinement_interpretation_Tm_refine_063ec48009e52a064638385b47d95b20",
- "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce",
- "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
- "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1",
- "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
- "refinement_interpretation_Tm_refine_5f35e30711c76515c55198a2dde79146",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_b5c55529d37572a7b01b0f8e001ddc85",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_bb8d1b3aa61870cb61354afc1130ca4e",
- "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits",
- "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
- "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "17c7643be1a9edc35ba0a94301ffaf21"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 50,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v",
- "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.cast_mod",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.modulus",
- "equation_Rust_primitives.Integers.op_At_Percent",
- "equation_Rust_primitives.Integers.op_At_Percent_Dot",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "equation_Rust_primitives.cast",
- "equation_Rust_primitives.cast_tc_integers",
- "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
- "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
- "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
- "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
- "projection_inverse_Rust_primitives.Mkcast_tc_cast",
- "refinement_interpretation_Tm_refine_063ec48009e52a064638385b47d95b20",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa",
- "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_884de081b19c5db7b81f9c21396cfef4",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
- "typing_Rust_primitives.Integers.modulus",
- "typing_Rust_primitives.Integers.op_At_Percent_Dot",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U8@tok"
- ],
- 0,
- "26158206b655c1c0c97e34da80f00bac"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 51,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1"
- ],
- 0,
- "732c9de83666ebebe605a9ede49aec3a"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 52,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
- ],
- 0,
- "5eac7515038e8f605286bb5e53e3b36b"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 53,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "equation_Prims.nat",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2"
- ],
- 0,
- "4d5207a5da27485fd8521eb70ef87a72"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 54,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.max_usize",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.usize",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_d58853078dd12c963b813b6cb23cea8e",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v"
- ],
- 0,
- "9304effaa11890dc248bd2289aadcdef"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 55,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Rust_primitives.Integers.lt",
- "equation_Rust_primitives.Integers.v", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_Minus",
- "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1",
- "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da"
- ],
- 0,
- "56e09c68b85f97ffae259afe25f4fd8a"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 56,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Integers.lt",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.v", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_LessThan", "projection_inverse_BoxBool_proj_0",
- "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4",
- "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da"
- ],
- 0,
- "b5884530c9f0b05a8e7f46ec7d5c84ee"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 57,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Rust_primitives.Arrays.length",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.usize",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "refinement_interpretation_Tm_refine_2bdd78644e9034780bac04dcc0d776b9",
- "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v"
- ],
- 0,
- "2345aabfd00c00fae9a709ab5c80e056"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 58,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
- "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Arrays.t_Slice",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.lt",
- "equation_Rust_primitives.Integers.max_usize",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
- "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan",
- "primitive_Prims.op_LessThanOrEqual",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
- "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4",
- "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v"
- ],
- 0,
- "66e56ca6db00111916ef51a5a8eb70b4"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 59,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
- "bool_typing", "constructor_distinct_Lib.IntTypes.S32",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_Lib.IntTypes.minint",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Arrays.t_Slice",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.lt",
- "equation_Rust_primitives.Integers.max_usize",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4",
- "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_80234e287e61e2f0a8d7416b6660d349",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.lt",
- "typing_Rust_primitives.Integers.range",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
- ],
- 0,
- "19f2c5b597742b684528fc3705baaa61"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 60,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
+ "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4",
"Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def",
"bool_inversion", "bool_typing",
"constructor_distinct_Lib.IntTypes.PUB",
- "constructor_distinct_Lib.IntTypes.S32",
- "constructor_distinct_Lib.IntTypes.U32",
- "constructor_distinct_Lib.IntTypes.U64",
- "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok",
- "equality_tok_Lib.IntTypes.PUB@tok",
- "equality_tok_Lib.IntTypes.S32@tok",
- "equality_tok_Lib.IntTypes.U32@tok",
- "equality_tok_Lib.IntTypes.U64@tok",
- "equality_tok_Lib.IntTypes.U8@tok",
- "equation_Core.Ops.Index.in_range",
- "equation_Core.Ops.negation_for_bool",
- "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.max_int",
- "equation_FStar.Int.min_int", "equation_Lib.IntTypes.int_t",
- "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
- "equation_Lib.IntTypes.v",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
- "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
- "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.eqtype", "equation_Rust_primitives.Arrays.length",
- "equation_Rust_primitives.Arrays.t_Array",
- "equation_Rust_primitives.Arrays.t_Slice",
- "equation_Rust_primitives.Hax.impl__index",
- "equation_Rust_primitives.Integers.add",
- "equation_Rust_primitives.Integers.bits",
- "equation_Rust_primitives.Integers.i32",
- "equation_Rust_primitives.Integers.i32_inttype",
- "equation_Rust_primitives.Integers.int_t",
- "equation_Rust_primitives.Integers.inttype",
- "equation_Rust_primitives.Integers.lt",
- "equation_Rust_primitives.Integers.max_usize",
- "equation_Rust_primitives.Integers.maxint",
- "equation_Rust_primitives.Integers.minint",
- "equation_Rust_primitives.Integers.range",
- "equation_Rust_primitives.Integers.range_t",
- "equation_Rust_primitives.Integers.sz",
- "equation_Rust_primitives.Integers.u32_inttype",
- "equation_Rust_primitives.Integers.u8",
- "equation_Rust_primitives.Integers.unsigned",
- "equation_Rust_primitives.Integers.usize",
- "equation_Rust_primitives.Integers.v",
- "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2",
- "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
- "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "function_token_typing_Prims.bool",
- "function_token_typing_Rust_primitives.Integers.usize", "int_typing",
- "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
- "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
- "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
- "lemma_Rust_primitives.Integers.mk_int_v_lemma",
- "lemma_Rust_primitives.Integers.v_mk_int_lemma",
- "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality",
- "primitive_Prims.op_GreaterThanOrEqual",
- "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
- "primitive_Prims.op_Subtraction",
- "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
- "projection_inverse_BoxBool_proj_0",
- "projection_inverse_BoxInt_proj_0",
- "projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
- "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
- "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
- "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
- "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
- "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
- "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
- "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
- "refinement_interpretation_Tm_refine_1d007db99195351c712a6db73e8bf314",
- "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
- "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e",
- "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1",
- "refinement_interpretation_Tm_refine_80234e287e61e2f0a8d7416b6660d349",
- "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
- "refinement_interpretation_Tm_refine_96872c249f535960f67bfd243d7c504d",
- "refinement_interpretation_Tm_refine_a0ad16e2d6246a9d7b3c7da49833ba6e",
- "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_b8446936360146f8748471e28bc51024",
- "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_d3c00e1782637cf4f2c36066ee60018b",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
- "token_correspondence_Core.Ops.Index.in_range",
- "token_correspondence_Core.Ops.op_Tilde_Dot",
- "token_correspondence_Prims.op_Negation", "typing_FStar.UInt32.t",
- "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "typing_Rust_primitives.Integers.lt",
- "typing_Rust_primitives.Integers.unsigned",
- "typing_Rust_primitives.Integers.usize_inttype",
- "typing_Rust_primitives.Integers.v",
- "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
- "typing_tok_Lib.IntTypes.U32@tok"
- ],
- 0,
- "179ba63cc032bdf533da7b03c539e021"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 61,
- 0,
- 1,
- [
- "@MaxFuel_assumption", "@MaxIFuel_assumption",
- "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
- "Prims_pretyping_f537159ed795b314b4e58c260361ae86",
- "Rust_primitives.Hax_interpretation_Tm_arrow_77de5982ed6885d94da0664a4a3face8",
- "b2t_def", "bool_inversion", "bool_typing",
- "constructor_distinct_Lib.IntTypes.PUB",
"constructor_distinct_Lib.IntTypes.S16",
"constructor_distinct_Lib.IntTypes.S32",
"constructor_distinct_Lib.IntTypes.S8",
@@ -3315,24 +706,27 @@
"equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits",
"equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
"equation_FStar.Int.min_int", "equation_FStar.Int.size",
- "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
- "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
- "equation_Lib.IntTypes.pub_int_v",
- "equation_Lib.IntTypes.pub_uint64", "equation_Lib.IntTypes.size_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
"equation_Lib.IntTypes.v",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
"equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
"equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
"equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement",
"equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
"equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
"equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
- "equation_Prims.eqtype", "equation_Prims.nat",
+ "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos",
"equation_Rust_primitives.Arrays.length",
"equation_Rust_primitives.Arrays.t_Array",
"equation_Rust_primitives.Hax.impl__index",
"equation_Rust_primitives.Hax.repeat",
+ "equation_Rust_primitives.Integers.add",
"equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
"equation_Rust_primitives.Integers.i32",
"equation_Rust_primitives.Integers.i32_inttype",
"equation_Rust_primitives.Integers.int_t",
@@ -3341,134 +735,138 @@
"equation_Rust_primitives.Integers.max_usize",
"equation_Rust_primitives.Integers.maxint",
"equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
"equation_Rust_primitives.Integers.range",
"equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_left",
+ "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.sub",
"equation_Rust_primitives.Integers.sz",
"equation_Rust_primitives.Integers.u32_inttype",
"equation_Rust_primitives.Integers.u8",
"equation_Rust_primitives.Integers.unsigned",
"equation_Rust_primitives.Integers.usize",
"equation_Rust_primitives.Integers.v",
- "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
"fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
- "function_token_typing_Lib.IntTypes.byte_t",
- "function_token_typing_Lib.IntTypes.pub_uint64",
- "function_token_typing_Lib.IntTypes.size_t",
+ "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement",
"function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "function_token_typing_Prims.bool", "int_inversion", "int_typing",
+ "function_token_typing_Prims.bool",
+ "function_token_typing_Rust_primitives.Integers.usize",
+ "int_inversion", "int_typing",
"interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696",
"interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
"interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc",
"interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21",
"interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
"lemma_FStar.Int32.vu_inv",
"lemma_FStar.Seq.Base.lemma_index_create",
- "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Lib.IntTypes.pow2_4",
"lemma_Rust_primitives.Integers.pow2_values",
"lemma_Rust_primitives.Integers.v_mk_int_lemma",
"primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
- "primitive_Prims.op_Equality",
+ "primitive_Prims.op_Division",
"primitive_Prims.op_GreaterThanOrEqual",
"primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
- "primitive_Prims.op_Minus", "primitive_Prims.op_Negation",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation",
"primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Ops.Index.Mkt_Index_f_Output",
"proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
"projection_inverse_BoxBool_proj_0",
"projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output",
"projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
"projection_inverse_Core.Ops.Index.Mkt_Index_in_range",
"projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot",
"projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
"projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
- "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
"projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
- "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce",
- "refinement_interpretation_Tm_refine_1d007db99195351c712a6db73e8bf314",
- "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
"refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
"refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
- "refinement_interpretation_Tm_refine_41fecc648ab1aa1eb38fbafbeff0c8f1",
- "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
- "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae",
- "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815",
"refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
"refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
"refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
- "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b",
- "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1",
- "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
"refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
- "refinement_interpretation_Tm_refine_a7ed78aa7e3623de595c68512d89c3cc",
- "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95",
- "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0",
"refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
- "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7",
- "refinement_interpretation_Tm_refine_b67ac003e5311a4bbe56ba40d9c56968",
"refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
"refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
"refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
- "refinement_interpretation_Tm_refine_c52f7940616711efe853dbbbf8dc6dc6",
- "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502",
- "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da",
- "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149",
- "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
- "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
"token_correspondence_Core.Ops.Index.f_index",
"token_correspondence_Core.Ops.Index.in_range",
"token_correspondence_Core.Ops.op_String_Access",
"token_correspondence_Core.Ops.op_Tilde_Dot",
"token_correspondence_Prims.op_Negation",
- "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Int32.v",
+ "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length",
"typing_FStar.UInt32.t", "typing_FStar.UInt64.t",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.pub_int_v",
+ "typing_Lib.IntTypes.v",
"typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients",
"typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
"typing_Libcrux.Kem.Kyber.Arithmetic.i32_b",
"typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
- "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT",
- "typing_Rust_primitives.Hax.repeat",
- "typing_Rust_primitives.Integers.bits",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
"typing_Rust_primitives.Integers.range",
"typing_Rust_primitives.Integers.unsigned",
"typing_Rust_primitives.Integers.usize_inttype",
"typing_Rust_primitives.Integers.v",
- "typing_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
- "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
- "typing_tok_Lib.IntTypes.U64@tok"
- ],
- 0,
- "78e9d8cf94c9a013558e4230ec9f8b26"
- ],
- [
- "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 62,
- 0,
- 1,
- [
- "@MaxIFuel_assumption", "@query",
- "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok",
- "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "equation_Prims.eqtype", "equation_Rust_primitives.Integers.usize",
- "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "function_token_typing_Prims.bool",
- "function_token_typing_Rust_primitives.Integers.usize",
- "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f"
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
],
0,
- "b5aa0bd7a167bb16b89e2a0e4ee0dcd5"
+ "a61777fea43841a50898bf05f732bc61"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
- 63,
+ 3,
0,
1,
[
- "@MaxIFuel_assumption", "@query",
- "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
- "equation_Rust_primitives.Integers.usize",
- "refinement_interpretation_Tm_refine_44ffa952d9c0d6b2d71840439d6f3a7a"
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "775f0b39329e23ce25fa24de6344cfeb"
+ "dcbfd20070b151f9ecef71df5ca5de1e"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints
index e25b08757..fa1ae74c8 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints
@@ -68,7 +68,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "b8783ae6fcec03d86139a1a64d2a2d02"
+ "4a4d0ad0f86b72f8b7eff669e16b55d1"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_",
@@ -137,7 +137,7 @@
"typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
],
0,
- "79ad7f3ea830a38eb7619b5208af35ba"
+ "a549904f31962cb464ac5a00ef2412ac"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution",
@@ -206,7 +206,7 @@
"typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok"
],
0,
- "3b1ae8778ed9fdaad9c4123d83b3a1a0"
+ "6ca7728f6b715bff43d571224923f841"
],
[
"Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution",
@@ -244,7 +244,7 @@
"typing_Rust_primitives.Integers.usize_inttype"
],
0,
- "c115e8a53b80c5965c15822641ae4a1f"
+ "ec3598a5f56fc9180715d9dffa1439f4"
]
]
]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints
index c14775edd..6d2610c4a 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints
@@ -1 +1,8248 @@
-[ "Di{nD2Ql", [] ]
\ No newline at end of file
+[
+ "[1\u001d-p\u001a695z\u00106",
+ [
+ [
+ "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ 1,
+ 2,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a"
+ ],
+ 0,
+ "ccd8472371dd3115f9bc72bddbed7445"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "47a78df265c114a1ede02f85d5a82718"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6",
+ "MkSeq_interpretation_Tm_arrow_5765cf80a31e12b6cf9294aa374986ee",
+ "MkSeq_interpretation_Tm_arrow_699c8dd73beae55d251f2f1ab7800f43",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "constructor_distinct_Prims.Cons",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple4@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create4", "equation_MkSeq.create5",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create4",
+ "function_token_typing_MkSeq.create5",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_a9b198e31fde8a384087b8239a5e2e08",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_cast",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__5",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__5",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Prims.Cons_a",
+ "projection_inverse_Prims.Cons_hd",
+ "projection_inverse_Prims.Cons_tl",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_fc12799aca7afdfe7dbfd8172fc58a83",
+ "token_correspondence_MkSeq.create4",
+ "token_correspondence_MkSeq.create5",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.List.Tot.Base.length",
+ "typing_FStar.Pervasives.Native.__proj__Mktuple5__item___1",
+ "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Properties.createL",
+ "typing_FStar.Seq.Properties.seq_of_list",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.maxint",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "87131f24ce7643232ed7d2002e135ce3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 1,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "bb2c1dbfdf25d30ac29d566ece4235f2"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 2,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "68e3a276c3575ca062102c2d94c461dd"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 3,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "30f8c9951332bfe8215925547ad2dcac"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 4,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "0f8eed757051ce331fbae3e78d94ca8c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 5,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "c119705747a71f2d449de208ef14e768"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 6,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "f5c5a6749cb91f78e7e1b0a492a786cf"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 7,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "0269d48391e63ee7003464f07da9a298"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 8,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "42a93971450230120ebeee2dd24f3225"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 9,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "717baccbc8741cc48eb9a3960840fee5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 10,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "06e598a53e3c0ee88c112870647cd0e3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 11,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "6ff77aebfde37b81cd7b0a58f99b0eb5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 12,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "417034a80c13477ade8ca3a7c75a300e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 13,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "d0e39c9d464003fd8c851be1ff3ad580"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 14,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "04eee1d34e899ef569c6cca38d89234e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 15,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "6073df3c924503aede28fbc3352ad1a8"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 16,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "611f681a97a80c3f7f161df68adb11f3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 17,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "37d51f78421f0b6e87b300c586e404b0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 18,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned", "int_typing",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_234bcc9a10d7cb32aa417591eceec75c",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "d78c379a96fed0b6119f0d90795652bf"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 19,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "cc3d466370133b513742970f39d337f0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 20,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "76fe2190be199d71ebff1eec8ab13adb"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 21,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits"
+ ],
+ 0,
+ "d49cc61dbae0d0e97d7889d46119f8e3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 22,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits"
+ ],
+ 0,
+ "ab37bbdafba73e1db9435f274881ec22"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 23,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_3700901ab829772f6264299ef9d336b6",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_5dc7a15c518e00b12f33d62ec3e061af",
+ "refinement_interpretation_Tm_refine_a17f0f6ecfa442a79ff1a1721abb0913"
+ ],
+ 0,
+ "3f774b7378d031745dfb796bf8c135d3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 24,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167"
+ ],
+ 0,
+ "db2d937ccb1dac6cecce0b3af5fa5c68"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 25,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_FStar.Int32.v", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "22d55b5ae57040aa0205402a874fc4cd"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 26,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "1dfb2195ef566348d311c48e09b43f59"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 27,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "89eaf196665ea251abca42462434c811"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 28,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_FStar.Int32.v", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "d643ea8d13ff009506fb1503fb63f699"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 29,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "49b59eb1581064d83c654f19bd6438f4"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 30,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "cc51cbc656c4907b72c6383ed51b6856"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 31,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "b37d1151222dbdcf1e52c42eb7058cc0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 32,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "f22a8f38a1b96519536372d9b5f07d1f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 33,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "1e0c8d55ee1ca8050a26c3a3b92fc2a3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 34,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "679462064af716e52d2a87ae63376f00"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 35,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "38d1c6935cd4639205fc77377523726f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 36,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "31bc5bb62b5f7108242dbd97d95207ca"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 37,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "cbf6249dfb614dd10a0e69398b854903"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 38,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "44e0c8b6fb9177b98867f5d2169f6114"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 39,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "5e7a4325c471eb4a6e51f86ec1f0b6ed"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 40,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "337c4ec8481fda19cef933328bb30a06"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 41,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "0f004d13e8ee10ca9760c059261cd80e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 42,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "4b653fb1be1ceab0fd04b47dc7797e3f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 43,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf"
+ ],
+ 0,
+ "8d46dee4a4332bd381843ddbe59c38c1"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 44,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "48801b977745def6ad85a3636d13bfe7"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 45,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "18b1084c8e68651ee6dd7d1bd61852d6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 46,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "9cb5e8e64fe71ce07a65f20b0454a280"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 47,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92"
+ ],
+ 0,
+ "863af353e3ee3bfd73d3d80820676070"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 48,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92"
+ ],
+ 0,
+ "2bc4f9483926e34588c92dd1aeb3b594"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 49,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2"
+ ],
+ 0,
+ "1bfdbcdca341d2fe8f47fa7e64e7c389"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 50,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "e3fa79bb446718a727f09dcf0f095205"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 51,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "ffeb89717961346d5c8d22a40efef50d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 52,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "e9917c0bb5b5141f6b959fe28a274da6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 53,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2"
+ ],
+ 0,
+ "dde0dd3d87dfeff32e25b40275f599e5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 54,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "aa6708f743b2b2075c1f30e85d8c5c4a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 55,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540"
+ ],
+ 0,
+ "5994c67c62625b17e05e3e8eace98efb"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 56,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540"
+ ],
+ 0,
+ "ad0c8a3e82a8cf5cd5a4a661647b7ab5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 57,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "af249561a09568fde88cfefedc2defaf"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 58,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "6abf3a21ff621203c9240dfb78a65422"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 59,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463",
+ "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad",
+ "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb",
+ "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create11", "equation_MkSeq.create8",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.shift_right",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create11",
+ "function_token_typing_MkSeq.create8",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04",
+ "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Lib.IntTypes.pow2_4", "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_cast",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__10",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__11",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__8",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__9",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__8",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__10",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__11",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__8",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__9",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_03288e8cad3d11e26a62a263d75b4cb9",
+ "refinement_interpretation_Tm_refine_0900f6d27eee08e6b24699af33bdd980",
+ "refinement_interpretation_Tm_refine_0c9b06294dff41094502d49f1333bc66",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943",
+ "refinement_interpretation_Tm_refine_11bd00882981a11bde2b7488a120fea3",
+ "refinement_interpretation_Tm_refine_1630095134d496251f9dbee10f563351",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_25a3ac62ce8d1d795628b758d48abad1",
+ "refinement_interpretation_Tm_refine_285d5ca95815dcb9fcec0ae13da5f30c",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_3012dc4a62607a165775ce6122df6b27",
+ "refinement_interpretation_Tm_refine_30981af7fd860e5c568b8d009530eb31",
+ "refinement_interpretation_Tm_refine_323fd021d67da454aac7a72ae61803ea",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_407639fa4a3a9bfc3bc6bbc3909bfc4b",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_43033bd40b37c27f3970f3d3c9a83a5b",
+ "refinement_interpretation_Tm_refine_431c6ca16285d5a76e2c88d2d1dccde8",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_4ca250af55e851798f1f7ca27370fbd4",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2",
+ "refinement_interpretation_Tm_refine_584b3a9a74baf7a29d3698b7516c2193",
+ "refinement_interpretation_Tm_refine_5bda579c3238b7ebf3eb20990c077add",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_68be43361f6b0a2ca26d09c6001ce02c",
+ "refinement_interpretation_Tm_refine_68dff4c795dafa4be4a59f4e27a0979b",
+ "refinement_interpretation_Tm_refine_7352dbda367376c8148623c0bd9da22e",
+ "refinement_interpretation_Tm_refine_7421661848e7f5fd9be9fa4992b9b38e",
+ "refinement_interpretation_Tm_refine_75bec031b01ab239c487d25c884c71af",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_7a913994e59799e1615661ef88cf6d51",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_8c58e4d37101fcc8d750f4795e54b94d",
+ "refinement_interpretation_Tm_refine_8f911d4d169321a588d3114e4230c4c6",
+ "refinement_interpretation_Tm_refine_93ed04a223f7439fa077821b29182eeb",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_98abe168e6b1ea7644d51f543a1a3c14",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a9a53e242c0f05760a112cb2a707b2ef",
+ "refinement_interpretation_Tm_refine_b74baabba1c88e4aadcb6d5570e9405e",
+ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540",
+ "refinement_interpretation_Tm_refine_b8d7112f15f21bfb3f89916e51700950",
+ "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_bf2fa1226f2c9a0f6671df3e80ddcb8e",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c1419d1febcb2d125cd78bbe8260ab31",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_c39edbde6953594c41fd1ce1133b8e6e",
+ "refinement_interpretation_Tm_refine_c8c3a0e3628890b2f91a193166a333a7",
+ "refinement_interpretation_Tm_refine_ca28d5a9fd928a4002e977c9cc61e296",
+ "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3",
+ "refinement_interpretation_Tm_refine_cfa4dd8d4f1012e862eb49b075f3d16b",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_d68e2a22146ea24e1807d51a848a0b8b",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_e672d1c32eac49ff2db7742f4921105c",
+ "refinement_interpretation_Tm_refine_e8d0d19737b852e0424d986f2eb513ec",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_eead4c247585281c2f0a33403df1567c",
+ "refinement_interpretation_Tm_refine_eff85ef0cb51f33c35f89baf7adbb28d",
+ "refinement_interpretation_Tm_refine_f84c8bac306d3c0d8a4e6993bcf115a1",
+ "refinement_interpretation_Tm_refine_f90cf9578b44d0a863a7e4e273361944",
+ "token_correspondence_MkSeq.create11",
+ "token_correspondence_MkSeq.create8",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.index",
+ "typing_FStar.Seq.Base.length",
+ "typing_FStar.Seq.Properties.seq_of_list",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.maxint",
+ "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "f96e8c0ac50890c8aabfef5b668bab80"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 60,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "30dda11b77eccdfda59d1d31e6240707"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 61,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "1533c2db3262582ea41904880fbfd11a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 62,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "0d36cd982093dae7981a82089f272c00"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 63,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "04d507ea78941699ab43209fc9ae3c15"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 64,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "e06009fb8b60093a1edfe243a3deb04d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 65,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "9031294cde0896276d0b622bdaf67866"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 66,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "4b80f54d77b5ff76a60eff1bba35e993"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 67,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "be497b635f778d68dfee57ab3ce3f27b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 68,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "a2f51ef335284715930ef680acc2b197"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 69,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "bf417503cf1893396cf3203d54e7befc"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 70,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "4ef809046b68fb5a90d0a657d1d56651"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 71,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "4b35b038ce1753122a1b92d0938181db"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 72,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "82baac9412452fb37a92cf88d08fd000"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 73,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "9f937b72fe3b03a37a6c9bde128eb7c6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 74,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "2b128f737f25ed8a451731383d7f3f55"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_",
+ 75,
+ 0,
+ 1,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "5d2f2745641471e22665249dbb6f0fa5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.unsigned",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "0835f9977ae658b287e6cac36b1eb865"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad",
+ "MkSeq_interpretation_Tm_arrow_18d3dcbafa1048d6377074186f5f2afd",
+ "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab",
+ "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S128",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.pub_uint16", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create2", "equation_MkSeq.create3",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_Lib.IntTypes.pub_uint16",
+ "function_token_typing_MkSeq.create2",
+ "function_token_typing_MkSeq.create3",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u16",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_cast",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple3__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple3__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple3__3",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple3__3",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_4adc867dedc8116424e7854032f7976a",
+ "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_95ae2ea82ad46807d92403305a4898eb",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d261778ce6a448bd4ab7bd9f494cdb2e",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "refinement_interpretation_Tm_refine_f2a41cd0b7a1b87e64e4bdabfc823091",
+ "token_correspondence_MkSeq.create2",
+ "token_correspondence_MkSeq.create3",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length",
+ "typing_FStar.Seq.Properties.createL",
+ "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits",
+ "typing_FStar.UInt16.uint_to_t", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.maxint",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U16@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "931f4f7426dae7eaa96f36a234c7194c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "equality_tok_Lib.IntTypes.U16@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "631513c60a9cb8a8ae3b80094d1b953b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 1,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "c3344b1e493aff17bf2fc9a8d7f29cc5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "e1d4429384d8f4ffef8f9a8b1bdecc61"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "7df18922fd2c074a673607ae414ef80d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 4,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "912965799f92c491428a2b9026e439e4"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 5,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "f664d1c1de1df7e007724f721e7cba71"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 6,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "dbe20ff9a685adf7884925f6f701ee5a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 7,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "93bd4cc5db01e0191b533037d38e9bc6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 8,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "930ab22b726dd204775ce3c355521a7e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 9,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "021f4e8274b1ea0d7fc06c40dfa4dbb2"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 10,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "7c609fd99690e7fa430bde2740e6d655"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 11,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "8882fefd6bce724c3a7c0df5f2040407"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 12,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "c5d7b5824264bd76ce435a8e62ed6b44"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 13,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "88b15bfd12de152d8f4de61e6d84cbd2"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 14,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "6f1c61df1bc28f721cc0719c55615b5c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 15,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "e375c529754485f03947130e3c38f00a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 16,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "101ddf6fe4addad147641d38bdcc1612"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 17,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "2947e161271e3f4127a88ceba13dc348"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 18,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "bool_inversion",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_234bcc9a10d7cb32aa417591eceec75c",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "fdc6ee24254791320394b4fa784eb716"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 19,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "5f367c0e59ff00edd30c8c036f8255bd"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 20,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "2257cd65e327c4b1b2fcfef442a66e69"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 21,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits"
+ ],
+ 0,
+ "36e04d7862457b82eb09593affd737a6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 22,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits"
+ ],
+ 0,
+ "bedf14f502fd5d3a9baf0267ca038d2d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 23,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_c027c94faca3e6aa9b762b564f7f938f",
+ "refinement_interpretation_Tm_refine_f44d89e9d4f94f0509c6991fee3340e0",
+ "refinement_interpretation_Tm_refine_fd0534dae74a1a03c82c48538de4b46a"
+ ],
+ 0,
+ "ede54b8d458c6a7ed1decb9234e657c3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 24,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "fe60b2494a99a79e3983f8afd7d28a8b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 25,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "09e1c056e173146eba424f3b8e461b52"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 26,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "8661e6829f3c79445eaa82b00665b7a9"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 27,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "f30291b26e9e8b724c0070bbcd61d23e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 28,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "caad265ad5647e04535ab99aa866699a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 29,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "ed147dccfa6f948587ab18fbd8323f28"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 30,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "c62d875b633815eccaf2a104be9556b8"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 31,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "f70e5367b0f6c7af53faff1d025d6ec8"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 32,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "85dd8edd86a92ec9f708a6c67f808503"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 33,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "15ec87363af48d1235f977f7d9af39b3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 34,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "b22b1aa328c182544224bf5467643702"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 35,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "b39ad6898422409e6278aab444158bea"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 36,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "0dba4abfd1065deca64de613f3313e16"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 37,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "2aac63edff0db97d82c0b0bbb9b21792"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 38,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92"
+ ],
+ 0,
+ "f1de3f74ba8dfd0586fce67bb288a760"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 39,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92"
+ ],
+ 0,
+ "d962e05d56d7ef85295a9ca9e8d27e06"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 40,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "c639641148854686633bbd03a6bd580f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 41,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e"
+ ],
+ 0,
+ "0e46c7f303180c47fef6375406beb743"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 42,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042"
+ ],
+ 0,
+ "0b89871368a8e976676fe94f3a8f2be0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 43,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042"
+ ],
+ 0,
+ "5389f15a34044e2d58d98ca6129e17b3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 44,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042"
+ ],
+ 0,
+ "407a506e190c9b0c21be617f6e4818be"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 45,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042"
+ ],
+ 0,
+ "6ad9e39d48214dad164339b7dd3fe025"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 46,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6",
+ "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S128",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "constructor_distinct_Prims.Cons",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create5", "equation_MkSeq.create8",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create5",
+ "function_token_typing_MkSeq.create8",
+ "function_token_typing_Prims.__cache_version_number__",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__8",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Prims.Cons_a",
+ "projection_inverse_Prims.Cons_hd",
+ "projection_inverse_Prims.Cons_tl",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_1c5286c19e2dc27f1052618432c91d6f",
+ "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf",
+ "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451",
+ "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8",
+ "refinement_interpretation_Tm_refine_348668412ebc92437d7b3fa54735669f",
+ "refinement_interpretation_Tm_refine_3b0be6161aa0b8361211259755e1b0e5",
+ "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce",
+ "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8",
+ "refinement_interpretation_Tm_refine_3f47fed31b82f7b9f75dcaf2b6fd8a55",
+ "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32",
+ "refinement_interpretation_Tm_refine_43032d78c0d9c973ee6a4ea3963d6299",
+ "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7",
+ "refinement_interpretation_Tm_refine_442733b909b4d11ce4c302b61b2687f8",
+ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_5697d84f7e5e0182931e383618a74f6e",
+ "refinement_interpretation_Tm_refine_5d44e3b791fe42a6e4d913e9542239a6",
+ "refinement_interpretation_Tm_refine_64da8703f211c27b5b839c9c65a06528",
+ "refinement_interpretation_Tm_refine_68e1e46e0e116ebf5002462ac104cf13",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_79314ab28fd88623b79ef1586e2f0688",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf",
+ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e",
+ "refinement_interpretation_Tm_refine_8c5faf5840ea46a99052f40aefb1fddd",
+ "refinement_interpretation_Tm_refine_91819617799f2903fcac830eb1ef53e4",
+ "refinement_interpretation_Tm_refine_961e3d723da2b58b1e5fbbc454f0a5bf",
+ "refinement_interpretation_Tm_refine_96d0dc8f1882a138d9d650b7dcb144ac",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a7aa442ae6c1efd66b84e4a98d8721be",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_b1d2336dddeb9ed84f4f895e9c330916",
+ "refinement_interpretation_Tm_refine_b2c2cdf4bbe4aa35b2034872d779f3d2",
+ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c12fc4a64d0fd6897144bd1bac678a85",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3",
+ "refinement_interpretation_Tm_refine_d0dc508d17665f6bbe9cb605f6b0691c",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1",
+ "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a",
+ "token_correspondence_MkSeq.create5",
+ "token_correspondence_MkSeq.create8",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "typing_FStar.List.Tot.Base.length", "typing_FStar.Seq.Base.length",
+ "typing_FStar.Seq.Properties.createL",
+ "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits",
+ "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.minint",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "1d28a711b4c8a2da497ec1e3ccb5c3a0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 47,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "7bdf80a35fb8fa100703a120c69fa948"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 48,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "73be4dbbc96de3643b03c7157326e886"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 49,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "dd57db5d496140f4aa4c7e40ebd15271"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 50,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "b7bcde8fffe22e6d38d0d0323f79e0f3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 51,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "66ad2b9f8159a4b9833cdb1ded3c4f7e"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 52,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "493d430f0fd15b1d94eaac9df8801262"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 53,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "e961e595c1b0a1d60f24571ec8000c64"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 54,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "078311a82ed7033941afc9dd338f4ff0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 55,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "d054055601096a9f39af42ee798b2591"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 56,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "432860790ac80caabeae60dfc8e488ae"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 57,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "a4810c030fde918949ca3b8a8e597a37"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 58,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "ef30da171c045c11f0cceff7482b8689"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 59,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "351569453c9abac739200f568b205819"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 60,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "5ae3000630f834aa1ea82ee5bf2ad460"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 61,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "45e2656d9ee4ee5d8deebe91ada45418"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_",
+ 62,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "7c16c7e5938fbb8fa8ccfe9151ede411"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "79104170450201dd369d569802e71392"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6",
+ "MkSeq_interpretation_Tm_arrow_5765cf80a31e12b6cf9294aa374986ee",
+ "MkSeq_interpretation_Tm_arrow_699c8dd73beae55d251f2f1ab7800f43",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple4@tok",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create4", "equation_MkSeq.create5",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_MkSeq.create4",
+ "function_token_typing_MkSeq.create5",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_a9b198e31fde8a384087b8239a5e2e08",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple4__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__5",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple4__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__5",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a",
+ "refinement_interpretation_Tm_refine_fc12799aca7afdfe7dbfd8172fc58a83",
+ "token_correspondence_MkSeq.create4",
+ "token_correspondence_MkSeq.create5",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t",
+ "typing_FStar.Int32.v", "typing_FStar.List.Tot.Base.length",
+ "typing_FStar.Seq.Properties.seq_of_list", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
+ ],
+ 0,
+ "dc511fd7eff87f96907d80830f8d140b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "99a45802430108e55d0ecb61a8080340"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "0f877d7840ae4ca8267c69819d2719cc"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463",
+ "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad",
+ "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb",
+ "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "constructor_distinct_Prims.Cons",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple11@tok",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create11", "equation_MkSeq.create8",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_MkSeq.create11",
+ "function_token_typing_MkSeq.create8",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04",
+ "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__10",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__11",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__8",
+ "proj_equation_FStar.Pervasives.Native.Mktuple11__9",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__8",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__10",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__11",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__8",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple11__9",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Prims.Cons_a",
+ "projection_inverse_Prims.Cons_hd",
+ "projection_inverse_Prims.Cons_tl",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a",
+ "token_correspondence_MkSeq.create11",
+ "token_correspondence_MkSeq.create8",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t",
+ "typing_FStar.List.Tot.Base.length",
+ "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
+ ],
+ 0,
+ "82e730f6155f22d94dc8811aa4f472c4"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "bb4d83a5c924b73f2e47166515928146"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "f72d7723004a87bfd19eff871ebcd7b1"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "FStar.Sealed_interpretation_Tm_arrow_6980332764c4493a7b0df5c02f7aefbe",
+ "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad",
+ "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778",
+ "MkSeq_interpretation_Tm_arrow_a8cce9f06a7eff5740f6bae57e839f6b",
+ "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716",
+ "Rust_primitives_interpretation_Tm_arrow_f41a2414a22e10a5d3d0356941703414",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S128",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok",
+ "data_typing_intro_Prims.Cons@tok",
+ "data_typing_intro_Prims.Nil@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create1", "equation_MkSeq.create2",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create1",
+ "function_token_typing_MkSeq.create2",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442",
+ "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_cast",
+ "lemma_Rust_primitives.Integers.get_bit_cast_extend",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_Equality",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__2",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf",
+ "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451",
+ "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c",
+ "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce",
+ "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "token_correspondence_MkSeq.create1",
+ "token_correspondence_MkSeq.create2",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.index",
+ "typing_FStar.Seq.Properties.createL",
+ "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits",
+ "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Rust_primitives.cast_tc_integers",
+ "typing_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "11b48241cf0f444a609ff71088f70118"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "4fc193ede578f8241bc4208fc01b3fac"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6",
+ "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565",
+ "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq",
+ "equation_MkSeq.create5", "equation_MkSeq.create8",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_MkSeq.create5",
+ "function_token_typing_MkSeq.create8",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.Integers.i32",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple5__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__1",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__2",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__3",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__4",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__5",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__6",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__7",
+ "proj_equation_FStar.Pervasives.Native.Mktuple8__8",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple5__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a",
+ "token_correspondence_MkSeq.create5",
+ "token_correspondence_MkSeq.create8",
+ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array",
+ "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok"
+ ],
+ 0,
+ "4af6b3a227212174a1be0df9cf87ccf9"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "8ae13eeee2eaa353e6a4931dc10a6a10"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.cast_bound_lemma",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.U128",
+ "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.v",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_inversion",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_8340312299787f1426d65a26131694de",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_tok_Lib.IntTypes.PUB@tok"
+ ],
+ 0,
+ "967d2d15d3b623dd9f71e987aedf6a8a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S128",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S128@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.min_int",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_inversion",
+ "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values",
+ "lemma_Lib.IntTypes.pow2_127", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Libcrux.Kem.Kyber.Serialize.cast_bound_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_60372b853747ce4c889f09ce5240e994",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
+ "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S128@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "d68c0a951427b0b785bb7c8be3ce619c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.mul_in_range",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned", "int_typing",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "a3bb8f8674fab93cfb855837c0d6ceac"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_10_",
+ 1,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_MkSeq.create5", "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create5",
+ "function_token_typing_Prims.__cache_version_number__", "int_typing",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
+ "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451",
+ "refinement_interpretation_Tm_refine_27acc9d57c8d8f1b3a3d6ee8bf68b1bf",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a21ea137a8463fd90e99d77530c868a2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_MkSeq.create5",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Prims.pow2", "typing_Rust_primitives.Hax.repeat",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "a85abd6f518070a8dd4c9644bc2c753f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.update5",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing",
+ "lemma_FStar.Seq.Base.lemma_index_upd1",
+ "lemma_FStar.Seq.Base.lemma_index_upd2",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_1208e4787dbcaf7b5fcbd5e4330ccd11",
+ "refinement_interpretation_Tm_refine_331c14d442c5ee89a4fce6ea305c920f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8d3b5d45dd5cf77d77cdd888d9ced785",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55",
+ "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "78af667b63b11edad4269595af16adb3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_",
+ 1,
+ 0,
+ 1,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4",
+ "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463",
+ "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_elim_FStar.Pervasives.Native.Mktuple2",
+ "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_MkSeq.create11", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize",
+ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create11", "int_typing",
+ "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "proj_equation_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_70d312c8ec0b8643a1f0f5f003ab915a",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_MkSeq.create11",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "1b6149e8535bf4e4a5dd5eab8067d7eb"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_",
+ 2,
+ 0,
+ 1,
+ [
+ "@query", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "5d0ed5f73d826cadac09261044273dc2"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_",
+ 3,
+ 0,
+ 1,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad",
+ "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_MkSeq.create11", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_0dad9f14443cac3d119e26b37bea27c8",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_0f6e6287f7056ebec0f4b190ee6aee48",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_70d312c8ec0b8643a1f0f5f003ab915a",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bb900e70c3cf1979f4313dcf06d0580a",
+ "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a",
+ "token_correspondence_MkSeq.create11", "typing_Lib.IntTypes.v",
+ "typing_MkSeq.create11", "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_tok_Lib.IntTypes.PUB@tok"
+ ],
+ 0,
+ "30a7dcb54c4a2c6bbbfdc72a62f96f76"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_4_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "int_typing",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
+ "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_04b5775e62c58662499b2b2ec84e8eaa",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_acc8361adfd7a8e7e62d32502083a849",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.Int.fits", "typing_FStar.UInt.fits",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "e0a9b2170b8fdff17ebf6820a55be4e5"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "int_typing",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv",
+ "lemma_Libcrux.Kem.Kyber.Serialize.cast_bound_lemma",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_output",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ba559583f03418e2290fb59e93afccb0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "refinement_kinding_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "58257a6d5f0a15d0f9a83944fb9a4d13"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "b82a8488cd1962e117315f84c5541f6a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query",
+ "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5",
+ "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_MkSeq.create5", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_0dad9f14443cac3d119e26b37bea27c8",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_17842b692fc36ec40a803769d235f928",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_8165a1265edb39cf86f751ce4c9cff51",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99",
+ "refinement_interpretation_Tm_refine_ba559583f03418e2290fb59e93afccb0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a",
+ "refinement_interpretation_Tm_refine_db55e97d0480135110368473524eef5f",
+ "token_correspondence_MkSeq.create5", "typing_Lib.IntTypes.v",
+ "typing_MkSeq.create5", "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_tok_Lib.IntTypes.PUB@tok"
+ ],
+ 0,
+ "009a12f7636d697191084da24cf94162"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "232d3bd22d7cec3c17c075ae5c498069"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Spec.Kyber.field_element",
+ "equation_Spec.Kyber.v_FIELD_MODULUS",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "int_typing", "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_0fcd7f44f1dcbccd19bd6e593cf1ac0f",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_59d416e7476fb7105d7fb8177838e036",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.to_spec_fe",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "d6a98d7907d9ad0c71845a79ffc49437"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_inversion",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.UInt32.uv_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_66a922cd7d39fe76a3ef56268cd7c086",
+ "refinement_interpretation_Tm_refine_6dd2f55c8872fb0160e8109d9e59245f",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok"
+ ],
+ 0,
+ "7fd60066d0187e3d47b5ebf1430faf5d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.eqtype", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_FStar.UInt32.t", "typing_FStar.UInt64.t",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "c6fd606dfa4c5629a024e963571a3eb0"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U128",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "equation_Rust_primitives.Integers.u64_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params",
+ "int_inversion", "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt64.uv_inv",
+ "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
+ "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_66a922cd7d39fe76a3ef56268cd7c086",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_920ec30579342d4ea166ddfb1de07e1d",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.u32_inttype",
+ "typing_Rust_primitives.Integers.u64_inttype",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok",
+ "typing_tok_Lib.IntTypes.U64@tok"
+ ],
+ 0,
+ "3dd6e0c9381222b3978413456a0f977b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Prims.eqtype", "equation_Prims.nat",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_FStar.UInt32.t", "typing_FStar.UInt64.t",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "ae6e29128fdd8dcb0a3634461336f6b1"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.Pervasives.Native.fst", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_inversion",
+ "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Mktuple2__1",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6a572f238903178c35ad6eada2dbaf3",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993",
+ "token_correspondence_Rust_primitives.cast",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "bca6180305124ccdf0b6999dcc28d747"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "a50c2dc793cb2c67b76d7d28895d194a"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.lt",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155",
+ "refinement_interpretation_Tm_refine_a6a572f238903178c35ad6eada2dbaf3",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b77e896f5c637b09a41ab629a923186d",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "667cb67e88d829202be136b2975d8fc9"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division",
+ "primitive_Prims.op_GreaterThanOrEqual",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_0668f3e468d1f693fc2b86558447fb99",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e845cca53ad19c4347b13715739da90e",
+ "token_correspondence_Rust_primitives.cast",
+ "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "1555d8ae4c34a26a219972279def938c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "b2t_def", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "66bae3105910c10fcfe981114252615f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_0668f3e468d1f693fc2b86558447fb99",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_87f064b0f53d2badbd3cb9c5985c4c46",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b38b8a86dd143130555f373754659a27",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_d8836626372248741cc7d6582bd93782",
+ "refinement_interpretation_Tm_refine_e845cca53ad19c4347b13715739da90e",
+ "refinement_interpretation_Tm_refine_ebd4fd466e5ab18d8fff88f813473279",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v"
+ ],
+ 0,
+ "8899ea53d7b6b5bbb7fa5c847a07622b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad",
+ "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778",
+ "MkSeq_interpretation_Tm_arrow_a8cce9f06a7eff5740f6bae57e839f6b",
+ "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_MkSeq.create1", "equation_MkSeq.create2",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create1",
+ "function_token_typing_MkSeq.create2",
+ "function_token_typing_Rust_primitives.Integers.i32", "int_typing",
+ "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442",
+ "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_16da91e8e8e81b1e3e5f34f47ddac61a",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c",
+ "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "token_correspondence_MkSeq.create1",
+ "token_correspondence_MkSeq.create2", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.i32_inttype",
+ "typing_Rust_primitives.Integers.int_t",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "3d43385f447e8223662226ac6e25eda8"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "a951b045e4d494b7b80cb719a209ad37"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_16da91e8e8e81b1e3e5f34f47ddac61a",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c3df9cc460905cf277bb991d449b4987",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "2c7aaf8fc329db0f7a52df5fe0ee1dfc"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb",
+ "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Core.Ops.Index.f_index",
+ "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_MkSeq.create8", "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Hax.impl__index",
+ "equation_Rust_primitives.Hax.repeat",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create8",
+ "function_token_typing_Rust_primitives.Integers.i32", "int_typing",
+ "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04",
+ "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54",
+ "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_FStar.Seq.Base.lemma_index_create",
+ "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3",
+ "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Ops.Index.Mkt_Index_f_index",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__2",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__3",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__4",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__5",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__6",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__7",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_6fa91d9f8fc6f73328383ba63335eaa3",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3",
+ "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993",
+ "token_correspondence_Core.Ops.Index.f_index",
+ "token_correspondence_Core.Ops.op_String_Access",
+ "token_correspondence_MkSeq.create8",
+ "token_correspondence_Prims.pow2.fuel_instrumented",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Hax.repeat",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.sz",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "9bfaa05f26c9858fa259f04161680b67"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_",
+ 2,
+ 0,
+ 0,
+ [
+ "@query", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "e412452fe28507a6b6833791b306e961"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion",
+ "bool_typing", "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned", "int_typing",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_6fa91d9f8fc6f73328383ba63335eaa3",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "a1c0098a6e3a6a0bdf7fbae1dafe0da6"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "6adffe2256308c51d108b85a8291f214"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S128",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S64",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok",
+ "equation_Core.Iter.Traits.Collect.f_into_iter",
+ "equation_Core.Ops.Range.iterator_range", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.op_At_Percent",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.signed",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.u8_inttype",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "equation_Spec.Kyber.v_H_DIGEST_SIZE",
+ "equation_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_Prims.__cache_version_number__",
+ "function_token_typing_Rust_primitives.Integers.usize", "int_typing",
+ "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40",
+ "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2",
+ "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "l_and-interp", "lemma_FStar.Int32.uv_inv",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.v_injective",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_cast",
+ "lemma_Rust_primitives.Integers.get_bit_cast_extend",
+ "lemma_Rust_primitives.Integers.get_bit_shr",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_Item",
+ "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "proj_equation_Core.Ops.Range.Mkt_Range_f_end",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter",
+ "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_Item",
+ "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains",
+ "projection_inverse_Core.Ops.Range.Mkt_Range_f_end",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf",
+ "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_c91a99623b4591027aaae7c7b521689f",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "token_correspondence_Core.Iter.Traits.Collect.f_into_iter",
+ "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains",
+ "token_correspondence_Rust_primitives.cast",
+ "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end",
+ "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t",
+ "typing_FStar.Seq.Base.length", "typing_FStar.UInt8.uint_to_t",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "1ffdfa9cf08fc87d5662c0631e88f74f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message",
+ 3,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "af790c495a829531bfe053ec19731de1"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxIFuel_assumption", "@query", "bool_inversion",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.v",
+ "equation_Prims.eqtype", "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_a71ec81f8cb1ec50e94cecd44b6a58a4",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_FStar.UInt32.t", "typing_FStar.UInt64.t",
+ "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok"
+ ],
+ 0,
+ "dbe67f790bea92ddd3e549901331e3c3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.fits",
+ "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int",
+ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_Prims.nat",
+ "equation_Prims.pos", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers", "int_inversion",
+ "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a71ec81f8cb1ec50e94cecd44b6a58a4",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.modulus",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok"
+ ],
+ 0,
+ "0b3d6effc193783dcad833592402447b"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params",
+ "equation_Spec.Kyber.valid_params",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_typing",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c12594a31c8f7ec35f591fccbb966570",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "typing_FStar.Seq.Base.length",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Spec.Kyber.valid_params"
+ ],
+ 0,
+ "2902046d3b34d37d0a9cbb173b73a2f3"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.size",
+ "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int",
+ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size",
+ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.cast_mod",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.modulus",
+ "equation_Rust_primitives.Integers.op_At_Percent_Dot",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u32",
+ "equation_Rust_primitives.Integers.u32_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params",
+ "function_token_typing_Lib.IntTypes.byte_t", "int_typing",
+ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus",
+ "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56",
+ "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_74b76b07e89ce2e377ee1865b2d2972c",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688",
+ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int32.v",
+ "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.cast_mod",
+ "typing_Rust_primitives.Integers.op_At_Percent_Dot",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE",
+ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok",
+ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok"
+ ],
+ 0,
+ "ae7518b7924624bb1ed14958c9b74b5d"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def",
+ "bool_inversion", "bool_typing",
+ "constructor_distinct_FStar.Pervasives.Native.Some",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "disc_equation_FStar.Pervasives.Native.Some",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t",
+ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t",
+ "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range",
+ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_Prims.nat", "equation_Prims.pos",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Arrays.t_Slice",
+ "equation_Rust_primitives.BitVectors.bounded",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.BitVectors.num_bits",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bit",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.i32_inttype",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.cast",
+ "equation_Rust_primitives.cast_tc_integers",
+ "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_Prims.__cache_version_number__", "int_typing",
+ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1",
+ "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2",
+ "lemma_Lib.IntTypes.pow2_4",
+ "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma",
+ "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32",
+ "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded",
+ "lemma_Rust_primitives.Integers.get_bit_and",
+ "lemma_Rust_primitives.Integers.get_bit_or",
+ "lemma_Rust_primitives.Integers.get_bit_shl",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThan",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus",
+ "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "proj_equation_FStar.Pervasives.Native.Some_v",
+ "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__2",
+ "projection_inverse_FStar.Pervasives.Native.Some_a",
+ "projection_inverse_FStar.Pervasives.Native.Some_v",
+ "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients",
+ "projection_inverse_Rust_primitives.Mkcast_tc_cast",
+ "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6",
+ "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d",
+ "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da",
+ "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4",
+ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "refinement_interpretation_Tm_refine_e7f63df644568e6d209d985baf736b12",
+ "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5",
+ "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc",
+ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits",
+ "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length",
+ "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.get_bit",
+ "typing_Rust_primitives.Integers.logand",
+ "typing_Rust_primitives.Integers.mk_int",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok",
+ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok",
+ "typing_tok_Lib.IntTypes.U8@tok"
+ ],
+ 0,
+ "cf4275373c55a87f388b992affdd1fd4"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element",
+ 1,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "bool_inversion", "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits",
+ "equation_Prims.nat", "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.unsigned",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype"
+ ],
+ 0,
+ "a1f7d83971fb17d1a5e9c91da689082f"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element",
+ 2,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_18d3dcbafa1048d6377074186f5f2afd",
+ "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U1",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.S32@tok",
+ "equality_tok_Lib.IntTypes.U16@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits",
+ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int",
+ "equation_FStar.Int.min_int", "equation_FStar.Int.size",
+ "equation_FStar.UInt.min_int", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint",
+ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned",
+ "equation_Lib.IntTypes.v",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b",
+ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement",
+ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "equation_MkSeq.create3", "equation_Prims.nat",
+ "equation_Rust_primitives.Arrays.length",
+ "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.BitVectors.int_t_d",
+ "equation_Rust_primitives.Integers.add",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.i32",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.max_usize",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.mul",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u16",
+ "equation_Rust_primitives.Integers.u16_inttype",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "equation_Rust_primitives.array_to_slice_unsize",
+ "equation_Rust_primitives.unsize",
+ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "function_token_typing_MkSeq.create3", "int_typing",
+ "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7",
+ "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094",
+ "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34",
+ "lemma_FStar.Int32.vu_inv",
+ "lemma_Rust_primitives.Integers.mk_int_v_lemma",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual",
+ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "projection_inverse_Rust_primitives.Mkunsize_tc_unsize",
+ "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298",
+ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b",
+ "refinement_interpretation_Tm_refine_9646800d9b76afb2dc402d323458a8c8",
+ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb",
+ "token_correspondence_MkSeq.create3",
+ "token_correspondence_Rust_primitives.unsize",
+ "typing_Lib.IntTypes.v",
+ "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.minint",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v",
+ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok"
+ ],
+ 0,
+ "da2538089c024b06332f7258176a1bc7"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element",
+ 3,
+ 0,
+ 0,
+ [
+ "@query", "b2t_def", "primitive_Prims.op_Addition",
+ "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0"
+ ],
+ 0,
+ "fa1c61c3351a730325415e9c2f445a5c"
+ ],
+ [
+ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element",
+ 4,
+ 0,
+ 0,
+ [
+ "@MaxFuel_assumption", "@MaxIFuel_assumption",
+ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query",
+ "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35",
+ "b2t_def", "bool_inversion", "bool_typing",
+ "constructor_distinct_Lib.IntTypes.PUB",
+ "constructor_distinct_Lib.IntTypes.S16",
+ "constructor_distinct_Lib.IntTypes.S32",
+ "constructor_distinct_Lib.IntTypes.S8",
+ "constructor_distinct_Lib.IntTypes.U16",
+ "constructor_distinct_Lib.IntTypes.U32",
+ "constructor_distinct_Lib.IntTypes.U64",
+ "constructor_distinct_Lib.IntTypes.U8",
+ "equality_tok_Lib.IntTypes.PUB@tok",
+ "equality_tok_Lib.IntTypes.U32@tok",
+ "equality_tok_Lib.IntTypes.U64@tok",
+ "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits",
+ "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t",
+ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v",
+ "equation_Lib.IntTypes.v", "equation_MkSeq.create3",
+ "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array",
+ "equation_Rust_primitives.Integers.bits",
+ "equation_Rust_primitives.Integers.int_t",
+ "equation_Rust_primitives.Integers.inttype",
+ "equation_Rust_primitives.Integers.maxint",
+ "equation_Rust_primitives.Integers.minint",
+ "equation_Rust_primitives.Integers.range",
+ "equation_Rust_primitives.Integers.range_t",
+ "equation_Rust_primitives.Integers.sz",
+ "equation_Rust_primitives.Integers.u8",
+ "equation_Rust_primitives.Integers.unsigned",
+ "equation_Rust_primitives.Integers.usize",
+ "equation_Rust_primitives.Integers.v",
+ "function_token_typing_Lib.IntTypes.byte_t",
+ "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7",
+ "lemma_Rust_primitives.Integers.pow2_values",
+ "lemma_Rust_primitives.Integers.v_mk_int_lemma",
+ "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp",
+ "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply",
+ "primitive_Prims.op_Subtraction",
+ "projection_inverse_BoxBool_proj_0",
+ "projection_inverse_BoxInt_proj_0",
+ "projection_inverse_FStar.Pervasives.Native.Mktuple2__1",
+ "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488",
+ "refinement_interpretation_Tm_refine_076b73e195751dd168bd1aca2fcea6bb",
+ "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212",
+ "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298",
+ "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5",
+ "refinement_interpretation_Tm_refine_3ba9bbe88a78f6325f92e4596392dc5e",
+ "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3",
+ "refinement_interpretation_Tm_refine_52f6eb74a0664d049be954954738272f",
+ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178",
+ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2",
+ "refinement_interpretation_Tm_refine_9646800d9b76afb2dc402d323458a8c8",
+ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0",
+ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec",
+ "refinement_interpretation_Tm_refine_cd6187432a2b3066b26cf79527654433",
+ "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6",
+ "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15",
+ "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9",
+ "refinement_interpretation_Tm_refine_f805a828f315b5406827bf9bbde964c1",
+ "token_correspondence_MkSeq.create3", "typing_MkSeq.create3",
+ "typing_Rust_primitives.Integers.bits",
+ "typing_Rust_primitives.Integers.range",
+ "typing_Rust_primitives.Integers.unsigned",
+ "typing_Rust_primitives.Integers.usize_inttype",
+ "typing_Rust_primitives.Integers.v"
+ ],
+ 0,
+ "cd2a250d8466917cb0fc7ad8496d6aae"
+ ]
+ ]
+]
\ No newline at end of file
diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints
index f5ed9e0e7..8ac088452 100644
--- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints
+++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints
@@ -1,5 +1,5 @@
[
- "!}\u0014U 0 /\ v n < 32}) (value: u32)
let result:u32 = result in
v result = v value % pow2 (v n))
-
//let barrett_pre (value:i32) =
// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R
// Appears to work up to +/- 2^28, but not at +/- 2^29
diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst
index 82ae972d0..dc7a4fa7a 100644
--- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst
+++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst
@@ -7,7 +7,8 @@ open Libcrux.Kem.Kyber.Arithmetic
open MkSeq
-#push-options "--z3rlimit 50"
+#push-options "--z3rlimit 80"
+[@@"opaque_to_smt"]
let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) =
let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in
let coef2:u8 =
@@ -27,6 +28,7 @@ let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficien
#pop-options
#push-options "--ifuel 1 --z3rlimit 600 --split_queries always"
+[@@"opaque_to_smt"]
let compress_coefficients_11_
coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 =
let coef1:u8 = cast (coefficient1 <: i32) <: u8 in
@@ -67,6 +69,7 @@ let compress_coefficients_11_
#pop-options
#push-options "--z3rlimit 20"
+[@@"opaque_to_smt"]
let compress_coefficients_3_ coefficient1 coefficient2 =
let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in
get_bit_pow2_minus_one_u16 255 (sz 0);
@@ -80,6 +83,7 @@ let compress_coefficients_3_ coefficient1 coefficient2 =
#pop-options
#push-options "--z3rlimit 60 --split_queries always"
+[@@"opaque_to_smt"]
let compress_coefficients_5_
coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8
=
@@ -98,6 +102,7 @@ let compress_coefficients_5_
#pop-options
#push-options "--z3rlimit 500"
+[@@"opaque_to_smt"]
let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 =
let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in
@@ -111,6 +116,7 @@ let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 =
#pop-options
#push-options "--z3rlimit 300"
+[@@"opaque_to_smt"]
let decompress_coefficients_11_
byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 =
let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 4l <: u8) &. 15uy <: u8) <: i32 in
@@ -153,6 +160,7 @@ let decompress_coefficients_4_ byte =
#pop-options
#push-options "--z3rlimit 400"
+[@@"opaque_to_smt"]
let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 =
let coefficient1:i32 = byte1 &. 31l in
let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in
@@ -183,13 +191,14 @@ let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 =
let cast_bound_lemma
#t #u
(n: int_t t)
- (d: bit_num t)
+ (d: num_bits t)
: Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0)
(ensures bounded (cast #(int_t t) #(int_t u) n) d)
[SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)]
= ()
-#push-options "--z3rlimit 60"
+#push-options "--z3rlimit 90"
+[@@"opaque_to_smt"]
let int_t_d_cast_lemma #t #u d (n: int_t_d t d)
: Lemma (requires bits t < bits u /\ v n >= 0)
(ensures bounded (cast #(int_t t) #(int_t u) n) d)
@@ -204,7 +213,10 @@ let mul_in_range (n m: nat)
Math.Lemmas.pow2_le_compat 32 16
#pop-options
+#restart-solver
+
#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100"
+[@@"opaque_to_smt"]
let compress_then_serialize_10_
v_OUT_LEN
re
@@ -284,6 +296,7 @@ let compress_then_serialize_10_
#pop-options
#push-options "--fuel 0 --ifuel 0 --z3rlimit 30"
+[@@"opaque_to_smt"]
let update5
#n
(s: t_Array 't n)
@@ -1271,7 +1284,7 @@ let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized =
admit(); //P-F
res
-#push-options "--z3rlimit 100"
+#push-options "--z3rlimit 220"
let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) =
let _:Prims.unit = () <: Prims.unit in
let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti
index 478ef7e3c..df3b6b7ee 100644
--- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti
+++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti
@@ -7,11 +7,11 @@ open MkSeq
let int_arr_bitwise_eq
#t1 #t2 #n1 #n2
(arr1: t_Array (int_t t1) n1)
- (d1: bit_num t1)
+ (d1: num_bits t1)
(arr2: t_Array (x: int_t t2) n2)
- (d2: bit_num t2 {v n1 * d1 == v n2 * d2})
+ (d2: num_bits t2 {v n1 * d1 == v n2 * d2})
= forall i. i < v n1 * d1
- ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i
+ ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i
val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32)
: Prims.Pure (u8 & u8 & u8 & u8 & u8)
diff --git a/proofs/fstar/extraction-edited/Spec.Kyber.fst b/proofs/fstar/extraction-edited/Spec.Kyber.fst
index 9b486e615..36dfe26ed 100644
--- a/proofs/fstar/extraction-edited/Spec.Kyber.fst
+++ b/proofs/fstar/extraction-edited/Spec.Kyber.fst
@@ -167,21 +167,28 @@ type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12}
let compress_d (d: dT {d <> 12}) (x: field_element): field_element
= (pow2 d * x + 1664) / v v_FIELD_MODULUS
-assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit))
+let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8))
: Pure (t_Array u8 bytes)
(requires True)
- (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i))
+ (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i))
+ = bit_vec_to_int_t_array 8 bv
-assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes)
- : Pure (i:nat {i < v bytes * 8} -> bit)
+let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes)
+ : Pure (i: bit_vec (v bytes * 8))
(requires True)
- (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i))
+ (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i))
+ = bit_vec_of_int_t_array r 8
let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d))
- = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d)
+ = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d)
let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial
- = admit ()
+ = let bv = bit_vec_of_int_t_array coefficients 8 in
+ let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in
+ let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in
+ introduce forall i. Seq.index p i < v v_FIELD_MODULUS
+ with assert (Seq.index p i == Seq.index p (v (sz i)));
+ p
let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)
= let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in
diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch
new file mode 100644
index 000000000..2bade06c4
--- /dev/null
+++ b/proofs/fstar/extraction-secret-independent.patch
@@ -0,0 +1,7668 @@
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.836759890 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.911757691 +0100
+@@ -1,356 +1,81 @@
+ module Libcrux.Kem.Kyber.Arithmetic
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-
+-let lemma_mul_i32_range (n1 n2: i32) (b1 b2: nat)
+- : Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 * b2 < pow2 31))
+- (ensures (range (v n1 * v n2) i32_inttype /\ i32_range (n1 *! n2) (b1 * b2))) =
+- if v n1 = 0 || v n2 = 0
+- then ()
+- else
+- let open FStar.Math.Lemmas in
+- lemma_abs_bound (v n1) b1;
+- lemma_abs_bound (v n2) b2;
+- lemma_abs_mul (v n1) (v n2);
+- lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2;
+- lemma_mult_le_right b2 (abs (v n1)) b1;
+- lemma_abs_bound (v n1 * v n2) (b1 * b2)
+-
+-let lemma_add_i32_range (n1 n2:i32) (b1 b2:nat):
+- Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 + b2 < pow2 31))
+- (ensures (range (v n1 + v n2) i32_inttype /\
+- i32_range (n1 +! n2) (b1 + b2)))
+- = ()
+-
+-let mul_i32_b #b1 #b2 x y =
+- lemma_mul_i32_range x y b1 b2;
+- x *! y
+-
+-let add_i32_b #b1 #b2 x y =
+- lemma_add_i32_range x y b1 b2;
+- x +! y
+-
+-let sub_i32_b #b1 #b2 x y =
+- x -! y
+-
+-let cast_i32_b #b1 #b2 x =
+- x <: i32_b b2
+-
+-#push-options "--ifuel 0 --z3rlimit 150"
+-let shr_i32_b #b #t x y =
+- let r = (x <: i32) >>! y in
+- assert (v r == v x / pow2 (v y));
+- Math.Lemmas.lemma_div_le (v x) b (pow2 (v y));
+- assert (v x / (pow2 (v y)) <= b / (pow2 (v y)));
+- Math.Lemmas.lemma_div_le (-b) (v x) (pow2 (v y));
+- assert (v x / (pow2 (v y)) >= (-b) / (pow2 (v y)));
+- if (b % pow2 (v y) = 0)
+- then (Math.Lemmas.div_exact_r b (pow2 (v y));
+- assert (b = (b/pow2 (v y)) * pow2 (v y));
+- assert (-b = -((b/pow2 (v y)) * pow2 (v y)));
+- Math.Lemmas.neg_mul_left (b/pow2 (v y)) (pow2 (v y));
+- assert (-b = (-(b/pow2 (v y))) * pow2 (v y));
+- assert ((-b)/pow2(v y) = ((-(b/pow2 (v y))) * pow2 (v y)) / pow2 (v y));
+- Math.Lemmas.cancel_mul_div (-(b/pow2 (v y))) (pow2 (v y));
+- assert ((-b)/pow2(v y) = -(b/pow2 (v y)));
+- assert (nat_div_ceil b (pow2 (v y)) == b / pow2 (v y));
+- assert (i32_range r (b / pow2 ( v y)));
+- r <: i32_b (nat_div_ceil b (pow2 (v y))))
+- else (let rem = b % pow2 (v y) in
+- let quo = b / pow2 (v y) in
+- Math.Lemmas.lemma_div_mod b (pow2 (v y));
+- assert (b = quo * pow2 (v y) + rem);
+- assert (-b = -(quo * pow2 (v y)) - rem);
+- Math.Lemmas.neg_mul_left quo (pow2 (v y));
+- assert (-b = (-quo) * pow2 (v y) - rem);
+- assert ((-b)/pow2(v y) = (-rem + (-quo) * pow2 (v y))/pow2 (v y));
+- Math.Lemmas.division_addition_lemma (-rem) (pow2 (v y)) (-quo);
+- assert ((-b)/pow2(v y) = ((-rem)/pow2 (v y) -quo));
+- Math.Lemmas.division_definition (-rem) (pow2 (v y)) (-1);
+- assert ((-rem)/pow2 (v y) == -1);
+- assert ((-b)/pow2(v y) = -1 -quo);
+- assert ((-b)/pow2(v y) = (-quo - 1));
+- assert ((-b)/pow2(v y) = -(quo + 1));
+- assert (nat_div_ceil b (pow2 (v y)) == quo + 1);
+- assert (i32_range r (quo+1));
+- r <: i32_b (nat_div_ceil b (pow2 (v y))))
+-#pop-options
+-
+-let v_BARRETT_R: i64 = 1L <>! 1l <: i64)
+ in
+- assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329));
+- assert (v t = v x * v v_BARRETT_MULTIPLIER + pow2 25);
+ let quotient:i32 = cast (t >>! v_BARRETT_SHIFT <: i64) <: i32 in
+- assert (v quotient = v t / pow2 26);
+ let result:i32 = value -! (quotient *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) in
+- calc (==) {
+- v result % 3329;
+- (==) { }
+- (v value - (v quotient * 3329)) % 3329;
+- (==) {Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329}
+- (v value - (v quotient * 3329) % 3329) % 3329;
+- (==) {Math.Lemmas.cancel_mul_mod (v quotient) 3329}
+- (v value - 0) % 3329;
+- (==) {}
+- (v value) % 3329;
+- };
++ let _:Prims.unit = () <: Prims.unit in
+ result
+-#pop-options
+
+-#push-options "--ifuel 0 --z3rlimit 1600"
+-let montgomery_reduce #b value =
++let montgomery_reduce (value: i32) =
+ let _:i32 = v_MONTGOMERY_R in
+ let _:Prims.unit = () <: Prims.unit in
+- let v0 = (cast (value <: i32) <: u32) in
+- assert (v v0 == v value % pow2 32);
+- let t0 = (get_n_least_significant_bits v_MONTGOMERY_SHIFT v0 <: u32) in
+- assert (v t0 = (v value % pow2 32) % pow2 16);
+- Math.Lemmas.pow2_modulo_modulo_lemma_1 (v value) 16 32;
+- assert (v t0 = v value % pow2 16);
+ let t:u32 =
+- t0 *!
++ (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i32) <: u32) <: u32) *!
+ v_INVERSE_OF_MODULUS_MOD_R
+ in
+- assert (v t = (v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R);
+- let k0 = get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32 in
+- let k:i32_b (pow2 15) = cast (cast k0 <: i16) <: i32 in
+- calc (==) {
+- v k % pow2 16;
+- == { }
+- v k0 % pow2 16;
+- == { }
+- v t % pow2 16;
+- == { }
+- ((v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16;
+- == {Math.Lemmas.lemma_mod_mul_distr_l (v value) (v v_INVERSE_OF_MODULUS_MOD_R) (pow2 16)}
+- (v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16;
+- };
+- assert_norm((62209 * 3329) % pow2 16 == 1);
+- assert((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16 == 1);
+- calc (==) {
+- (v k * 3329) % pow2 16;
+- == {Math.Lemmas.lemma_mod_mul_distr_l (v k) 3329 (pow2 16)}
+- ((v k % pow2 16) * 3329) % pow2 16;
+- == { }
+- ((v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16 * 3329) % pow2 16;
+- == {Math.Lemmas.lemma_mod_mul_distr_l (v value * v v_INVERSE_OF_MODULUS_MOD_R) (3329) (pow2 16)}
+- (v value * v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16;
+- == {Math.Lemmas.paren_mul_right (v value) (v v_INVERSE_OF_MODULUS_MOD_R) 3329}
+- (v value * (v v_INVERSE_OF_MODULUS_MOD_R * 3329)) % pow2 16;
+- == {Math.Lemmas.lemma_mod_mul_distr_r (v value) (v v_INVERSE_OF_MODULUS_MOD_R * 3329) (pow2 16)}
+- (v value * ((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16)) % pow2 16;
+- == {Math.Lemmas.mul_one_right_is_same (v value)}
+- (v value) % pow2 16;
+- };
+- Math.Lemmas.modulo_add (pow2 16) (- (v k * 3329)) (v value) (v k * 3329);
+- assert ((v value - v k * 3329) % pow2 16 == (v k * 3329 - v k * 3329) % pow2 16);
+- assert ((v value - v k * 3329) % v v_MONTGOMERY_R == 0);
+- let k_times_modulus:i32_b (pow2 15 * 3329) =
+- mul_i32_b k Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ let k:i16 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32) <: i16 in
++ let k_times_modulus:i32 =
++ (cast (k <: i16) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+ in
+- let c:i32_b 1665 = shr_i32_b k_times_modulus v_MONTGOMERY_SHIFT in
+- let value_high:i32_b (nat_div_ceil b (v v_MONTGOMERY_R)) = shr_i32_b value v_MONTGOMERY_SHIFT in
+- assert (v value_high = v value / v v_MONTGOMERY_R);
+- let res: i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665) = sub_i32_b value_high c in
+- calc (==) {
+- v res;
+- == { }
+- (v value_high - v c);
+- == { }
+- ((v value / v v_MONTGOMERY_R) - ((v k * 3329) / v v_MONTGOMERY_R));
+- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
+- ((v value - (v k * 3329)) / v v_MONTGOMERY_R);
+- };
+- calc (==) {
+- v res % 3329;
+- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
+- (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * ((v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) % 3329)) % 3329 ;
+- == {Math.Lemmas.lemma_mod_mul_distr_r ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) 3329}
+- (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV)) % 3329 ;
+- == {Math.Lemmas.paren_mul_right ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R) (v v_MONTGOMERY_R_INV)}
+- ((((v value - (v k * 3329)) / v v_MONTGOMERY_R) * v v_MONTGOMERY_R) * v v_MONTGOMERY_R_INV) % 3329 ;
+- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)}
+- ((v value - (v k * 3329)) * v v_MONTGOMERY_R_INV) % 3329 ;
+- == { }
+- ((v value * v v_MONTGOMERY_R_INV) - ((v k * 3329) * v v_MONTGOMERY_R_INV)) % 3329 ;
+- == {Math.Lemmas.paren_mul_right (v k) 3329 (v v_MONTGOMERY_R_INV)}
+- ((v value * v v_MONTGOMERY_R_INV) - (v k * (3329 * v v_MONTGOMERY_R_INV))) % 3329 ;
+- == {Math.Lemmas.swap_mul 3329 (v v_MONTGOMERY_R_INV)}
+- ((v value * v v_MONTGOMERY_R_INV) - (v k * (v v_MONTGOMERY_R_INV * 3329))) % 3329 ;
+- == {Math.Lemmas.paren_mul_right (v k) (v v_MONTGOMERY_R_INV) 3329}
+- ((v value * v v_MONTGOMERY_R_INV) - ((v k * v v_MONTGOMERY_R_INV) * 3329)) % 3329 ;
+- == {Math.Lemmas.lemma_mod_sub (v value * v v_MONTGOMERY_R_INV) 3329 (v k * v v_MONTGOMERY_R_INV)}
+- (v value * v v_MONTGOMERY_R_INV) % 3329 ;
+- };
+- res
+-#pop-options
+-
+-let montgomery_multiply_sfe_by_fer fe fer =
+- montgomery_reduce (mul_i32_b fe fer)
++ let c:i32 = k_times_modulus >>! v_MONTGOMERY_SHIFT in
++ let value_high:i32 = value >>! v_MONTGOMERY_SHIFT in
++ value_high -! c
+
++let montgomery_multiply_sfe_by_fer (fe fer: i32) = montgomery_reduce (fe *! fer <: i32)
+
+-let to_standard_domain mfe =
+- montgomery_reduce (mul_i32_b mfe (v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32_b 1353))
++let to_standard_domain (mfe: i32) =
++ montgomery_reduce (mfe *! v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32)
+
+-let to_unsigned_representative fe =
++let to_unsigned_representative (fe: i32) =
+ let _:Prims.unit = () <: Prims.unit in
+- logand_lemma Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS (fe >>! 31l <: i32);
+- let res =
+- cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) <: u16
+- in
+- assert (v fe < 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 3329l);
+- assert (v fe >= 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 0l);
+- assert (v fe + 3329 < pow2 16);
+- assert (v fe >= -3328);
+- assert (v fe < 0 ==> v fe + 3329 >= 0);
+- assert (v fe < 0 ==> v res == (v fe + 3329) % pow2 16);
+- Math.Lemmas.small_mod (v fe + 3329) (pow2 16);
+- assert (v fe < 0 ==> v res == v fe + 3329);
+- assert (v fe >= 0 ==> v res == v fe);
+- res <: int_t_d u16_inttype 12
+-
+-let derefine_poly_b #b x =
+- let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32)) in
+- {f_coefficients = r}
+-
+-let derefine_vector_b #v_K #b x =
+- let r = createi v_K (fun i -> derefine_poly_b #b x.[i]) in
+- r
+-
+-let derefine_matrix_b #v_K #b x =
+- let r = createi v_K (fun i -> derefine_vector_b #v_K #b x.[i]) in
+- r
+-
+-let cast_poly_b #b1 #b2 x =
+- let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32_b b2)) in
+- let res = {f_coefficients = r} in
+- let dx = (derefine_poly_b x).f_coefficients in
+- let dr = (derefine_poly_b res).f_coefficients in
+- assert (forall (i:usize). v i < 256 ==>
+- (dx.[i] <: i32) ==
+- (dr.[i] <: i32));
+- assert (forall i. Seq.index dx i == (dx.[sz i] <: i32));
+- eq_intro dx dr;
+- assert(Seq.equal dx dr);
+- res
++ cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32)
++ <:
++ u16
+
+-let cast_vector_b #v_K #b1 #b2 x =
+- let r = createi v_K (fun i -> cast_poly_b #b1 #b2 x.[i]) in
+- let dx = derefine_vector_b x in
+- let dr = derefine_vector_b r in
+- assert (forall (i:usize). v i < v v_K ==>
+- dx.[i] == dr.[i]);
+- assert (forall i. Seq.index dx i == dx.[sz i]);
+- assert (forall i. Seq.index dr i == dr.[sz i]);
+- eq_intro dx dr;
+- r
+-
+-let down_cast_poly_b #b1 #b2 x =
+- let r = createi (sz 256)
+- (fun i ->
+- let xi:i32_b b2 = x.f_coefficients.[i] in
+- xi) in
+- let res = {f_coefficients = r} in
+- let dx = (derefine_poly_b x).f_coefficients in
+- let dr = (derefine_poly_b res).f_coefficients in
+- assert (forall (i:usize). v i < 256 ==>
+- (dx.[i] <: i32) ==
+- (dr.[i] <: i32));
+- assert (forall i. Seq.index dx i == (dx.[sz i] <: i32));
+- eq_intro dx dr;
+- assert(Seq.equal dx dr);
+- res
+-
+-let down_cast_vector_b #v_K #b1 #b2 x =
+- let r = createi (v_K)
+- (fun i -> down_cast_poly_b #b1 #b2 x.[i]) in
+- let dx = derefine_vector_b x in
+- let dr = derefine_vector_b r in
+- assert (forall (i:usize). v i < v v_K ==>
+- dx.[i] == dr.[i]);
+- assert (forall i. Seq.index dx i == dx.[sz i]);
+- assert (forall i. Seq.index dr i == dr.[sz i]);
+- eq_intro dx dr;
+- assert(Seq.equal dx dr);
+- r
+-
+-
+-let add_to_ring_element #b1 #b2 v_K lhs rhs =
++let add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- let orig_lhs = lhs in
+- [@ inline_let]
+- let inv = fun (acc:t_PolynomialRingElement_b (b1+b2)) (i:usize) ->
+- (forall j. j <. i ==> acc.f_coefficients.[j] == lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]) /\
+- (forall j. j >=. i ==> acc.f_coefficients.[j] == orig_lhs.f_coefficients.[j]) in
+- let lhs:t_PolynomialRingElement_b (b1 + b2) =
+- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (b1+b2)) #inv {
++ let lhs:t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end =
+- Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice (i32_b b1))
++ Core.Ops.Range.f_end
++ =
++ Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice i32)
++ <:
++ usize
+ }
+- (cast_poly_b #b1 #(b1+b2) lhs)
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ lhs
+ (fun lhs i ->
+- let lhs:t_PolynomialRingElement_b (b1+b2) = lhs in
++ let lhs:t_PolynomialRingElement = lhs in
+ let i:usize = i in
+- assert (orig_lhs.f_coefficients.[i] == lhs.f_coefficients.[i]);
+- let lhsi: i32_b b1 = orig_lhs.f_coefficients.[i] in
+- let lhs =
+ {
+ lhs with
+ f_coefficients
+ =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs.f_coefficients
+ i
+- (add_i32_b #b1 #b2 (lhsi) (rhs.f_coefficients.[ i ]))
++ ((lhs.f_coefficients.[ i ] <: i32) +! (rhs.f_coefficients.[ i ] <: i32) <: i32)
+ <:
+- t_Array (i32_b (b1 + b2)) (sz 256)
++ t_Array i32 (sz 256)
+ }
+ <:
+- t_PolynomialRingElement_b (b1 + b2)
+- in
+- assert (forall j. (j >. i /\ j <. sz 256) ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j]);
+- lhs
+- )
++ t_PolynomialRingElement)
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- assert (forall j. j <. sz 256 ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]);
+ lhs
+-
+-
+-
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.829760095 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.901757984 +0100
+@@ -3,32 +3,10 @@
+ open Core
+ open FStar.Mul
+
+-let pow2_31 = 2147483648
+-let i32_range (n:i32) (b:nat) =
+- b < pow2_31 /\ v n <= b /\ v n >= -b
+-
+-type i32_b b = x:i32{i32_range x b}
+-let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1
+-
+-val mul_i32_b (#b1:nat) (#b2:nat{b1 * b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 * b2){v r == v x * v y}
+-val add_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2):
+- Pure (i32_b (b1 + b2))
+- (requires True)
+- (ensures fun r -> v r == v x + v y)
+-val sub_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 + b2){v r == v x - v y}
+-val cast_i32_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) (x:i32_b b1): r:i32_b b2{v r == v x}
+-val shr_i32_b (#b:nat) (#t:inttype) (x:i32_b b) (y:int_t t{v y>0 /\ v y<32}): r:i32_b (nat_div_ceil b (pow2 (v y)))
+-
+ unfold
+ let t_FieldElement = i32
+
+ unfold
+-let t_FieldElement_b b = i32_b b
+-
+-unfold
+-let wfFieldElement = t_FieldElement_b 3328
+-
+-unfold
+ let t_FieldElementTimesMontgomeryR = i32
+
+ unfold
+@@ -36,213 +14,122 @@
+
+ let v_BARRETT_MULTIPLIER: i64 = 20159L
+
+-let v_BARRETT_SHIFT: i64 = 26L
++let v_BARRETT_SHIFT: pub_i64 = 26L
+
+-val v_BARRETT_R: x:i64{v x = pow2 26 /\ x = 67108864L}
++let v_BARRETT_R: i64 = 1L <= 0 /\ v x < 3329 /\ (v x * v v_MONTGOMERY_R) % 3329 == 1 /\ x = 169l}
++let v_MONTGOMERY_R: i32 = 1l < - v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS);
+- if m_v < 0 then
+- m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+- else m_v
+-
+-let to_spec_fe (m:i32) : Spec.Kyber.field_element =
+- int_to_spec_fe (v m)
+-
+-let to_spec_fe_b #b (m:i32_b b) : Spec.Kyber.field_element = to_spec_fe m
+-
+-let mont_to_spec_fe (m:t_FieldElement) : Spec.Kyber.field_element =
+- int_to_spec_fe (v m * v v_MONTGOMERY_R_INV)
+-
+-val get_n_least_significant_bits (n: u8 {v n > 0 /\ v n < 32}) (value: u32)
+- : Prims.Pure (int_t_d u32_inttype (v n))
+- (requires v n < 32)
++val get_n_least_significant_bits (n: u8) (value: u32)
++ : Prims.Pure u32
++ (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT)
+ (ensures
+ fun result ->
+ let result:u32 = result in
+- v result = v value % pow2 (v n))
+-
+-//let barrett_pre (value:i32) =
+-// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R
+-// Appears to work up to +/- 2^28, but not at +/- 2^29
++ v result < v (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32))
+
+-let barrett_post (value:i32) (result:i32) =
+- v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS =
+- v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+-
+-val barrett_reduce (value: i32_b (v v_BARRETT_R))
+- : Prims.Pure wfFieldElement
+- (requires True)
+- (ensures fun r -> barrett_post value r)
+-
+-let montgomery_post (value:i32) (result:i32) =
+- v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS =
+- (v value * v v_MONTGOMERY_R_INV) % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
+-
+-
+-val montgomery_reduce #b (value: i32_b b)
+- : Prims.Pure (i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665))
+- (requires True)
++val barrett_reduce (value: i32)
++ : Prims.Pure i32
++ (requires
++ v (Core.Convert.f_from value <: i64) > v (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i64) &&
++ v (Core.Convert.f_from value <: i64) < v v_BARRETT_R)
+ (ensures
+ fun result ->
+ let result:i32 = result in
+- montgomery_post value result)
+-
++ v result > v (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) &&
++ v result < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
+
+-val montgomery_multiply_sfe_by_fer #b1 #b2 (fe:i32_b b1) (fer: i32_b b2)
+- : Pure (i32_b (nat_div_ceil (b1 * b2) (v v_MONTGOMERY_R) + 1665))
+- (requires (b1 * b2 < pow2_31))
+- (ensures (fun result ->
+- montgomery_post (mul_i32_b fe fer) (result)))
+-
+-
+-val to_standard_domain #b (mfe: i32_b b)
+- : Pure (i32_b (nat_div_ceil (b * 1353) (v v_MONTGOMERY_R) + 1665))
+- (requires (b * 1353 < pow2_31))
+- (ensures (fun result ->
+- montgomery_post (mul_i32_b mfe (1353l <: i32_b 1353)) result))
+-
+-
+-val to_unsigned_representative (fe: wfFieldElement)
+- : Prims.Pure (int_t_d u16_inttype 12)
+- (requires True)
++val montgomery_reduce (value: i32)
++ : Prims.Pure i32
++ (requires
++ v value >=
++ v ((Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) *!
++ v_MONTGOMERY_R
++ <:
++ i32) &&
++ v value <= v (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS *! v_MONTGOMERY_R <: i32))
++ (ensures
++ fun result ->
++ let result:i32 = result in
++ v result >=
++ v ((Core.Ops.Arith.Neg.neg (3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: i32
++ ) /!
++ 2l
++ <:
++ i32) &&
++ v result <= v ((3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) /! 2l <: i32))
++
++val montgomery_multiply_sfe_by_fer (fe fer: i32)
++ : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
++
++val to_standard_domain (mfe: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True)
++
++val to_unsigned_representative (fe: i32)
++ : Prims.Pure u16
++ (requires
++ v fe >= v (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) &&
++ v fe < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
+ (ensures
+ fun result ->
+ let result:u16 = result in
+- v result == to_spec_fe fe /\
+- result >=. 0us &&
+- result <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+-
+-type t_PolynomialRingElement = { f_coefficients:t_Array (t_FieldElement) (sz 256) }
+-
+-type t_PolynomialRingElement_b b = { f_coefficients:t_Array (i32_b b) (sz 256) }
+-
+-type wfPolynomialRingElement = t_PolynomialRingElement_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)
+-
+-val derefine_poly_b (#b1:nat) (x:t_PolynomialRingElement_b b1):
+- r:t_PolynomialRingElement{
+- forall (i:usize). v i < 256 ==> (r.f_coefficients.[i] <: i32) == (x.f_coefficients.[i] <: i32)}
+-
+-val derefine_vector_b (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K):
+- r:t_Array t_PolynomialRingElement v_K{
+- forall (i:usize). (v i < v v_K) ==>
+- (let ri : t_PolynomialRingElement = r.[i] in
+- let xi : t_PolynomialRingElement_b b = x.[i] in
+- ri == derefine_poly_b xi)}
+-
+-val derefine_matrix_b (#v_K:usize) (#b:nat)
+- (x:t_Array (t_Array (t_PolynomialRingElement_b b) v_K) v_K) :
+- r:t_Array (t_Array t_PolynomialRingElement v_K) v_K{
+- forall (i:usize). (v i < v v_K) ==>
+- (let ri : t_Array (t_PolynomialRingElement) v_K = r.[i] in
+- let xi : t_Array (t_PolynomialRingElement_b b) v_K = x.[i] in
+- ri == derefine_vector_b xi)}
+-
+-
+-val cast_poly_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31})
+- (x:t_PolynomialRingElement_b b1)
+- : Pure (t_PolynomialRingElement_b b2)
+- (requires True)
+- (ensures fun r -> derefine_poly_b x == derefine_poly_b r)
+-
+-val cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31})
+- (x:t_Array (t_PolynomialRingElement_b b1) v_K)
+- : Pure (t_Array (t_PolynomialRingElement_b b2) v_K)
+- (requires True)
+- (ensures fun r -> derefine_vector_b x == derefine_vector_b r)
+-
+-let poly_range (#b:nat) (x:t_PolynomialRingElement_b b) (b':nat) =
+- (forall (i:usize). v i < 256 ==> i32_range (x.f_coefficients.[i] <: i32) b')
+-
+-let vector_range (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K) (b':nat) =
+- (forall (i:usize). v i < v v_K ==> poly_range #b x.[i] b')
+-
+-val down_cast_poly_b (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31})
+- (x:t_PolynomialRingElement_b b1):
+- Pure (t_PolynomialRingElement_b b2)
+- (requires (poly_range x b2))
+- (ensures fun r -> derefine_poly_b x == derefine_poly_b r)
+-
+-val down_cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31})
+- (x:t_Array (t_PolynomialRingElement_b b1) v_K):
+- Pure (t_Array (t_PolynomialRingElement_b b2) v_K)
+- (requires (vector_range x b2))
+- (ensures fun r -> derefine_vector_b x == derefine_vector_b r)
+-
+-let op_String_Access #t #l (a:t_Array t l) (i:usize{v i < v l}) : t = a.[i]
+-
+-let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) =
+- let p = createi #nat (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) in
+- assert (forall i. Seq.index p i = to_spec_fe (m.f_coefficients.[sz i]));
+- assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS);
+- p
+-
+-let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) =
+- to_spec_poly (derefine_poly_b m)
+-
+-let mont_to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) =
+- let p = createi #nat (sz 256) (fun i -> mont_to_spec_fe (m.f_coefficients.[i])) in
+- assert (forall i. Seq.index p i = mont_to_spec_fe (m.f_coefficients.[sz i]));
+- assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS);
+- p
+-
+-
+-let to_spec_vector (#p:Spec.Kyber.params)
+- (m:t_Array (t_PolynomialRingElement) p.v_RANK)
+- : (Spec.Kyber.vector p) =
+- createi p.v_RANK (fun i -> to_spec_poly (m.[i]))
+-
+-
+-let to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat)
+- (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK)
+- : (Spec.Kyber.vector p) =
+- to_spec_vector (derefine_vector_b m)
+-
+-let mont_to_spec_vector (#p:Spec.Kyber.params)
+- (m:t_Array (t_PolynomialRingElement) p.v_RANK)
+- : (Spec.Kyber.vector p) =
+- createi p.v_RANK (fun i -> mont_to_spec_poly (m.[i]))
+-
+-let mont_to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat)
+- (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK)
+- : (Spec.Kyber.vector p) =
+- mont_to_spec_vector (derefine_vector_b m)
+-
+-let to_spec_matrix (#p:Spec.Kyber.params)
+- (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK))
+- : (Spec.Kyber.matrix p) =
+- createi p.v_RANK (fun i -> to_spec_vector (m.[i]))
+-
+-let to_spec_matrix_b (#p:Spec.Kyber.params) (#b:nat)
+- (m:(t_Array (t_Array (t_PolynomialRingElement_b b) p.v_RANK) p.v_RANK))
+- : (Spec.Kyber.matrix p) =
+- to_spec_matrix (derefine_matrix_b m)
+-
+-let mont_to_spec_matrix (#p:Spec.Kyber.params)
+- (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK))
+- : (Spec.Kyber.matrix p) =
+- createi p.v_RANK (fun i -> mont_to_spec_vector (m.[i]))
+-
+-let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement_b 1 =
+- { f_coefficients = Rust_primitives.Hax.repeat (0l <: i32_b 1) (sz 256) } <: t_PolynomialRingElement_b 1
+-
+-val add_to_ring_element (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (v_K: usize) (lhs: t_PolynomialRingElement_b b1) (rhs: t_PolynomialRingElement_b b2)
+- : Prims.Pure (t_PolynomialRingElement_b (b1 + b2))
+- (requires True)
+- (ensures fun result ->
+- (forall i. v result.f_coefficients.[i] == v lhs.f_coefficients.[i] + v rhs.f_coefficients.[i]))
+-
++ v result >= v 0us &&
++ v result < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+
++type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) }
+
++let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement =
++ { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } <: t_PolynomialRingElement
+
++val add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement)
++ : Prims.Pure t_PolynomialRingElement
++ (requires
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ let lhs_i = (lhs.f_coefficients.[ i ] <: i32) in
++ (v (Core.Num.impl__i32__abs lhs_i <: i32) <=
++ v (((cast (v_K <: usize) <: pub_i32) -! 1l <: i32) *!
++ Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ i32)
++ <:
++ bool) &&
++ (v (Core.Num.impl__i32__abs (rhs.f_coefficients.[ i ] <: i32) <: i32) <=
++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ bool))
++ <:
++ bool))
++ (ensures
++ fun result ->
++ let result:t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v (Core.Num.impl__i32__abs (result.f_coefficients.[ i ] <: i32) <: i32) <=
++ v ((cast (v_K <: usize) <: pub_i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ i32)
++ <:
++ bool)
++ <:
++ bool))
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.819760389 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.888758365 +0100
+@@ -1,79 +1,39 @@
+ module Libcrux.Kem.Kyber.Compress
+-#set-options "--fuel 0 --ifuel 0 --z3rlimit 200"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-let compress_message_coefficient fe =
+- let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in
+- assert (v shifted == 1664 - v fe);
+- let mask:i16 = shifted >>! 15l in
+- assert (v mask = v shifted / pow2 15);
+- assert (if v shifted < 0 then mask = ones else mask = zero);
+- let shifted_to_positive:i16 = mask ^. shifted in
+- logxor_lemma shifted mask;
+- assert (v shifted < 0 ==> v shifted_to_positive = v (lognot shifted));
+- neg_equiv_lemma shifted;
+- assert (v (lognot shifted) = -(v shifted) -1);
+- assert (v shifted >= 0 ==> v shifted_to_positive = v (mask `logxor` shifted));
+- assert (v shifted >= 0 ==> mask = zero);
+- assert (v shifted >= 0 ==> mask ^. shifted = shifted);
+- assert (v shifted >= 0 ==> v shifted_to_positive = v shifted);
+- assert (shifted_to_positive >=. 0s);
+- let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in
+- assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe);
+- assert (1664 - v fe < 0 ==> v shifted_positive_in_range == -2497 + v fe);
+- let r0 = shifted_positive_in_range >>! 15l in
+- let r1 = r0 &. 1s in
+- let res = cast (r1) <: u8 in
+- assert (v r0 = v shifted_positive_in_range / pow2 15);
+- assert (if v shifted_positive_in_range < 0 then r0 = ones else r0 = zero);
+- logand_lemma 1s r0;
+- assert (if v shifted_positive_in_range < 0 then r1 = 1s else r1 = 0s);
+- assert ((v fe >= 833 && v fe <= 2496) ==> r1 = 1s);
+- assert (v fe < 833 ==> r1 = 0s);
+- assert (v fe > 2496 ==> r1 = 0s);
+- assert (v res = v r1);
+- res
+-
+-let compress_ciphertext_coefficient coefficient_bits fe =
++let compress_ciphertext_coefficient (coefficient_bits: pub_u8) (fe: u16) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- let compressed:u32 = (cast (fe <: u16) <: u32) <>! 35l in
++ cast (Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits coefficient_bits
++ (cast (compressed <: u64) <: u32)
++ <:
++ u32)
+ <:
+ i32
+- in
+- res
+
+-#push-options "--z3rlimit 300"
+-let decompress_ciphertext_coefficient coefficient_bits fe =
++let compress_message_coefficient (fe: u16) =
++ let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in
++ let mask:i16 = shifted >>! 15l in
++ let shifted_to_positive:i16 = mask ^. shifted in
++ let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in
++ cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8
++
++let decompress_ciphertext_coefficient (coefficient_bits: pub_u8) (fe: i32) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- assert (v (1ul <>! (coefficient_bits +! 1uy <: u8) in
+- let res = cast (decompressed <: u32) <: i32 in
+- let res : Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 = res in
+- res
++ let decompressed:u32 = decompressed >>! (coefficient_bits +! 1uy <: pub_u8) in
++ cast (decompressed <: u32) <: i32
+
+-let decompress_message_coefficient fe =
+- let res = (Core.Ops.Arith.Neg.neg fe <: i32) &.
+- ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) in
+- assert (v ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) == 1665);
+- assert (res == logand #i32_inttype (Core.Ops.Arith.Neg.neg fe) 1665l);
+- assert (v fe == 0 ==> Core.Ops.Arith.Neg.neg fe = zero);
+- logand_lemma 1665l zero;
+- assert (v fe == 0 ==> res == zero);
+- res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328
+-#pop-options
++let decompress_message_coefficient (fe: i32) =
++ (Core.Ops.Arith.Neg.neg fe <: i32) &.
++ ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.847759568 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.913757632 +0100
+@@ -3,42 +3,44 @@
+ open Core
+ open FStar.Mul
+
++val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16)
++ : Prims.Pure i32
++ (requires
++ (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy ||
++ coefficient_bits =. 11uy) &&
++ v fe < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
++ (ensures
++ fun result ->
++ let result:i32 = result in
++ v result >= v 0l &&
++ v result < v (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32))
++
+ val compress_message_coefficient (fe: u16)
+ : Prims.Pure u8
+- (requires v fe < 3329)
++ (requires v fe < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+ (ensures
+ fun result ->
+ let result:u8 = result in
+- if 833 <= v fe && v fe <= 2496
+- then result =. 1uy
+- else result =. 0uy)
++ Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool))
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v result = v 1uy <: bool) &&
++ Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v result = v 0uy <: bool))
+
+-
+-val compress_ciphertext_coefficient (coefficient_bits: u8 {v coefficient_bits > 0 /\ v coefficient_bits <= 32}) (fe: u16)
+- : Prims.Pure (int_t_d i32_inttype (v coefficient_bits))
++val decompress_ciphertext_coefficient (coefficient_bits: u8) (fe: i32)
++ : Prims.Pure i32
+ (requires
+ (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy ||
+ coefficient_bits =. 11uy) &&
+- fe <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16))
+- (ensures
+- fun result ->
+- let result:i32 = result in
+- result >=. 0l &&
+- result <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32))
+-
+-open Rust_primitives.Integers
+-
+-val decompress_ciphertext_coefficient
+- (coefficient_bits: u8 {coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || coefficient_bits =. 11uy})
+- (fe: int_t_d i32_inttype (v coefficient_bits))
+- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1))
+- (requires True)
++ v fe >= v 0l &&
++ v fe < v (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32))
+ (ensures
+ fun result ->
+ let result:i32 = result in
+- result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
++ v result < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS)
+
+ val decompress_message_coefficient (fe: i32)
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfFieldElement
+- (requires fe =. 0l || fe =. 1l)
+- (fun result -> v result >= 0 /\ v result < 3329)
++ : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.821760330 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.896758131 +0100
+@@ -15,8 +15,7 @@
+
+ let v_FIELD_MODULUS: i32 = 3329l
+
+-let v_H_DIGEST_SIZE: usize =
+- Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm)
++let v_H_DIGEST_SIZE: usize = sz 32
+
+ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5
+
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.832760008 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.869758923 +0100
+@@ -4,163 +4,61 @@
+ open FStar.Mul
+
+ let is_non_zero (value: u8) =
+- let orig_value = value in
+ let value:u16 = cast (value <: u8) <: u16 in
+- let result:u8 = cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) in
+- let res:u8 = result &. 1uy in
+- if v orig_value = 0 then (
+- assert(value == zero);
+- lognot_lemma value;
+- assert((~.value +. 1us) == zero);
+- assert((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero);
+- logor_lemma value zero;
+- assert((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == value);
+- assert (v result == v ((value >>! 8l)));
+- assert ((v value / pow2 8) == 0);
+- assert (result == 0uy);
+- logand_lemma 1uy result;
+- assert (res == 0uy);
+- res)
+- else (
+- assert (v value <> 0);
+- lognot_lemma value;
+- assert (v (~.value) = pow2 16 - 1 - v value);
+- assert (v (~.value) + 1 = pow2 16 - v value);
+- assert (v (value) <= pow2 8 - 1);
+- assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value));
+- assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value));
+- assert ((v (~.value) + 1)/pow2 8 = (pow2 8 - 1));
+- assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1);
+- assert (result = ones);
+- logand_lemma 1uy result;
+- assert (res = 1uy);
+- res
+- )
++ let result:u16 =
++ ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &.
++ 1us
++ in
++ cast (result <: u16) <: u8
+
+-let compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE lhs rhs =
++let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+ let (r: u8):u8 = 0uy in
+- [@ inline_let]
+- let inv = fun (acc:u8) (i:usize) ->
+- v i <= v v_CIPHERTEXT_SIZE /\
+- (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then
+- acc == 0uy
+- else ~ (acc == 0uy))
+- in
+ let r:u8 =
+- Rust_primitives.Iterators.foldi_range #_ #u8 #inv {
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE
+ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ r
+ (fun r i ->
+ let r:u8 = r in
+ let i:usize = i in
+- let nr = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8 in
+- if r =. 0uy then (
+- if (Seq.index lhs (v i) = Seq.index rhs (v i)) then (
+- logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i));
+- assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero);
+- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
+- assert (nr = r);
+- assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j);
+- assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j);
+- eq_intro (Seq.slice lhs 0 (v i + 1)) (Seq.slice rhs 0 (v i + 1));
+- nr
+- )
+- else (
+- logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i));
+- assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero);
+- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
+- assert (v nr > 0);
+- assert (Seq.index (Seq.slice lhs 0 (v i+1)) (v i) <>
+- Seq.index (Seq.slice rhs 0 (v i+1)) (v i));
+- assert (Seq.slice lhs 0 (v i+1) <> Seq.slice rhs 0 (v i + 1));
+- nr
+- )
+- ) else (
+- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8);
+- assert (v nr >= v r);
+- assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i));
+- if (Seq.slice lhs 0 (v i+1) = Seq.slice rhs 0 (v i + 1)) then
+- (assert (forall j. j < v i + 1 ==> Seq.index (Seq.slice lhs 0 (v i+1)) j == Seq.index (Seq.slice rhs 0 (v i+1)) j);
+- eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i));
+- assert(False))
+- else nr
+- )
+- )
++ r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8)
+ in
+- let res = is_non_zero r in
+- res
++ is_non_zero r
+
+-#push-options "--ifuel 0 --z3rlimit 50"
+ let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) =
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+ let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in
+- assert (if selector = 0uy then mask = ones else mask = zero);
+- lognot_lemma mask;
+- assert (if selector = 0uy then ~.mask = zero else ~.mask = ones);
+ let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+- [@ inline_let]
+- let inv = fun (acc:t_Array u8 (sz 32)) (i:usize) ->
+- v i <= 32 /\
+- (forall j. j < v i ==> (if (selector =. 0uy) then Seq.index acc j == Seq.index lhs j else Seq.index acc j == Seq.index rhs j)) /\
+- (forall j. j >= v i ==> Seq.index acc j == 0uy)
+- in
+ let out:t_Array u8 (sz 32) =
+- Rust_primitives.Iterators.foldi_range #_ #(t_Array u8 (sz 32)) #inv {
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ out
+ (fun out i ->
+ let out:t_Array u8 (sz 32) = out in
+- assert ((out.[ i ] <: u8) = 0uy);
+- let outi =
++ let i:usize = i in
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out
++ i
+ ((out.[ i ] <: u8) |.
+ (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)
+ <:
+ u8)
+ <:
+- u8) in
+- if (selector = 0uy) then (
+- logand_lemma (lhs.[ i ] <: u8) mask;
+- assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8));
+- logand_lemma (rhs.[ i ] <: u8) (~.mask);
+- assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero);
+- logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8);
+- assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8));
+- logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8);
+- assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8));
+- assert (outi = (lhs.[ i ] <: u8))
+- )
+- else (
+- logand_lemma (lhs.[ i ] <: u8) mask;
+- assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero);
+- logand_lemma (rhs.[ i ] <: u8) (~.mask);
+- assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8));
+- logor_lemma (rhs.[ i ] <: u8) zero;
+- assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8));
+- assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == (rhs.[ i ] <: u8));
+- logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8);
+- assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (rhs.[ i ] <: u8));
+- assert (outi = (rhs.[ i ] <: u8))
+- );
+- let i:usize = i in
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out
+- i
+- outi
++ u8)
+ <:
+ t_Array u8 (sz 32))
+ in
+- if (selector =. 0uy) then (
+- eq_intro out lhs;
+- out
+- )
+- else (
+- eq_intro out rhs;
+- out
+- )
+-#pop-options
++ out
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.837759861 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.905757867 +0100
+@@ -20,26 +20,30 @@
+
+ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8)
+ : Prims.Pure u8
+- (requires (length lhs == v_CIPHERTEXT_SIZE /\
+- length rhs == v_CIPHERTEXT_SIZE))
++ Prims.l_True
+ (ensures
+ fun result ->
+ let result:u8 = result in
+- Hax_lib.implies (lhs =. rhs <: bool)
++ Hax_lib.implies (lhs = rhs)
+ (fun temp_0_ ->
+ let _:Prims.unit = temp_0_ in
+- result =. 0uy <: bool) &&
+- Hax_lib.implies (lhs <>. rhs <: bool)
++ v result = v 0uy <: bool) &&
++ Hax_lib.implies (lhs <> rhs)
+ (fun temp_0_ ->
+ let _:Prims.unit = temp_0_ in
+- result =. 1uy <: bool))
++ v result = v 1uy <: bool))
+
+ val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8)
+ : Prims.Pure (t_Array u8 (sz 32))
+- (requires (length lhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE /\
+- length rhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE))
++ Prims.l_True
+ (ensures
+ fun result ->
+ let result:t_Array u8 (sz 32) = result in
+- Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) &&
+- Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool))
++ Hax_lib.implies (selector =. 0uy <: bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ result = lhs <: bool) &&
++ Hax_lib.implies (selector <>. 0uy <: bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ result = rhs <: bool))
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-02-01 11:03:26.865759040 +0100
+@@ -0,0 +1,87 @@
++module Libcrux.Kem.Kyber.Conversions
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++open Core
++
++let into_padded_array (#v_LEN: usize) (slice: t_Slice u8) : t_Array u8 v_LEN =
++ let _:Prims.unit =
++ if true
++ then
++ let _:Prims.unit =
++ if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool)
++ then
++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN"
++
++ <:
++ Rust_primitives.Hax.t_Never)
++ in
++ ()
++ in
++ let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in
++ let out:t_Array u8 v_LEN =
++ Rust_primitives.Hax.update_at out
++ ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize }
++ )
++ (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out
++ ({
++ Core.Ops.Range.f_start = sz 0;
++ Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize
++ })
++ <:
++ t_Slice u8)
++ slice
++ <:
++ t_Slice u8)
++ in
++ out
++
++class t_UpdatingArray (#v_Self: Type) = { f_push:v_Self -> t_Slice u8 -> v_Self }
++
++type t_UpdatableArray (v_LEN: usize) = {
++ f_value:t_Array u8 v_LEN;
++ f_pointer:usize
++}
++
++let impl__new (#v_LEN: usize) (value: t_Array u8 v_LEN) : t_UpdatableArray v_LEN =
++ { f_value = value; f_pointer = sz 0 }
++
++let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : t_Array u8 v_LEN = self.f_value
++
++let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) =
++ {
++ f_push
++ =
++ fun (self: t_UpdatableArray v_LEN) (other: t_Slice u8) ->
++ let self:t_UpdatableArray v_LEN =
++ {
++ self with
++ f_value
++ =
++ Rust_primitives.Hax.update_at (f_value self <: t_UpdatableArray v_LEN)
++ ({
++ Core.Ops.Range.f_start = self.f_pointer;
++ Core.Ops.Range.f_end
++ =
++ self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize
++ })
++ (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut self.f_value
++ ({
++ Core.Ops.Range.f_start = self.f_pointer;
++ Core.Ops.Range.f_end
++ =
++ self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize
++ })
++ <:
++ t_Slice u8)
++ other
++ <:
++ t_Slice u8)
++ }
++ in
++ let self:t_UpdatableArray v_LEN =
++ { self with f_pointer = self.f_pointer +! (Core.Slice.impl__len other <: usize) }
++ in
++ self
++ }
++
++let to_unsigned_representative (fe: i32) : u16 =
++ cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16
+\ Pas de fin de ligne à la fin du fichier
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst
+--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.824760242 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.885758453 +0100
+@@ -1,29 +1,12 @@
+ module Libcrux.Kem.Kyber
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-let update_at_range_lemma #n
+- (s: t_Slice 't)
+- (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).in_range s i})
+- (x: t_Slice 't)
+- : Lemma
+- (requires (Seq.length x == v i.f_end - v i.f_start))
+- (ensures (
+- let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in
+- let len = v i.f_start in
+- forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i
+- ))
+- [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)]
+- = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in
+- let len = v i.f_start in
+- introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i
+- with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i
+- /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i ))
+-
+-let serialize_kem_secret_key #p
++let serialize_kem_secret_key
+ (v_SERIALIZED_KEY_LEN: usize)
+- (private_key public_key implicit_rejection_value: t_Slice u8) =
++ (private_key public_key implicit_rejection_value: t_Slice u8)
++ =
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in
+ let pointer:usize = sz 0 in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+@@ -72,8 +55,6 @@
+ t_Slice u8)
+ in
+ let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in
+- let h_public_key = (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key)
+- <: t_Slice u8) in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+@@ -89,7 +70,16 @@
+ pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: usize
+ }
+ <:
+- Core.Ops.Range.t_Range usize ]) h_public_key)
++ Core.Ops.Range.t_Range usize ]
++ <:
++ t_Slice u8)
++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key
++ <:
++ t_Array u8 (sz 32))
++ <:
++ t_Slice u8)
++ <:
++ t_Slice u8)
+ in
+ let pointer:usize = pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in
+ let out:t_Array u8 v_SERIALIZED_KEY_LEN =
+@@ -116,32 +106,14 @@
+ <:
+ t_Slice u8)
+ in
+- assert (Seq.slice out 0 (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) `Seq.equal` private_key);
+- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p))
+- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) `Seq.equal` public_key);
+- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
+- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p))
+- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
+- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
+- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE))
+- `Seq.equal` Libcrux.Kem.Kyber.Hash_functions.v_H public_key);
+- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
+- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
+- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE))
+- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +!
+- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +!
+- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE +!
+- Spec.Kyber.v_SHARED_SECRET_SIZE))
+- == implicit_rejection_value);
+- lemma_slice_append_4 out private_key public_key (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value;
+ out
+
+-let decapsulate #p
++let decapsulate
+ (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
+ usize)
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE)
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) =
+- let orig_secret_key = secret_key.f_value in
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE)
++ =
+ let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) =
+ Libcrux.Kem.Kyber.Types.impl_12__split_at v_SECRET_KEY_SIZE secret_key v_CPA_SECRET_KEY_SIZE
+ in
+@@ -151,12 +123,8 @@
+ let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE
+ in
+- assert (ind_cpa_secret_key == slice orig_secret_key (sz 0) v_CPA_SECRET_KEY_SIZE);
+- assert (ind_cpa_public_key == slice orig_secret_key v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE));
+- assert (ind_cpa_public_key_hash == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE));
+- assert (implicit_rejection_value == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) (length orig_secret_key));
+ let decrypted:t_Array u8 (sz 32) =
+- Libcrux.Kem.Kyber.Ind_cpa.decrypt #p v_K
++ Libcrux.Kem.Kyber.Ind_cpa.decrypt v_K
+ v_CIPHERTEXT_SIZE
+ v_C1_SIZE
+ v_VECTOR_U_COMPRESSION_FACTOR
+@@ -184,9 +152,6 @@
+ <:
+ t_Slice u8)
+ in
+- lemma_slice_append to_hash decrypted ind_cpa_public_key_hash;
+- assert (decrypted == Spec.Kyber.ind_cpa_decrypt p ind_cpa_secret_key ciphertext.f_value);
+- assert (to_hash == concat decrypted ind_cpa_public_key_hash);
+ let hashed:t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
+@@ -194,10 +159,6 @@
+ Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8)
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ in
+- assert ((shared_secret,pseudorandomness) == split hashed Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE);
+- assert (length implicit_rejection_value = v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE);
+- assert (length implicit_rejection_value = Spec.Kyber.v_SHARED_SECRET_SIZE);
+- assert (Spec.Kyber.v_SHARED_SECRET_SIZE <=. Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p);
+ let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8
+ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE =
+ Libcrux.Kem.Kyber.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE
+@@ -219,13 +180,11 @@
+ <:
+ t_Slice u8)
+ in
+- lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value;
+ let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) =
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
+- assert (implicit_rejection_shared_secret == Spec.Kyber.v_J to_hash);
+ let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
+- Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
++ Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
+ v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1
+ v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted
+ pseudorandomness
+@@ -235,18 +194,16 @@
+ (Core.Convert.f_as_ref ciphertext <: t_Slice u8)
+ (Rust_primitives.unsize expected_ciphertext <: t_Slice u8)
+ in
+- let res =
+ Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time shared_secret
+ (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8)
+ selector
+- in
+- res
+
+-let encapsulate #p
++let encapsulate
+ (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
+- (randomness: t_Array u8 (sz 32)) =
++ (randomness: t_Array u8 (sz 32))
++ =
+ let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64)
+ (Rust_primitives.unsize randomness <: t_Slice u8)
+@@ -277,10 +234,6 @@
+ <:
+ t_Slice u8)
+ in
+- assert (Seq.slice to_hash 0 (v Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) == randomness);
+- lemma_slice_append to_hash randomness (Spec.Kyber.v_H public_key.f_value);
+- assert (to_hash == concat randomness (Spec.Kyber.v_H public_key.f_value));
+-
+ let hashed:t_Array u8 (sz 64) =
+ Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8)
+ in
+@@ -289,7 +242,7 @@
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+ in
+ let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE =
+- Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
++ Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE
+ v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN
+ v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE
+@@ -299,17 +252,23 @@
+ <:
+ t_Slice u8) randomness pseudorandomness
+ in
+- Core.Convert.f_into ciphertext,
+- Core.Result.impl__unwrap (Core.Convert.f_try_into shared_secret
+- <:
+- Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)
++ let shared_secret:t_Array u8 (sz 32) =
++ match Core.Convert.f_try_into shared_secret with
++ | Core.Result.Result_Ok shared_secret -> shared_secret
++ | Core.Result.Result_Err _ ->
++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic"
++ <:
++ Rust_primitives.Hax.t_Never)
++ in
++ Core.Convert.f_into ciphertext, shared_secret
+ <:
+ (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+
+-let generate_keypair #p
++let generate_keypair
+ (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+- (randomness: t_Array u8 (sz 64)) =
++ (randomness: t_Array u8 (sz 64))
++ =
+ let ind_cpa_keypair_randomness:t_Slice u8 =
+ randomness.[ {
+ Core.Ops.Range.f_start = sz 0;
+@@ -327,7 +286,7 @@
+ in
+ let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE &
+ t_Array u8 v_PUBLIC_KEY_SIZE) =
+- Libcrux.Kem.Kyber.Ind_cpa.generate_keypair #p v_K
++ Libcrux.Kem.Kyber.Ind_cpa.generate_keypair v_K
+ v_CPA_PRIVATE_KEY_SIZE
+ v_PUBLIC_KEY_SIZE
+ v_BYTES_PER_RING_ELEMENT
+@@ -336,7 +295,7 @@
+ ind_cpa_keypair_randomness
+ in
+ let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
+- serialize_kem_secret_key #p v_PRIVATE_KEY_SIZE
++ serialize_kem_secret_key v_PRIVATE_KEY_SIZE
+ (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8)
+ (Rust_primitives.unsize public_key <: t_Slice u8)
+ implicit_rejection_value
+@@ -349,4 +308,3 @@
+ v_PUBLIC_KEY_SIZE
+ private_key
+ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
+-
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.850759480 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.895758160 +0100
+@@ -10,75 +10,31 @@
+ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +!
+ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE
+
+-val serialize_kem_secret_key (#p:Spec.Kyber.params)
++val serialize_kem_secret_key
+ (v_SERIALIZED_KEY_LEN: usize)
+ (private_key public_key implicit_rejection_value: t_Slice u8)
+- : Pure (t_Array u8 v_SERIALIZED_KEY_LEN)
+- (requires (length private_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
+- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- length implicit_rejection_value == Spec.Kyber.v_SHARED_SECRET_SIZE /\
+- v_SERIALIZED_KEY_LEN == Spec.Kyber.v_SECRET_KEY_SIZE p))
+- (ensures (fun res -> res ==
+- Seq.append private_key (
+- Seq.append public_key (
+- Seq.append (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value))))
++ : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val decapsulate (#p:Spec.Kyber.params)
++val decapsulate
+ (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE:
+ usize)
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE)
+ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE)
+- : Pure (t_Array u8 (sz 32))
+- (requires ( p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\
+- Spec.Kyber.valid_params p /\
+- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
+- v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
+- v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p /\
+- v_SECRET_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\
+- v_CPA_SECRET_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
+- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
+- v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\
+- v_C1_BLOCK_SIZE == Spec.Kyber.v_C1_BLOCK_SIZE p /\
+- v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\
+- v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p
+- ))
+- (ensures (fun res ->
+- res == Spec.Kyber.ind_cca_decapsulate p secret_key.f_value ciphertext.f_value))
++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+-val encapsulate (#p:Spec.Kyber.params)
++val encapsulate
+ (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE)
+ (randomness: t_Array u8 (sz 32))
+- : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
+- (requires (p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\
+- Spec.Kyber.valid_params p /\
+- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
+- v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
+- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
+- v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\
+- v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\
+- v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\
+- v_VECTOR_U_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p
+- ))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+- (ensures (fun (ct,ss) ->
+- (ct.f_value,ss) == Spec.Kyber.ind_cca_encapsulate p public_key.f_value randomness))
+-
+-
+-val generate_keypair (#p:Spec.Kyber.params)
++val generate_keypair
+ (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+ (randomness: t_Array u8 (sz 64))
+- : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
+- (requires (v_K == p.v_RANK /\ v_ETA1 == p.v_ETA1 /\
+- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
+- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- v_CPA_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
+- v_PRIVATE_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\
+- v_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p
+- ))
+- (ensures (fun kp ->
+- (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.830760066 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.893758219 +0100
+@@ -3,27 +3,18 @@
+ open Core
+ open FStar.Mul
+
+-let v_G (input: t_Slice u8) =
+- let res = Libcrux.Digest.sha3_512_ input in
+- admit(); // We assume that sha3_512 correctly implements G
+- res
++let v_G (input: t_Slice u8) = Libcrux.Digest.sha3_512_ input
+
+-let v_H (input: t_Slice u8) =
+- let res = Libcrux.Digest.sha3_256_ input in
+- admit(); // We assume that sha3_512 correctly implements H
+- res
++let v_H (input: t_Slice u8) = Libcrux.Digest.sha3_256_ input
+
+-let v_PRF (v_LEN: usize) (input: t_Slice u8) =
+- let res = Libcrux.Digest.shake256 v_LEN input in
+- admit(); // We assume that sha3_512 correctly implements H
+- res
++let v_PRF (v_LEN: usize) (input: t_Slice u8) = Libcrux.Digest.shake256 v_LEN input
+
+ let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) =
+ let out:t_Array (t_Array u8 (sz 840)) v_K =
+ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K
+ in
+ let out:t_Array (t_Array u8 (sz 840)) v_K =
+- if ~.(Libcrux_platform.simd256_support <: bool) || ~.false
++ if ~.(Libcrux_platform.simd256_support () <: bool) || ~.true
+ then
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+@@ -47,7 +38,7 @@
+ t_Array (t_Array u8 (sz 840)) v_K)
+ else
+ let out:t_Array (t_Array u8 (sz 840)) v_K =
+- match cast (v_K <: usize) <: u8 with
++ match cast (v_K <: usize) <: pub_u8 with
+ | 2uy ->
+ let d0, d1, _, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) &
+ t_Array u8 (sz 840)) =
+@@ -109,5 +100,4 @@
+ in
+ out
+ in
+- admit(); //P-F
+ out
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.855759333 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.867758981 +0100
+@@ -3,24 +3,12 @@
+ open Core
+ open FStar.Mul
+
+-val v_G (input: t_Slice u8)
+- : Pure (t_Array u8 (sz 64))
+- (requires True)
+- (ensures (fun res -> res == Spec.Kyber.v_G input))
++val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True)
+
+-val v_H (input: t_Slice u8)
+- : Pure (t_Array u8 (sz 32))
+- (requires True)
+- (ensures (fun res -> res == Spec.Kyber.v_H input))
++val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+ val v_PRF (v_LEN: usize) (input: t_Slice u8)
+- : Pure (t_Array u8 v_LEN)
+- (requires True)
+- (ensures (fun res -> res == Spec.Kyber.v_PRF v_LEN input))
++ : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K)
+- : Pure (t_Array (t_Array u8 (sz 840)) v_K)
+- (requires True)
+- (ensures (fun res ->
+- (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i))))
+-
++ : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-02-01 11:03:26.903757925 +0100
+@@ -0,0 +1,6 @@
++module Libcrux.Kem.Kyber.Helper
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
++open Core
++open FStar.Mul
++
++
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.853759392 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.898758072 +0100
+@@ -1,5 +1,5 @@
+ module Libcrux.Kem.Kyber.Ind_cpa
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+@@ -37,37 +37,33 @@
+ in
+ out
+
+-unfold let acc_t (v_K v_ETA:usize) = (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) v_K)
+-unfold let inv_t v_K v_ETA = acc_t v_K v_ETA -> usize -> Type
+-
+-let wfZero: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
+-
+-let etaZero (v_ETA:usize{v v_ETA >= 1 /\ v v_ETA < pow2 31}): Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA) =
+- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #(v v_ETA) Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
+-
+-let sample_vector_cbd (#p:Spec.Kyber.params)
++let sample_ring_element_cbd
+ (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
+- (prf_input: t_Array u8 (sz 33)) domain_separator =
+- let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K =
+- Rust_primitives.Hax.repeat (etaZero (sz (pow2 (v v_ETA2) - 1))) v_K
+- in
+- let orig_domain_separator = domain_separator in
+- [@ inline_let]
+- let inv : inv_t v_K v_ETA2 = fun (acc:acc_t v_K v_ETA2) (i:usize) ->
+- let (domain_separator,prf_input,error_1_) = acc in
+- if (i >=. sz 0 && i <=. v_K)
+- then
+- domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i))
+- else true in
+- let (domain_separator, prf_input, error_1_):acc_t v_K (v_ETA2) =
+- Rust_primitives.Iterators.foldi_range #_ #(acc_t v_K (v_ETA2)) #inv {
++ (prf_input: t_Array u8 (sz 33))
++ (domain_separator: u8)
++ =
++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let domain_separator, error_1_, prf_input:(u8 &
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
++ t_Array u8 (sz 33)) =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- (domain_separator, prf_input, error_1_)
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ (domain_separator, error_1_, prf_input
++ <:
++ (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & t_Array u8 (sz 33))
++ )
+ (fun temp_0_ i ->
+- let domain_separator, prf_input, error_1_:acc_t v_K (v_ETA2) =
++ let domain_separator, error_1_, prf_input:(u8 &
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
++ t_Array u8 (sz 33)) =
+ temp_0_
+ in
+ let i:usize = i in
+@@ -81,46 +77,49 @@
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K =
++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_
+ i
+- (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2
++ (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1))
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- domain_separator, prf_input, error_1_)
++ domain_separator, error_1_, prf_input
++ <:
++ (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
++ t_Array u8 (sz 33)))
+ in
+- let hax_temp_output:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = error_1_ in
+- admit(); //P-F
++ let hax_temp_output:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = error_1_ in
+ prf_input, domain_separator, hax_temp_output
+ <:
+- (t_Array u8 (sz 33) & u8 & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA2)) v_K)
++ (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+
+-#push-options "--split_queries no --z3rlimit 300"
+-let sample_vector_cbd_then_ntt (#p:Spec.Kyber.params)
++let sample_vector_cbd_then_ntt
+ (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+- (prf_input: t_Array u8 (sz 33)) domain_separator =
+- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat (wfZero) v_K
+- in
+- let orig_domain_separator = domain_separator in
+- [@ inline_let]
+- let inv: (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K) -> usize -> Type = fun acc i ->
+- let (domain_separator,prf_input,re_as_ntt) = acc in
+- if (i >=. sz 0 && i <=. v_K)
+- then
+- domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i))
+- else true in
+- let (domain_separator, prf_input, re_as_ntt):(u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K)=
+- Rust_primitives.Iterators.foldi_range #_ #_ #inv {
++ (prf_input: t_Array u8 (sz 33))
++ (domain_separator: u8)
++ =
++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) &
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- (domain_separator, prf_input, re_as_ntt)
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ (domain_separator, prf_input, re_as_ntt
++ <:
++ (u8 & t_Array u8 (sz 33) & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ )
+ (fun temp_0_ i ->
+ let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
+ temp_0_
+ in
+ let i:usize = i in
+@@ -134,74 +133,64 @@
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1) =
+- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA
++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ in
+- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b r in
+- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element r
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+ domain_separator, prf_input, re_as_ntt
+ <:
+ (u8 & t_Array u8 (sz 33) &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K))
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+ in
+- admit(); //P-F
+ re_as_ntt, domain_separator
+ <:
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8)
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8)
+
+-
+-let compress_then_serialize_u #p v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN input =
++let compress_then_serialize_u
++ (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ =
+ let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+- let orig_out = out in
+- let acc_t = t_Array u8 v_OUT_LEN in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+ let out:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv
+- input
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Iter.Traits.Collect.f_into_iter input
++ <:
++ Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+ out
+ (fun out temp_1_ ->
+ let out:t_Array u8 v_OUT_LEN = out in
+- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in
+- assert (i <. v_K);
+- assert (v i + 1 <= v v_K);
+- assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN);
+- assert (((v i + 1) * (v v_OUT_LEN / v v_K)) <= v v_OUT_LEN);
+- assert (v_OUT_LEN /! v_K == Spec.Kyber.v_C1_BLOCK_SIZE p);
+- assert (range (v i * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype);
+- assert (range ((v i + 1) * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype);
+- assert ((Core.Ops.Range.impl_index_range_slice u8 usize_inttype).in_range out
+- {
+- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
+- Core.Ops.Range.f_end
+- =
+- (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
+- });
+- assert (((i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p) -! (i *! Spec.Kyber.v_C1_BLOCK_SIZE p) == Spec.Kyber.v_C1_BLOCK_SIZE p);
++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
+- Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
++ Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize;
++ Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+ (Core.Slice.impl__copy_from_slice (out.[ {
+- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize;
++ Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize;
+ Core.Ops.Range.f_end
+ =
+- (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize
+- } ]
++ (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize
++ }
++ <:
++ Core.Ops.Range.t_Range usize ]
+ <:
+ t_Slice u8)
+- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u #p
++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u
+ v_COMPRESSION_FACTOR
+ v_BLOCK_LEN
+ re
+@@ -214,234 +203,201 @@
+ <:
+ t_Array u8 v_OUT_LEN)
+ in
+- admit();//P-F
+ out
+
+-#push-options "--split_queries always"
+-let deserialize_then_decompress_u (#p:Spec.Kyber.params)
+- (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize)
+- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) =
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat wfZero v_K
+- in
+- let acc_t1 = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
+- [@ inline_let]
+- let inv = fun (acc:acc_t1) (i:usize) -> True in
+- let sl : t_Slice u8 = ciphertext.[
+- { Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in
+- assert (length sl == v_VECTOR_U_ENCODED_SIZE);
+- let chunk_len = ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
++let deserialize_then_decompress_u
++ (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
++ =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8)
++ ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *!
+ v_U_COMPRESSION_FACTOR
+ <:
+ usize) /!
+ sz 8
+ <:
+- usize) in
+- FStar.Math.Lemmas.cancel_mul_mod (v p.v_RANK) (v (Spec.Kyber.v_C1_BLOCK_SIZE p)) ;
+- assert (v chunk_len == v (Spec.Kyber.v_C1_BLOCK_SIZE p));
+- assert (Seq.length sl % v (Spec.Kyber.v_C1_BLOCK_SIZE p) = 0);
+- assert (Seq.length sl == v (Spec.Kyber.v_C1_SIZE p));
+- assert (Seq.length sl / v (Spec.Kyber.v_C1_BLOCK_SIZE p) == v v_K);
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t1 #inv
+- sl
+- chunk_len
++ usize)
++ <:
++ Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ u_as_ntt
+ (fun u_as_ntt temp_1_ ->
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ u_as_ntt
+ in
+- let i, u_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
+- let u:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let i, u_bytes:(usize & t_Slice u8) = temp_1_ in
++ let u:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR
+ u_bytes
+ in
+- assert (v i < v v_K);
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR u
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+ u_as_ntt)
+ in
+- admit(); //P-F
+ u_as_ntt
+-#pop-options
+
+-#push-options "--z3rlimit 200"
+-let deserialize_public_key (#p:Spec.Kyber.params)
+- (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) =
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat wfZero v_K
+- in
+- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+- let sl : t_Slice u8 = public_key.[
+- { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in
+- let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
+- sl
+- chunk_len
++let deserialize_public_key (v_K: usize) (public_key: t_Slice u8) =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact public_key
++ Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT
++ <:
++ Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ tt_as_ntt
+ (fun tt_as_ntt temp_1_ ->
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ tt_as_ntt
+ in
+- let i, tt_as_ntt_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
++ let i, tt_as_ntt_bytes:(usize & t_Slice u8) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element tt_as_ntt_bytes
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ in
+- admit(); //P-F
+- tt_as_ntt
+-#pop-options
+-
+-#push-options "--split_queries always"
+-let deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) =
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat wfZero v_K
+- in
+- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+- let sl : t_Slice u8 = secret_key in
+- let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in
+- assert(v chunk_len == 384);
+- assert(Seq.length secret_key == v (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p));
+- assert(Seq.length secret_key == (v v_K * 256 * 12)/8);
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
+- sl
+- chunk_len
++ tt_as_ntt
++
++let deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) =
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact secret_key
++ Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT
++ <:
++ Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ secret_as_ntt
+ (fun secret_as_ntt temp_1_ ->
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ secret_as_ntt
+ in
+- let i, secret_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in
++ let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt
+ i
+ (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element secret_bytes
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ in
+- admit(); //P-F
+ secret_as_ntt
+-#pop-options
+
+-#push-options "--z3rlimit 400 --split_queries no"
+-let decrypt #p
++let decrypt
+ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+ usize)
+ (secret_key: t_Slice u8)
+- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) =
+- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- deserialize_then_decompress_u #p v_K
+- v_CIPHERTEXT_SIZE
+- v_VECTOR_U_ENCODED_SIZE
+- v_U_COMPRESSION_FACTOR
+- ciphertext
++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
++ =
++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext
+ in
+- let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v #p v_V_COMPRESSION_FACTOR
++ let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR
+ (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE }
+ <:
+ Core.Ops.Range.t_RangeFrom usize ]
+ <:
+ t_Slice u8)
+ in
+- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- deserialize_secret_key #p v_K secret_key
++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ deserialize_secret_key v_K secret_key
+ in
+- let message:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Matrix.compute_message #p v_K v secret_as_ntt u_as_ntt
++ let message:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Matrix.compute_message v_K v secret_as_ntt u_as_ntt
+ in
+- let res = Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message in
+- res
+-#pop-options
+-
+-#push-options "--z3rlimit 200"
+-let encrypt #p
+- v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE
++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message
++
++let encrypt
++ (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
++ usize)
+ (public_key: t_Slice u8)
+ (message: t_Array u8 (sz 32))
+- (randomness: t_Slice u8) =
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- deserialize_public_key #p v_K v_T_AS_NTT_ENCODED_SIZE public_key
++ (randomness: t_Slice u8)
++ =
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ deserialize_public_key v_K public_key
+ in
+ let seed:t_Slice u8 =
+ public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE }
+ <:
+ Core.Ops.Range.t_RangeFrom usize ]
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+- Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K
+ (into_padded_array (sz 34) seed <: t_Array u8 (sz 34))
+ false
+ in
+ let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in
+- let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K &
++ let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K &
+ u8) =
+- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
+ in
+- assert (v domain_separator == v v_K);
+ let tmp0, tmp1, out:(t_Array u8 (sz 33) & u8 &
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+- sample_vector_cbd #p v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
++ sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator
+ in
+ let prf_input:t_Array u8 (sz 33) = tmp0 in
+ let domain_separator:u8 = tmp1 in
+- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = out in
++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = out in
+ let prf_input:t_Array u8 (sz 33) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator
+ in
+- assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator)));
+- assert (prf_input == Seq.append randomness (Seq.create 1 domain_separator));
+ let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE =
+ Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE
+ (Rust_primitives.unsize prf_input <: t_Slice u8)
+ in
+- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1) =
+- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2
++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2
+ (Rust_primitives.unsize prf_output <: t_Slice u8)
+ in
+- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b error_2_ in
+- let u:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Libcrux.Kem.Kyber.Matrix.compute_vector_u #p v_K v_A_transpose r_as_ntt error_1_
++ let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Libcrux.Kem.Kyber.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_
+ in
+- let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message message
+ in
+- let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Matrix.compute_ring_element_v #p v_K
++ let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Matrix.compute_ring_element_v v_K
+ tt_as_ntt
+ r_as_ntt
+ error_2_
+ message_as_ring_element
+ in
+ let c1:t_Array u8 v_C1_LEN =
+- compress_then_serialize_u #p v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u
++ compress_then_serialize_u v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u
+ in
+ let c2:t_Array u8 v_C2_LEN =
+- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v #p v_V_COMPRESSION_FACTOR
++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR
+ v_C2_LEN
+ v
+ in
+- assert (v_C1_LEN = Spec.Kyber.v_C1_SIZE p);
+- assert (v_C2_LEN = Spec.Kyber.v_C2_SIZE p);
+- assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN);
+- assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE);
+ let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE =
+ into_padded_array v_CIPHERTEXT_SIZE (Rust_primitives.unsize c1 <: t_Slice u8)
+ in
+@@ -457,25 +413,28 @@
+ <:
+ t_Slice u8)
+ in
+- lemma_slice_append ciphertext c1 c2;
+ ciphertext
+-#pop-options
+
+-let serialize_secret_key (#p:Spec.Kyber.params)
++let serialize_secret_key
+ (v_K v_OUT_LEN: usize)
+- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ =
+ let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+- let orig_out = out in
+- let acc_t = t_Array u8 v_OUT_LEN in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+ let out:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv
+- key
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Iter.Traits.Collect.f_into_iter key
++ <:
++ Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
+ out
+ (fun out temp_1_ ->
+ let out:t_Array u8 v_OUT_LEN = out in
+- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in
++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+ Core.Ops.Range.f_start
+@@ -514,14 +473,13 @@
+ <:
+ t_Array u8 v_OUT_LEN)
+ in
+- admit(); //P-F
+ out
+
+-
+-let serialize_public_key (#p:Spec.Kyber.params)
++let serialize_public_key
+ (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (seed_for_a: t_Slice u8) =
++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ (seed_for_a: t_Slice u8)
++ =
+ let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+ Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE
+ in
+@@ -538,7 +496,7 @@
+ Core.Ops.Range.t_Range usize ]
+ <:
+ t_Slice u8)
+- (Rust_primitives.unsize (serialize_secret_key #p v_K
++ (Rust_primitives.unsize (serialize_secret_key v_K
+ v_RANKED_BYTES_PER_RING_ELEMENT
+ tt_as_ntt
+ <:
+@@ -564,49 +522,42 @@
+ <:
+ t_Slice u8)
+ in
+- lemma_slice_append public_key_serialized
+- (Spec.Kyber.vector_encode_12 (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt))
+- seed_for_a;
+ public_key_serialized
+
+-
+-let generate_keypair #p
++let generate_keypair
+ (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+- (key_generation_seed: t_Slice u8) =
++ (key_generation_seed: t_Slice u8)
++ =
+ let hashed:t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in
+ let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32)
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+- Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K
+ (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34))
+ true
+ in
+ let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) =
+ into_padded_array (sz 33) seed_for_secret_and_error
+ in
+- let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ v_K &
+ u8) =
+- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy
+ in
+- let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) =
+- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator
++ let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) =
++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator
+ in
+- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Libcrux.Kem.Kyber.Matrix.compute_As_plus_e #p v_K v_A_transpose secret_as_ntt error_as_ntt
++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Libcrux.Kem.Kyber.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt
+ in
+ let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE =
+- serialize_public_key #p v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A
++ serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A
+ in
+ let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE =
+- serialize_secret_key #p v_K v_PRIVATE_KEY_SIZE secret_as_ntt
++ serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt
+ in
+- let res =
+ secret_key_serialized, public_key_serialized
+ <:
+ (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+- in
+- res
+-
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.843759685 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.864759069 +0100
+@@ -1,152 +1,80 @@
+ module Libcrux.Kem.Kyber.Ind_cpa
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-val into_padded_array (v_LEN: usize) (slice: t_Slice u8) :
+- Pure (t_Array u8 v_LEN)
+- (requires (length slice <=. v_LEN))
+- (ensures (fun res -> Seq.slice res 0 (Seq.length slice) == slice))
++val into_padded_array (v_LEN: usize) (slice: t_Slice u8)
++ : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val sample_vector_cbd (#p:Spec.Kyber.params)
++val sample_ring_element_cbd
+ (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize)
+ (prf_input: t_Array u8 (sz 33))
+ (domain_separator: u8)
+- : Pure (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires v domain_separator <= v v_K /\ v_K <=. sz 4 /\
+- v_K = p.v_RANK /\ v_ETA2 = p.v_ETA2 /\
+- v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p)
+- (ensures (fun (prf,ds,x) -> v ds == v domain_separator + v v_K /\
+- Seq.slice prf 0 32 == Seq.slice prf_input 0 32 /\
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x ==
+- Spec.Kyber.sample_vector_cbd #p (Seq.slice prf_input 0 32) (sz (v domain_separator))))
++ : Prims.Pure
++ (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-
+-val sample_vector_cbd_then_ntt (#p:Spec.Kyber.params)
++val sample_vector_cbd_then_ntt
+ (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
+ (prf_input: t_Array u8 (sz 33))
+- (domain_separator: u8{v domain_separator <= v v_K /\ v_K <=. sz 4})
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8)
+- (requires (v_K == p.v_RANK /\ v_ETA == p.v_ETA1 /\ v_ETA_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p))
+- (ensures (fun (x,ds) -> v ds == v domain_separator + v v_K /\
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x ==
+- Spec.Kyber.sample_vector_cbd_then_ntt #p (Seq.slice prf_input 0 32) (sz (v domain_separator))))
++ (domain_separator: u8)
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val compress_then_serialize_u (#p:Spec.Kyber.params)
++val compress_then_serialize_u
+ (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize)
+- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- : Pure (t_Array u8 v_OUT_LEN)
+- (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_C1_SIZE p /\
+- v_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
+- v_BLOCK_LEN = Spec.Kyber.v_C1_BLOCK_SIZE p))
+- (ensures (fun res ->
+- res == Spec.Kyber.compress_then_encode_u p
+- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p input)))
++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_u (#p:Spec.Kyber.params)
+- (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize)
++val deserialize_then_decompress_u
++ (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
+ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires v_K == p.v_RANK /\
+- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
+- v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\
+- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR)
+- (ensures fun res ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res ==
+- Spec.Kyber.(vector_ntt (decode_then_decompress_u p (Seq.slice ciphertext 0 (v (Spec.Kyber.v_C1_SIZE p))))))
+-
+-val deserialize_public_key (#p:Spec.Kyber.params)
+- (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8)
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires v_K == p.v_RANK /\
+- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p)
+- (ensures fun res ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b res ==
+- Spec.Kyber.vector_decode_12 #p (slice public_key (sz 0) v_T_AS_NTT_ENCODED_SIZE))
+-
+-val deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8)
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires v_K == p.v_RANK /\
+- length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)
+- (ensures fun res ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res ==
+- Spec.Kyber.vector_decode_12 #p secret_key)
+-
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val deserialize_public_key (v_K: usize) (public_key: t_Slice u8)
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8)
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val decrypt (#p:Spec.Kyber.params)
++val decrypt
+ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
+ usize)
+ (secret_key: t_Slice u8)
+ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE)
+- : Pure (t_Array u8 (sz 32))
+- (requires (v_K == p.v_RANK /\
+- length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
+- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
+- v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\
+- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
+- v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR))
+- (ensures (fun res ->
+- res == Spec.Kyber.ind_cpa_decrypt p secret_key ciphertext))
+-
++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+-val encrypt (#p:Spec.Kyber.params)
++val encrypt
+ (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
+ usize)
+ (public_key: t_Slice u8)
+ (message: t_Array u8 (sz 32))
+- (randomness: t_Slice u8{length randomness <. sz 33})
+- : Pure (t_Array u8 v_CIPHERTEXT_SIZE)
+- (requires (v_K == p.v_RANK /\
+- v_ETA1 = p.v_ETA1 /\
+- v_ETA1_RANDOMNESS_SIZE = Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
+- v_ETA2 = p.v_ETA2 /\
+- v_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p /\
+- v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\
+- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\
+- v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR /\
+- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- length randomness == Spec.Kyber.v_SHARED_SECRET_SIZE /\
+- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\
+- v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\
+- v_C1_LEN == Spec.Kyber.v_C1_SIZE p /\
+- v_C2_LEN == Spec.Kyber.v_C2_SIZE p))
+- (ensures (fun ct -> ct == Spec.Kyber.ind_cpa_encrypt p public_key message randomness))
+-
+-val serialize_secret_key (#p:Spec.Kyber.params)
++ (randomness: t_Slice u8)
++ : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True)
++
++val serialize_secret_key
+ (v_K v_OUT_LEN: usize)
+- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- : Pure (t_Array u8 v_OUT_LEN)
+- (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p))
+- (ensures (fun res ->
+- res == Spec.Kyber.vector_encode_12 #p
+- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p key)))
+-
+-val serialize_public_key (#p:Spec.Kyber.params)
++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
++
++val serialize_public_key
+ (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize)
+- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ (seed_for_a: t_Slice u8)
+- : Pure (t_Array u8 v_PUBLIC_KEY_SIZE)
+- (requires (v_K == p.v_RANK /\
+- v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\
+- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- length seed_for_a == sz 32))
+- (ensures (fun res -> res == Seq.append (Spec.Kyber.vector_encode_12
+- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt))
+- seed_for_a))
++ : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True)
+
+-val generate_keypair (#p:Spec.Kyber.params)
++val generate_keypair
+ (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
+ usize)
+ (key_generation_seed: t_Slice u8)
+- : Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
+- (requires (v_K == p.v_RANK /\
+- v_ETA1 == p.v_ETA1 /\
+- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\
+- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\
+- v_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\
+- v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\
+- length key_generation_seed == Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE))
+- (ensures (fun (sk,pk) -> (sk,pk) == Spec.Kyber.ind_cpa_generate_keypair p key_generation_seed))
+-
+-
++ : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.815760506 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.874758776 +0100
+@@ -3,23 +3,22 @@
+ open Core
+ open FStar.Mul
+
+-let decapsulate_1024_
++let decapsulate_1024_
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) =
+- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber1024_params
+- (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408)
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568))
++ =
++ Libcrux.Kem.Kyber.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408)
+ (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext
+
+ let encapsulate_1024_
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568))
+- (randomness: t_Array u8 (sz 32)) =
+- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber1024_params
+- (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11)
++ (randomness: t_Array u8 (sz 32))
++ =
++ Libcrux.Kem.Kyber.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11)
+ (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness
+
+ let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber1024_params
+- (sz 4)
++ Libcrux.Kem.Kyber.generate_keypair (sz 4)
+ (sz 1536)
+ (sz 3168)
+ (sz 1568)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.835759920 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.917757515 +0100
+@@ -5,21 +5,20 @@
+
+ let decapsulate_512_
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) =
+- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber512_params
+- (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640)
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768))
++ =
++ Libcrux.Kem.Kyber.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640)
+ (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext
+
+ let encapsulate_512_
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800))
+- (randomness: t_Array u8 (sz 32)) =
+- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber512_params
+- (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4)
++ (randomness: t_Array u8 (sz 32))
++ =
++ Libcrux.Kem.Kyber.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4)
+ (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness
+
+ let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber512_params
+- (sz 2)
++ Libcrux.Kem.Kyber.generate_keypair (sz 2)
+ (sz 768)
+ (sz 1632)
+ (sz 800)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.833759978 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.910757720 +0100
+@@ -3,24 +3,22 @@
+ open Core
+ open FStar.Mul
+
+-
+ let decapsulate_768_
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400))
+- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) =
+- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber768_params
+- (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960)
++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088))
++ =
++ Libcrux.Kem.Kyber.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960)
+ (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext
+
+ let encapsulate_768_
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184))
+- (randomness: t_Array u8 (sz 32)) =
+- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber768_params
+- (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10)
++ (randomness: t_Array u8 (sz 32))
++ =
++ Libcrux.Kem.Kyber.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10)
+ (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness
+
+ let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) =
+- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber768_params
+- (sz 3)
++ Libcrux.Kem.Kyber.generate_keypair (sz 3)
+ (sz 1152)
+ (sz 2400)
+ (sz 1184)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.822760301 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.879758629 +0100
+@@ -74,19 +74,16 @@
+ val decapsulate_768_
+ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400))
+ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088))
+- : Pure (t_Array u8 (sz 32))
+- (requires True)
+- (ensures (fun res -> res == Spec.Kyber.kyber768_decapsulate secret_key.f_value ciphertext.f_value))
++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+ val encapsulate_768_
+ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184))
+ (randomness: t_Array u8 (sz 32))
+- : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32))
+- (requires True)
+- (ensures (fun (ct,ss)-> (ct.f_value,ss) == Spec.Kyber.kyber768_encapsulate public_key.f_value randomness))
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32))
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val generate_key_pair_768_ (randomness: t_Array u8 (sz 64))
+- : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184))
+- (requires (True))
+- (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness))
+-
++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184))
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.858759245 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.883758512 +0100
+@@ -3,418 +3,432 @@
+ open Core
+ open FStar.Mul
+
+-open Libcrux.Kem.Kyber.Arithmetic
+-
+-let op_Array_Access (x:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) (i:usize{v i < 256}): i32 =
+- x.f_coefficients.[i]
+-
+-
+-#push-options "--ifuel 0 --z3rlimit 700"
+-let compute_As_plus_e v_K matrix_A s_as_ntt error_as_ntt =
+- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
+- let result:t_Array wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat wfZero v_K
+- in
+- [@ inline_let]
+- let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) ->
+- (v i <= v v_K) /\
+- (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero)
+- in
+- assert (inv0 result (sz 0));
+- let result:t_Array wfPolynomialRingElement v_K =
+- Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #(t_Array wfPolynomialRingElement v_K) #inv0
+- matrix_A
++let compute_As_plus_e
++ (v_K: usize)
++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A
++ <:
++ t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Slice.Iter.t_Iter
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
+ result
+ (fun result temp_1_ ->
+- let orig_result = result in
+- let orig_result_cast = (cast_vector_b #v_K #3328 #(v v_K * 3328) orig_result) in
+- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in
++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
+ temp_1_
+ in
+- [@ inline_let]
+- let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) ->
+- (v inner <= v v_K) /\
+- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) (v inner * 3328))
+- in
+- assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0);
+- assert(inv1 orig_result_cast (sz 0));
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
+- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv1
+- row
+- orig_result_cast
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter (Rust_primitives.unsize row
++ <:
++ t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ <:
++ Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
++ result
+ (fun result temp_1_ ->
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ result
++ in
+ let j, matrix_element:(usize &
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ temp_1_
+ in
+- let resulti = down_cast_poly_b #(v v_K * 3328) #(v j * 3328) result.[i] in
+- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply matrix_element
+- (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) =
+- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K
+- resulti
+- product) in
+- let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(v v_K * 3328) product_sum in
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- product_sum
++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K
++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ product
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+ result)
+ in
+- let result1 = result in
+- [@ inline_let]
+- let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) ->
+- (v inner <= 256) /\
+- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)).f_coefficients.[j] 3328))
+- // And all indexes above v inner are unchanged from result1
+- in
+- assert (inv2 result1 (sz 0));
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K =
+- Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv2 {
+- Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- }
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ Core.Ops.Range.f_start = sz 0;
++ Core.Ops.Range.f_end
++ =
++ Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ result
+- (fun result j ->
+- let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = result in
++ (fun result j ->
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ result
++ in
+ let j:usize = j in
+- let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) in
+- let coefficient_normal_form: i32_b ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) =
+- Libcrux.Kem.Kyber.Arithmetic.to_standard_domain #(v v_K * 3328) (resulti
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ])
++ let coefficient_normal_form:i32 =
++ Libcrux.Kem.Kyber.Arithmetic.to_standard_domain ((result.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
++ <:
++ i32)
+ in
+- assert ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665 <= 1940);
+- let coefficient_normal_form: i32_b 1940 = cast_i32_b #((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) #1940 coefficient_normal_form in
+- let x1: i32_b 3328 = (error_as_ntt.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] in
+- let x2: i32_b 5268 = add_i32_b coefficient_normal_form x1 in
+- assert (5268 <= v v_BARRETT_R /\ v v_BARRETT_R < pow2 31);
+- let x3: i32_b (v v_BARRETT_R) = cast_i32_b #5268 #(v v_BARRETT_R) x2 in
+- let resultij: i32_b 3328 = Libcrux.Kem.Kyber.Arithmetic.barrett_reduce x3 in
+- let resultij: i32_b (v v_K * 3328) = cast_i32_b #3328 #(v v_K * 3328) resultij in
+- let resulti_coeffs =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize
+- (resulti.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- j resultij in
+- let result =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+ ({
+- resulti with
++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- = resulti_coeffs
++ =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ j
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +!
++ ((error_as_ntt.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ t_Array i32 (sz 256)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K*3328)) in
+- assert ((result.[i]).f_coefficients.[j] == resultij);
+- assert(inv2 result (j +! sz 1));
+- let result: x:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K{inv2 x (j +! mk_int 1)} = result in
+- result) in
+- assert (v i + 1 < v v_K ==> result.[i +! sz 1] == orig_result_cast.[i +! sz 1]);
+- let result: t_Array wfPolynomialRingElement v_K =
+- down_cast_vector_b #v_K #(v v_K * 3328) #3328 result in
+- assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]);
+- assume (inv0 result (i +! sz 1));
+- result)
+- in
+- admit(); //P-F
+- result
+-#pop-options
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)))
++ in
++ result
+
+-#push-options "--ifuel 0 --z3rlimit 100"
+-let compute_message #p v_K m_v secret_as_ntt u_as_ntt =
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+- in
+- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) ->
+- (v i <= v v_K) /\
+- (poly_range #(v v_K * 3328) acc (v i * 3328))
++let compute_message
++ (v_K: usize)
++ (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
+- Rust_primitives.Iterators.foldi_range #_ #acc_t #inv {
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
+- result
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ result
+ (fun result i ->
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+ let i:usize = i in
+- let result:t_PolynomialRingElement_b (v i * 3328) =
+- down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in
+- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply (secret_as_ntt.[ i ]
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i+1) * 3328) =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product
+ in
+- let result = cast_poly_b #((v i + 1) * 3328) #(v v_K * 3328) result in
+- assert(inv result (i +! sz 1));
+ result)
+ in
+- let acc_t = t_PolynomialRingElement_b (64*v v_K*3328) in
+- let result:acc_t = Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
+ in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) ->
+- (v i <= 256) /\
+- (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K*3328) =
+- Rust_primitives.Iterators.foldi_range #_ #_ #inv {
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+- result
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ result
+ (fun result i ->
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
+ let i:usize = i in
+- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
+- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
+- result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
+- let resulti : i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((m_v
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- <:
+- i32) -!
+- coefficient_normal_form
+- <:
+- i32)
++ let coefficient_normal_form:i32 =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+ <:
+- i32) in
+- let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in
+- let result =
++ i32) *!
++ 1441l
++ <:
++ i32)
++ in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ result with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i resulti
++ i
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((v
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32) -!
++ coefficient_normal_form
++ <:
++ i32)
++ <:
++ i32)
+ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- assert (inv result (i +! sz 1));
+ result)
+ in
+- admit(); //P-F
+ result
+-#pop-options
+
+-#push-options "--ifuel 0 --z3rlimit 100"
+-let compute_ring_element_v v_K tt_as_ntt r_as_ntt error_2_ message =
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+- in
+- [@ inline_let]
+- let inv = fun (acc:t_PolynomialRingElement_b (v v_K * 3328)) (i:usize) ->
+- (v i <= 256) /\
+- (poly_range acc (v i * 3328)) in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) =
+- Rust_primitives.Iterators.foldi_range #_ #_ #inv ({
++let compute_ring_element_v
++ (v_K: usize)
++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+ }
++ <:
++ Core.Ops.Range.t_Range usize)
+ <:
+ Core.Ops.Range.t_Range usize)
+ result
+ (fun result i ->
+- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ let i:usize = i in
++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply (tt_as_ntt.[ i ]
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- let result:t_PolynomialRingElement_b (v i * 3328) =
+- down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i + 1) * 3328) =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product
+ in
+- cast_poly_b result)
++ result)
+ in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) =
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result
+ in
+- [@ inline_let]
+- let inv = fun (acc:t_PolynomialRingElement_b (64 * v v_K * 3328)) (i:usize) ->
+- (v i <= 256) /\
+- (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in
+- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) =
+- Rust_primitives.Iterators.foldi_range #_ #_ #inv {
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+- result
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ result
+ (fun result i ->
+- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
+- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
+- result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+- (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
+- let resulti : i32_b 3328 =
+- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +!
+- (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32)
+- <:
+- i32) +!
+- (message.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32)
+- <:
+- i32)
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ let i:usize = i in
++ let coefficient_normal_form:i32 =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
+ <:
+- i32) in
+- let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in
+- let result =
++ i32) *!
++ 1441l
++ <:
++ i32)
++ in
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ result with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i resulti
++ i
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +!
++ (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32)
++ <:
++ i32) +!
++ (message.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32)
++ <:
++ i32)
++ <:
++ i32)
+ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ result)
+ in
+- admit(); //P-F
+ result
+-#pop-options
+
+-#push-options "--ifuel 0 --z3rlimit 300"
+ let compute_vector_u
+ (v_K: usize)
+- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
+- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
+- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Hax.repeat wfZero v_K
+- in
+- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in
+- [@ inline_let]
+- let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) ->
+- (v i <= v v_K) /\
+- (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero)
+- in
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K =
+- Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #acc_t #inv0
+- a_as_ntt
++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K
++ in
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt
++ <:
++ t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Slice.Iter.t_Iter
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)))
+ result
+ (fun result temp_1_ ->
+- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = result in
+- let orig_result = result in
+- let orig_result_cast = (cast_vector_b #v_K #3328 #(64 * v v_K * 3328) orig_result) in
+- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in
++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) =
+ temp_1_
+ in
+- [@ inline_let]
+- let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) (inner:usize) ->
+- (v inner <= v v_K) /\
+- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) (v inner * 3328))
+- in
+- assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0);
+- assert(inv1 orig_result_cast (sz 0));
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K =
+- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) #inv1
+- row
+- orig_result_cast
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter (Rust_primitives.unsize row
++ <:
++ t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ <:
++ Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate
++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))
++ result
+ (fun result temp_1_ ->
+- let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ result
++ in
++ let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ temp_1_
+ in
+- let resulti = down_cast_poly_b #(64 * v v_K * 3328) #(v j * 3328) result.[i] in
+- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Ntt.ntt_multiply a_element
+- (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) =
+- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K
+- resulti
+- product) in
+- let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(64 * v v_K * 3328) product_sum in
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- product_sum
++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K
++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ product
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+ result)
+ in
+- assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
+- assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
+- let resulti : t_PolynomialRingElement_b (v v_K * 3328) = down_cast_poly_b result.[i] in
+- let result =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+- (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K resulti)
+- in
+- [@ inline_let]
+- let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) (inner:usize) ->
+- (v inner <= 256) /\
+- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\
+- (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] 3328))
+- // And all indexes above v inner are unchanged from result1
+- in
+- assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
+- assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]);
+- assert (inv2 result (sz 0));
+- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K =
+- Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) #inv2 {
+- Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+- }
++ (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K
++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ in
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
++ Core.Ops.Range.f_start = sz 0;
++ Core.Ops.Range.f_end
++ =
++ Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ result
+ (fun result j ->
+- let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = result in
+- let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) in
+- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) =
+- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce
+- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441
+- (resulti <: t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in
+- let resultij: i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce
+- (add_i32_b coefficient_normal_form ((error_1_.[ i ]
+- <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]))) in
+- let result =
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
++ result
++ in
++ let j:usize = j in
++ let coefficient_normal_form:i32 =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (((result.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
++ <:
++ i32) *!
++ 1441l
++ <:
++ i32)
++ in
++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result
+ i
+ ({
+- resulti with
++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (resulti
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- (cast_i32_b #3328 #(64 * v v_K * 3328) resultij)
+- }) in
+- result)
+- in
+- let result: t_Array wfPolynomialRingElement v_K =
+- down_cast_vector_b #v_K #(64 * v v_K * 3328) #3328 result in
+- assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]);
+- assume (inv0 result (i +! sz 1));
+- result)
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +!
++ ((error_1_.[ i ]
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ t_Array i32 (sz 256)
++ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ in
++ result))
+ in
+- admit(); //P-F
+ result
+-#pop-options
+
+ let sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) =
+- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
+- Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat wfZero v_K) v_K
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
++ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ v_K
++ <:
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ v_K
+ in
+- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = v_K
+@@ -426,7 +440,7 @@
+ v_A_transpose
+ (fun v_A_transpose i ->
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+ v_A_transpose
+ in
+ let i:usize = i in
+@@ -451,7 +465,7 @@
+ <:
+ t_Array u8 (sz 34))
+ (sz 32)
+- (cast (i <: usize) <: u8)
++ (classify (cast (i <: usize) <: pub_u8))
+ <:
+ t_Array u8 (sz 34))
+ in
+@@ -462,7 +476,7 @@
+ <:
+ t_Array u8 (sz 34))
+ (sz 33)
+- (cast (j <: usize) <: u8)
++ (classify (cast (j <: usize) <: pub_u8))
+ <:
+ t_Array u8 (sz 34))
+ in
+@@ -482,11 +496,11 @@
+ v_A_transpose
+ (fun v_A_transpose j ->
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+ v_A_transpose
+ in
+ let j:usize = j in
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ]
+ <:
+ t_Array u8 (sz 840))
+@@ -494,34 +508,33 @@
+ if transpose
+ then
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+ j
+ (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j
+ ]
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ i
+ sampled
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ in
+ v_A_transpose
+ else
+ let v_A_transpose:t_Array
+- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K =
++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose
+ i
+ (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i
+ ]
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ j
+ sampled
+ <:
+- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
+ in
+ v_A_transpose))
+ in
+- admit(); //P-F
+ v_A_transpose
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.842759714 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.906757837 +0100
+@@ -3,71 +3,39 @@
+ open Core
+ open FStar.Mul
+
+-
+-val compute_As_plus_e (#p:Spec.Kyber.params)
++val compute_As_plus_e
+ (v_K: usize)
+- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
+- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires (v_K == p.v_RANK))
+- (ensures fun res ->
+- let open Libcrux.Kem.Kyber.Arithmetic in
+- v_K == p.v_RANK /\
+- to_spec_vector_b #p res =
+- Spec.Kyber.compute_As_plus_e #p
+- (to_spec_matrix_b #p matrix_A)
+- (to_spec_vector_b #p s_as_ntt)
+- (to_spec_vector_b #p error_as_ntt))
+-
++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val compute_message (#p:Spec.Kyber.params)
++val compute_message
+ (v_K: usize)
+- (poly_v: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires (v_K == p.v_RANK))
+- (ensures (fun res ->
+- let secret_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p secret_as_ntt in
+- let u_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p u_as_ntt in
+- let v_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b poly_v in
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res ==
+- Spec.Kyber.(poly_sub v_spec (poly_inv_ntt #p (vector_dot_product secret_spec u_spec)))))
++ (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-// TODO: error_2_ changed from `t_PolynomialRingElement_b 3` to `t_PolynomialRingElement_b 7`
+-val compute_ring_element_v (#p:Spec.Kyber.params)
++val compute_ring_element_v
+ (v_K: usize)
+- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (error_2_: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7)
+- (message: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires (v_K == p.v_RANK))
+- (ensures fun res ->
+- let tt_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt in
+- let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in
+- let e2_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b error_2_ in
+- let m_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b message in
+- let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res in
+- res_spec == Spec.Kyber.(poly_add (poly_add (vector_dot_product tt_spec r_spec) e2_spec) m_spec))
++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val compute_vector_u (#p:Spec.Kyber.params)
++val compute_vector_u
+ (v_K: usize)
+- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
+- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)
+- (requires (v_K == p.v_RANK))
+- (ensures fun res ->
+- let a_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p a_as_ntt in
+- let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in
+- let e_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p error_1_ in
+- let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res in
+- res_spec == Spec.Kyber.(vector_add (vector_inv_ntt (matrix_vector_mul a_spec r_spec)) e_spec))
+-
+-
+-
+-val sample_matrix_A (#p:Spec.Kyber.params) (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool)
+- : Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K)
+- (requires (v_K == p.v_RANK))
+- (ensures fun res ->
+- let matrix_A = Spec.Kyber.sample_matrix_A #p (Seq.slice seed 0 32) in
+- if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A
+- else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A)
++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool)
++ : Prims.Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.827760154 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.892758248 +0100
+@@ -1,130 +1,56 @@
+ module Libcrux.Kem.Kyber.Ntt
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-
+-let v_ZETAS_TIMES_MONTGOMERY_R =
+- let list : list (i32_b 1664) =
+- [
+- (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l;
+- 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l);
+- (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l;
+- (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l;
+- 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l;
+- (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l;
+- 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l;
+- (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l);
+- (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l;
+- (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l);
+- (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l
+- ]
+- in
+- FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128);
+- FStar.Pervasives.assert_norm (List.Tot.index list 1 == -758l);
+- Seq.of_list list
+-
+-open Libcrux.Kem.Kyber.Arithmetic
+-
+-#push-options "--z3rlimit 50"
+-let ntt_multiply_binomials (a0,a1) (b0,b1) zeta =
+- let r0 = montgomery_reduce (mul_i32_b a1 b1) in
+- let res =
+- montgomery_reduce (add_i32_b (mul_i32_b a0 b0) (mul_i32_b r0 zeta)),
+- montgomery_reduce (add_i32_b (mul_i32_b a0 b1) (mul_i32_b a1 b0)) in
+- res
+-#pop-options
+-
+-val mul_zeta_red (#v_K:usize{v v_K >= 1 /\ v v_K <= 4})
+- (#b:nat{b <= v v_K * 3328 * 64})
+- (zeta_i:usize{v zeta_i > 0 /\ v zeta_i <= 128} )
+- (layer:usize{v layer > 0 /\
+- v layer <= 7 /\
+- v zeta_i == pow2 (8 - v layer) /\
+- b == v v_K * 3328 * pow2(v layer - 1)})
+- (x:i32_b (2*b))
+- (i:usize{v i < 128 / pow2 (v layer)}) :
+- i32_b (2*b)
+-let mul_zeta_red #v_K #b zeta_i layer x i =
+- let zeta_i = zeta_i -! sz 1 -! i in
+- let zeta:i32_b 1664 = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in
+- if layer <=. sz 6 then (
+- assert (b <= 4 * 3328 * 32);
+- assert (2*b*1664 < pow2 31);
+- let product:i32_b (2 * b * 1664) = mul_i32_b x zeta in
+- let res = montgomery_reduce product in
+- res
+- ) else (
+- assert (v i < 1);
+- assert (zeta_i = sz 1);
+- assert (zeta = -758l);
+- let zeta:i32_b 758 = zeta in
+- let product:i32_b (2 * b * 758) = mul_i32_b x zeta in
+- let res = montgomery_reduce product in
+- res
+- )
+-
+-
+-val lemma_zeta_decr: orig:usize -> fin:usize -> layer:usize{v layer <= 7} ->
+- Lemma (v fin == v orig - 128/(pow2 (v layer)) /\
+- v orig == pow2 (8 - v layer) ==>
+- v fin == pow2 (7 - v layer))
+-let lemma_zeta_decr orig fin layer = ()
+-
+-#push-options "--ifuel 0 --z3rlimit 1200"
+-let invert_ntt_at_layer #v_K #b zeta_i re layer =
++let ntt_multiply_binomials (a0, a1: (i32 & i32)) (b0, b1: (i32 & i32)) (zeta: i32) =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b0 <: i32) +!
++ ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b1 <: i32) <: i32) *! zeta <: i32)
++ <:
++ i32),
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b1 <: i32) +! (a1 *! b0 <: i32) <: i32)
++ <:
++ (i32 & i32)
++
++let invert_ntt_at_layer
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ =
+ let step:usize = sz 1 < 0);
+- assert (v step == pow2 (v layer));
+- let orig_re = re in
+- let orig_zeta_i = zeta_i in
+- [@ inline_let]
+- let inv = fun (acc:t_PolynomialRingElement_b (2*b) & usize) (i:usize) ->
+- let (re,zeta_i) = acc in
+- v zeta_i == v orig_zeta_i - v i /\
+- (forall k. (v k >= 2 * v i * v step (* + 2 * v step *)) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k])
+- in
+- let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) =
+- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (2*b) & usize) #inv {
++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = sz 128 /! step
++ Core.Ops.Range.f_end = sz 128 >>! layer <: usize
+ }
+- (cast_poly_b #b #(2*b) re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize))
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ (fun temp_0_ round ->
+- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = temp_0_ in
++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in
+ let round:usize = round in
+- let orig_re_round = re in
+ let zeta_i:usize = zeta_i -! sz 1 in
+- assert(v round * v step < 128);
+- assert(v round * v step + v step <= 128);
+- assert(v round * v step * 2 <= 254);
+- assert(v round * v step * 2 + 2 * v step <= 256);
+- let offset:usize = (round *! step) *! sz 2 in
+- assert (v offset + 2 * v step <= 256);
+- assert (v offset + v step <= 256);
+- assert (forall k. v k >= v offset ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
+- [@ inline_let]
+- let inv = fun (acc:t_PolynomialRingElement_b (2 * b)) (i:usize) ->
+- (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\
+- (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k])
+- in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) =
+- Rust_primitives.Iterators.foldi_range #_ #_ #inv {
++ let offset:usize = (round *! step <: usize) *! sz 2 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = offset;
+ Core.Ops.Range.f_end = offset +! step <: usize
+- }
++ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = re in
+- assert (re.f_coefficients.[j] == orig_re_round.f_coefficients.[j]);
+- assert (re.f_coefficients.[j +! step] == orig_re_round.f_coefficients.[j +! step]);
+- assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]);
+- assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]);
+- let re_j:i32_b b = orig_re.f_coefficients.[j] in
+- let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let j:usize = j in
+- let a_minus_b:i32_b (2*b) = sub_i32_b re_j_step re_j in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) =
++ let a_minus_b:i32 =
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] <: i32) -!
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32)
++ in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -132,13 +58,17 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- (add_i32_b re_j re_j_step)
++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +!
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ]
++ <:
++ i32)
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let red = mul_zeta_red #v_K #b orig_zeta_i layer a_minus_b round in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -146,69 +76,74 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! step <: usize)
+- red
++ (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *!
++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32)
++ <:
++ i32)
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+- re, zeta_i <: t_PolynomialRingElement_b (2*b) & usize)
++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = re in
+- lemma_zeta_decr orig_zeta_i zeta_i layer;
+- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b))
+-#pop-options
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+
+-#push-options "--z3rlimit 500"
+-let invert_ntt_montgomery v_K re =
++let invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ let _:Prims.unit = () <: Prims.unit in
+- let b = v v_K * 3328 in
+- assert (v v_K <= 4);
+- assert (b <= 4 * 3328);
+ let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in
+- assert (v zeta_i == pow2 (8 - 1));
+- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) =
+- invert_ntt_at_layer #v_K #b zeta_i re (sz 1)
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 1)
+ in
+ let zeta_i:usize = tmp0 in
+- let hoist1 = out in
+- let re = hoist1 in
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (4*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 2)
++ let hoist1:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist1 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 2)
+ in
+ let zeta_i:usize = tmp0 in
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 3)
++ let hoist2:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist2 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 3)
+ in
+ let zeta_i:usize = tmp0 in
+- assert (8*b = v v_K * 3328 * pow2 (4 - 1));
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (16*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 4)
++ let hoist3:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist3 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 4)
+ in
+ let zeta_i:usize = tmp0 in
+- assert (16*b == v v_K * 3328 * pow2 (5 - 1));
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (32*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 5)
++ let hoist4:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist4 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 5)
+ in
+ let zeta_i:usize = tmp0 in
+- assert (32*b = v v_K * 3328 * pow2 (6 - 1));
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 6)
++ let hoist5:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist5 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 6)
+ in
+ let zeta_i:usize = tmp0 in
+- assert (64*b = v v_K * 3328 * pow2 (7 - 1));
+- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b)) =
+- invert_ntt_at_layer #v_K zeta_i re (sz 7)
++ let hoist6:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist6 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ invert_ntt_at_layer zeta_i re (sz 7)
+ in
+ let zeta_i:usize = tmp0 in
++ let hoist7:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist7 in
+ let _:Prims.unit = () <: Prims.unit in
+ let _:Prims.unit = () <: Prims.unit in
+- admit();
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+- Core.Ops.Range.f_end = sz 8
++ Core.Ops.Range.f_end = sz 2
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+@@ -216,7 +151,7 @@
+ Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b) = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let i:usize = i in
+ {
+ re with
+@@ -235,84 +170,52 @@
+ t_Array i32 (sz 256)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b))
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- re
+-#pop-options
+-
+-#push-options "--z3rlimit 500"
+-val mul_zeta_red2 (#b:nat{b <= 31175})
+- (zeta_i:usize{v zeta_i >= 0 /\ v zeta_i <= 63} )
+- (layer:usize{v layer > 0 /\
+- v layer <= 7 /\
+- v zeta_i == pow2 (7 - v layer) - 1})
+- (x:i32_b b)
+- (i:usize{v i < 128/(pow2 (v layer))})
+- : i32_b 3328
+-let mul_zeta_red2 #b zeta_i layer x i =
+- let zeta_i = zeta_i +! sz 1 +! i in
+- let zeta = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in
+- assert (b * 1664 < 65536 * 3328);
+- let red = Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer #(3328+b) #1664 x
+- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) in
+- red
+-#pop-options
++ re
+
+-#push-options "--ifuel 0 --z3rlimit 5000"
+-let ntt_at_layer #b zeta_i re layer initial_coefficient_bound =
+- let step = sz 1 <
+- let (re,zeta_i) = acc in
+- v zeta_i == v orig_zeta_i + v i /\
+- (forall k. v k >= 2 * v i * v step ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k])
+- in
+- let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) =
+- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (3328+b) & usize) #inv {
++let ntt_at_layer
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer initial_coefficient_bound: usize)
++ =
++ let step:usize = sz 1 <>! layer <: usize
+ }
+- (cast_poly_b #b #(3328+b) re, zeta_i)
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
++ (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ (fun temp_0_ round ->
+- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = temp_0_ in
++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in
+ let round:usize = round in
+ let zeta_i:usize = zeta_i +! sz 1 in
+- assert(v round * v step < 128);
+- assert(v round * v step + v step <= 128);
+- assert(v round * v step * 2 <= 254);
+- assert(v round * v step * 2 + 2 * v step <= 256);
+- let offset:usize = (round *! step) *! sz 2 in
+- assert (v offset + 2 * v step <= 256);
+- assert (v offset + v step <= 256);
+- [@ inline_let]
+- let inv: t_PolynomialRingElement_b (3328+b) -> int_t usize_inttype -> Type0 =
+- fun (acc:t_PolynomialRingElement_b (3328+b)) (i:usize) ->
+- (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\
+- (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k])
+- in
+- assert (forall k. (v k >= v offset /\ v k < v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
+- assert (forall k. (v k >= v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]);
+- assert (inv re offset);
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+ b) =
+- Rust_primitives.Iterators.foldi_range #usize_inttype #(t_PolynomialRingElement_b (3328+b)) #inv {
++ let offset:usize = (round *! step <: usize) *! sz 2 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = offset;
+ Core.Ops.Range.f_end = offset +! step <: usize
+- }
++ }
++ <:
++ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let j:usize = j in
+- assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]);
+- assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]);
+- let re_j:i32_b b = orig_re.f_coefficients.[j] in
+- let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in
+- let t:i32_b 3328 = mul_zeta_red2 #b orig_zeta_i layer
+- re_j_step round in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) =
++ let t:i32 =
++ Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer (re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ]
++ <:
++ i32)
++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32)
++ in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -320,12 +223,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! step <: usize)
+- (sub_i32_b #b #3328 re_j_step t)
++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -333,70 +236,64 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- (add_i32_b #b #3328 re_j t)
++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize))
++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in
+- assert (v zeta_i = v orig_zeta_i + 128/v step);
+- assert (v zeta_i = v orig_zeta_i + pow2(7 - v layer));
+- assert (v zeta_i = pow2(8 - v layer) - 1);
+- zeta_i, hax_temp_output
+-#pop-options
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+
+-let ntt_at_layer_3_ #b zeta_i re layer =
+- let tmp0, out =
+- ntt_at_layer zeta_i re layer (sz 7879)
++let ntt_at_layer_3_
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ =
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
++ ntt_at_layer zeta_i re layer (sz 3)
+ in
+ let zeta_i:usize = tmp0 in
+- let hax_temp_output = out in
+- zeta_i, hax_temp_output
+-
+-let ntt_at_layer_3328_ zeta_i re layer =
+- let tmp0, out =
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++
++let ntt_at_layer_3328_
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ =
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer zeta_i re layer (sz 3328)
+ in
+ let zeta_i:usize = tmp0 in
+- let hax_temp_output = out in
+- zeta_i, hax_temp_output
++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+
+-#push-options "--ifuel 0 --z3rlimit 1500"
+-#restart-solver
+-let ntt_binomially_sampled_ring_element re =
++let ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ let _:Prims.unit = () <: Prims.unit in
+ let zeta_i:usize = sz 1 in
+- [@ inline_let]
+- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207)) (i:usize) ->
+- (v i <= 128) /\
+- (forall (j:usize). (v j >= v i /\ v j < 128) ==>
+- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) /\
+- (forall (j:usize). (v j >= v i + 128 /\ v j < 256) ==>
+- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7)
+- in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in
+- assert (inv re (sz 0));
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 =
+- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207) #inv ({
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = sz 128
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+- (cast_poly_b re)
++ <:
++ Core.Ops.Range.t_Range usize)
++ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let j:usize = j in
+- let t:i32_b (7*1600) =
+- mul_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ])
+- (-1600l <: i32_b 1600)
++ let t:i32 =
++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ] <: i32) *!
++ (-1600l)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -404,10 +301,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (j +! sz 128 <: usize)
+- (sub_i32_b #7 #11200 (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32_b 7) t)
++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32)
+ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -415,76 +314,90 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ j
+- (add_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) t)
++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32)
+ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- assert (v zeta_i = pow2 (7 - 6) - 1);
+- let zeta_i, re =
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 6)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist8:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist8 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 5)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist9:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist9 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 4)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist10:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist10 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 3)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist11:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist11 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 2)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist12:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist12 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3_ zeta_i re (sz 1)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in
+- [@ inline_let]
+- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207))) (i:usize) ->
+- (v i <= 256) /\
+- (forall (j:usize). (v j < v i) ==>
+- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)).f_coefficients.[j] 3328)
+- in
+- assert (inv re (sz 0));
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) =
+- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)) #inv ({
++ let zeta_i:usize = tmp0 in
++ let hoist13:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist13 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in
+- let rei:i32_b (v v_BARRETT_R) = cast_i32_b #(6*3328+11207) #(v v_BARRETT_R) (re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]) in
+- let rei: i32_b (6*3328+11207) = cast_i32_b #3328 #(6*3328+11207) (
+- Libcrux.Kem.Kyber.Arithmetic.barrett_reduce rei) in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let i:usize = i in
+- let re_coeffs:t_Array (i32_b (6*3328+11207)) (sz 256) =
+- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- i rei in
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+- = re_coeffs
+- })
++ =
++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ i
++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ t_Array i32 (sz 256)
++ }
++ <:
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = down_cast_poly_b #(6*3328+11207) #3328 re in
+- re
+-#pop-options
+-
++ re
+
+-#push-options "--z3rlimit 100"
+-let ntt_multiply lhs rhs =
++let ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ let _:Prims.unit = () <: Prims.unit in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 1 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end
+@@ -495,31 +408,34 @@
+ Core.Ops.Range.t_Range usize)
+ <:
+ Core.Ops.Range.t_Range usize)
+- (cast_poly_b out)
++ out
+ (fun out i ->
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = out in
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
+ let i:usize = i in
+- assert (v i * 4 + 4 <= 256);
+- let product =
++ let product:(i32 & i32) =
+ ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i
+ <:
+ usize ]
+ <:
+- i32_b 3328),
++ i32),
+ (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1
+ <:
+ usize ]
+ <:
+- i32_b 3328))
+- ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32_b 3328),
++ i32)
++ <:
++ (i32 & i32))
++ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32),
+ (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1
+ <:
+ usize ]
+ <:
+- i32_b 3328))
+- (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32_b 1664)
++ i32)
++ <:
++ (i32 & i32))
++ (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32)
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -530,9 +446,9 @@
+ product._1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -543,29 +459,41 @@
+ product._2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let product =
++ let product:(i32 & i32) =
+ ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i
+ <:
+ usize) +!
+ sz 2
+ <:
+- usize ]),
++ usize ]
++ <:
++ i32),
+ (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3
+ <:
+- usize ]))
+-
++ usize ]
++ <:
++ i32)
++ <:
++ (i32 & i32))
+ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 2
+ <:
+- usize ]),
++ usize ]
++ <:
++ i32),
+ (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3
+ <:
+- usize ]))
+- (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ]) <: i32_b 1664)
+-
++ usize ]
++ <:
++ i32)
++ <:
++ (i32 & i32))
++ (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32)
++ <:
++ i32)
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -576,9 +504,9 @@
+ product._1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -589,55 +517,72 @@
+ product._2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ out)
+ in
+ out
+-#pop-options
+
+-#push-options "--ifuel 0 --z3rlimit 200"
+-let ntt_vector_u v_VECTOR_U_COMPRESSION_FACTOR re =
++let ntt_vector_u
++ (v_VECTOR_U_COMPRESSION_FACTOR: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let _:Prims.unit = () <: Prims.unit in
+ let zeta_i:usize = sz 0 in
+- let zeta_i, re =
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 7)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist14:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist14 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 6)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist15:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist15 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 5)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist16:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist16 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 4)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist17:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist17 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 3)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist18:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist18 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 2)
+ in
+- let zeta_i, re =
++ let zeta_i:usize = tmp0 in
++ let hoist19:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist19 in
++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ ntt_at_layer_3328_ zeta_i re (sz 1)
+ in
+- [@ inline_let]
+- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))) (i:usize) ->
+- (v i <= 256) /\
+- (forall (j:usize). (v j < v i) ==>
+- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)).f_coefficients.[j] 3328)
+- in
+- assert (inv re (sz 0));
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) =
+- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) #inv ({
++ let zeta_i:usize = tmp0 in
++ let hoist20:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist20 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
++ <:
++ Core.Ops.Range.t_Range usize)
+ re
+ (fun re i ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let i:usize = i in
+ {
+ re with
+@@ -647,10 +592,15 @@
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ i
+ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re
+- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]))
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32)
++ <:
++ i32)
++ <:
++ t_Array i32 (sz 256)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- down_cast_poly_b #(8*3328) #3328 re
+-#pop-options
++ re
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.811760624 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.915757574 +0100
+@@ -2,80 +2,224 @@
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+-open Libcrux.Kem.Kyber.Arithmetic
+
+-val v_ZETAS_TIMES_MONTGOMERY_R: x:t_Array (i32_b 1664) (sz 128){v (x.[sz 1] <: i32) == -758}
++let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 128) =
++ let list =
++ [
++ (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l;
++ 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l);
++ (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l;
++ (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l;
++ 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l;
++ (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l;
++ 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l;
++ (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l);
++ (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l;
++ (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l);
++ (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l
++ ]
++ in
++ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128);
++ Rust_primitives.Hax.array_of_list list
++
++val ntt_multiply_binomials: (i32 & i32) -> (i32 & i32) -> zeta: i32
++ -> Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
++
++val invert_ntt_at_layer
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val ntt_multiply_binomials (a:wfFieldElement&wfFieldElement) (b: wfFieldElement&wfFieldElement) (zeta: i32_b 1664) :
+- Pure (wfFieldElement & wfFieldElement)
+- (requires True)
+- (ensures (fun _ -> True))
+-
+-val invert_ntt_at_layer (#v_K:usize{v v_K >= 1 /\ v v_K <= 4})
+- (#b:nat{b <= v v_K * 3328 * 64})
+- (zeta_i: usize{v zeta_i >= 1 /\ v zeta_i <= 128})
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
+- (layer: usize{v layer > 0 /\
+- v layer <= 7 /\
+- v zeta_i == pow2 (8 - v layer) /\
+- b == v v_K * 3328 * pow2(v layer - 1)})
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b))
++val ntt_at_layer
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer initial_coefficient_bound: usize)
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ Prims.l_True
+- (fun x -> let (zeta_fin,re) = x in v zeta_fin == pow2 (7 - v layer))
++ (fun _ -> Prims.l_True)
+
+-val invert_ntt_montgomery (v_K: usize{v v_K >= 1 /\ v v_K <= 4})
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328))
+- : Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)
+-
+-val ntt_at_layer
+- (#b:nat{b <= 31175})
+- (zeta_i: usize{v zeta_i < 128})
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
+- (layer: usize{v layer > 0 /\
+- v layer <= 7 /\
+- v zeta_i == pow2 (7 - v layer) - 1})
+- (initial_coefficient_bound: usize{b == (7 - v layer) * 3328 + v initial_coefficient_bound})
+- : Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
+- (requires True)
+- (ensures fun (zeta_i, result) -> v zeta_i == pow2 (8 - v layer) - 1)
+-
+-val ntt_at_layer_3_ (#b:nat)
+- (zeta_i: usize{v zeta_i < 128})
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
+- (layer: usize{v layer > 0 /\
+- v layer <= 6 /\
+- v zeta_i == pow2 (7 - v layer) - 1 /\
+- b == (6 - v layer) * 3328 + 11207})
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
++val ntt_at_layer_3_
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ Prims.l_True
+- (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1)
++ (fun _ -> Prims.l_True)
+
+-val ntt_at_layer_3328_ (#b:nat{b <= 7*3328})
+- (zeta_i: usize{v zeta_i < 128})
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b)
+- (layer: usize{v layer > 0 /\
+- v layer <= 7 /\
+- v zeta_i == pow2 (7 - v layer) - 1 /\
+- b == (7 - v layer) * 3328 + 3328})
+- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b))
++val ntt_at_layer_3328_
++ (zeta_i: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ (layer: usize)
++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ Prims.l_True
+- (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1)
++ (fun _ -> Prims.l_True)
++
++val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ (requires
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32)
++ <:
++ i32) <=.
++ 3l
++ <:
++ bool)
++ <:
++ bool))
++ (ensures
++ fun result ->
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
++ i ]
++ <:
++ i32)
++ <:
++ i32) <
++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ bool)
++ <:
++ bool))
++
++val ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ (requires
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ let lhs_i = (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) in
++ (lhs_i >=. 0l <: bool) &&
++ (lhs_i <. 4096l <: bool
++ ) &&
++ (v (Core.Num.impl__i32__abs (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32)
++ <:
++ i32) <=
++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ bool))
++ <:
++ bool))
++ (ensures
++ fun result ->
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
++ i ]
++ <:
++ i32)
++ <:
++ i32) <=
++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ bool)
++ <:
++ bool))
+
+-val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7)
+- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires True)
+- (ensures (fun _ -> True))
+-
+-val ntt_multiply (lhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
+- (rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
+- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
+- (requires True)
+- (ensures (fun _ -> True))
+-
+ val ntt_vector_u
+ (v_VECTOR_U_COMPRESSION_FACTOR: usize)
+- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328)
+- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires True)
+- (ensures fun _ -> True)
+-
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ (requires
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]
++ <:
++ i32)
++ <:
++ i32) <=.
++ 3328l
++ <:
++ bool)
++ <:
++ bool))
++ (ensures
++ fun result ->
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
++ i ]
++ <:
++ i32)
++ <:
++ i32) <
++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS
++ <:
++ bool)
++ <:
++ bool))
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.849759509 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.862759128 +0100
+@@ -3,34 +3,27 @@
+ open Core
+ open FStar.Mul
+
+-let rejection_sampling_panic_with_diagnostic () : Prims.unit =
+- admit(); // This should never be reachable
++let rejection_sampling_panic_with_diagnostic (_: Prims.unit) =
+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic"
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-#push-options "--ifuel 0 --z3rlimit 100"
+ let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) =
+- let sampled: t_PolynomialRingElement_b 3 =
+- cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+-
+- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+- let sl : t_Slice u8 = randomness in
+- let chunk_len = sz 4 in
+- assert (v (length sl) == 128);
+- assert (Seq.length sl == 128);
+- assert_norm (128 % 4 == 0);
+- let sampled =
+- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
+- sl
+- chunk_len
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ sampled
+ (fun sampled temp_1_ ->
+- let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in
+- assert(chunk_number <. sz 32);
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
++ let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in
+ let (random_bits_as_u32: u32):u32 =
+ (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |.
+ ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in
+- logand_lemma (random_bits_as_u32 >>! 1l <: u32) 1431655765ul;
+- assert(odd_bits <=. 1431655765ul);
+ let coin_toss_outcomes:u32 = even_bits +! odd_bits in
+- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in
+- [@ inline_let]
+- let inv : acc_t -> u32 -> Type = fun acc i -> True in
+- Rust_primitives.Iterators.foldi_range_step_by #u32_inttype #(acc_t) #inv ({
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by
++ ({
+ Core.Ops.Range.f_start = 0ul;
+ Core.Ops.Range.f_end = Core.Num.impl__u32__BITS
+- }
+- <:
+- Core.Ops.Range.t_Range u32)
+- (sz 4)
++ }
++ <:
++ Core.Ops.Range.t_Range pub_u32)
++ (sz 4)
++ <:
++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_u32))
++ <:
++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_u32))
+ sampled
+ (fun sampled outcome_set ->
+- let outcome_set:u32 = outcome_set in
+- assert (v outcome_set + 4 <= 32);
+- let out_1 = ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
++ let outcome_set:pub_u32 = outcome_set in
+ let outcome_1_:i32 =
+- cast out_1 <: i32
++ cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i32
+ in
+- let out_2 = ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) in
+ let outcome_2_:i32 =
+- cast out_2 <: i32
++ cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: pub_u32) <: u32) &. 3ul <: u32)
++ <:
++ i32
+ in
+- logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul;
+- assert (v out_1 >= 0);
+- assert (v out_1 <= 3);
+- assert (v outcome_1_ == v out_1 @% pow2 32);
+- Math.Lemmas.small_modulo_lemma_1 (v out_1) (pow2 32);
+- assert (v outcome_1_ == v out_1);
+- assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3);
+- logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul;
+- assert (v out_2 >= 0);
+- assert (v out_2 <= 3);
+- assert (v outcome_2_ == v out_2 @% pow2 32);
+- Math.Lemmas.small_modulo_lemma_1 (v out_2) (pow2 32);
+- assert (v outcome_2_ == v out_2);
+- assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3);
+- let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in
+- assert (outcome_set <. 32ul);
+- assert (v (outcome_set >>! 2l <: u32) = v outcome_set / 4);
+- assert (v (outcome_set >>! 2l <: u32) < 8);
+- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 32);
+- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 64);
+- assert (v offset < 8);
+- assert (8 * v chunk_number + 8 <= 256);
+- assert (8 * v chunk_number + v offset < 256);
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 =
++ let offset:usize = cast (outcome_set >>! 2l <: pub_u32) <: usize in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ sampled with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -104,36 +73,29 @@
+ (outcome_1_ -! outcome_2_ <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ sampled))
+- in
+- let _:Prims.unit = () <: Prims.unit in
+- admit(); // P-F
+- sampled
+-#pop-options
++ in
++ let _:Prims.unit = () <: Prims.unit in
++ sampled
+
+-#push-options "--ifuel 0 --z3rlimit 200"
+ let sample_from_binomial_distribution_3_ (randomness: t_Slice u8) =
+- let sampled:t_PolynomialRingElement_b 7 =
+- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO)
++ let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) (i:usize) -> True in
+- let sl : t_Slice u8 = randomness in
+- let chunk_len = sz 3 in
+- assert (v (length sl) == 192);
+- assert (Seq.length sl == 192);
+- assert_norm (192 % 3 == 0);
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
+- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv
+- sl
+- chunk_len
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ sampled
+ (fun sampled temp_1_ ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in
+- let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
++ let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in
+ let (random_bits_as_u24: u32):u32 =
+ ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |.
+ ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in
+- logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul;
+- assert (second_bits <=. 2396745ul);
+ let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in
+- logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul;
+- assert (third_bits <=. 2396745ul);
+ let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in
+- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in
+- [@ inline_let]
+- let inv : acc_t -> i32 -> Type = fun acc i -> True in
+- Rust_primitives.Iterators.foldi_range_step_by #i32_inttype #(acc_t) #inv ({
+- Core.Ops.Range.f_start = 0l;
+- Core.Ops.Range.f_end = 24l
+- }
+- <:
+- Core.Ops.Range.t_Range i32)
+- (sz 6)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by
++ ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l }
++ <:
++ Core.Ops.Range.t_Range pub_i32)
++ (sz 6)
++ <:
++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_i32))
++ <:
++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_i32))
+ sampled
+ (fun sampled outcome_set ->
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in
+- let outcome_set:i32 = outcome_set in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in
++ let outcome_set:pub_i32 = outcome_set in
+ let outcome_1_:i32 =
+- cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i32
++ cast ((coin_toss_outcomes >>! outcome_set <: pub_u32) &. 7ul <: u32) <: i32
+ in
+ let outcome_2_:i32 =
+- cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32)
++ cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: pub_i32) <: u32) &. 7ul <: u32)
+ <:
+ i32
+ in
+- logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul;
+- Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32)) (pow2 32);
+- assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7);
+- logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul;
+- Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32)) (pow2 32);
+- assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7);
+- let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in
+- assert (outcome_set <. 24l);
+- assert (v (outcome_set /! 6l <: i32) = v outcome_set / 6);
+- assert (v (outcome_set /! 6l <: i32) < 4);
+- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 32);
+- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 64);
+- assert (v offset < 4);
+- assert (4 * v chunk_number + 4 <= 256);
+- assert (4 * v chunk_number + v offset < 256);
+- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 =
++ let offset:usize = cast (outcome_set /! 6l <: pub_i32) <: usize in
++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ sampled with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -199,19 +140,16 @@
+ (outcome_1_ -! outcome_2_ <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ sampled))
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- admit();
+ sampled
+-#pop-options
+
+ let sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- Rust_primitives.Integers.mk_int_equiv_lemma #u32_inttype (v v_ETA);
+- match cast (v_ETA <: usize) <: u32 with
++ match cast (v_ETA <: usize) <: pub_u32 with
+ | 2ul -> sample_from_binomial_distribution_2_ randomness
+ | 3ul -> sample_from_binomial_distribution_3_ randomness
+ | _ ->
+@@ -220,62 +158,52 @@
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-#push-options "--z3rlimit 50"
+ let sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) =
+ let (sampled_coefficients: usize):usize = sz 0 in
+- let (out: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ let (out: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+ let done:bool = false in
+- let acc_t = (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) in
+- [@ inline_let]
+- let inv = fun (acc:acc_t) -> True in
+- let sl : t_Slice u8 = randomness in
+- let chunk_len = sz 3 in
+- let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
++ let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
+ usize) =
+- Rust_primitives.Iterators.fold_chunks_exact #u8 #acc_t #inv
+- sl
+- chunk_len
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks (
++ Rust_primitives.unsize randomness <: t_Slice u8)
++ (sz 3)
++ <:
++ Core.Slice.Iter.t_Chunks u8)
++ <:
++ Core.Slice.Iter.t_Chunks u8)
+ (done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize))
++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ (fun temp_0_ bytes ->
+ let done, out, sampled_coefficients:(bool &
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
+ usize) =
+ temp_0_
+ in
+- let bytes:t_Array u8 chunk_len = bytes in
++ let bytes:t_Slice u8 = bytes in
+ if ~.done <: bool
+ then
+ let b1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+ let b2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+ let b3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- assert(v b1 >= 0 /\ v b1 < pow2 8);
+- assert(v b2 >= 0 /\ v b2 < pow2 8);
+- assert(v b3 >= 0 /\ v b3 < pow2 8);
+ let d1:i32 = ((b2 &. 15l <: i32) <= v b1);
+- assert (v d1 >= 0);
+ let d2:i32 = (b3 <>! 4l <: i32) in
+- logor_lemma (b3 <>! 4l <: i32);
+- assert (v d2 >= v b3 * pow2 4);
+- assert (v d2 >= 0);
+- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
+ usize) =
+ if
+- d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
++ // NOTE: We declassify d1 here, and this should be carefully reviewed.
++ // We believe this is safe because d1 is derived from b1 and b2,
++ // both of which are fresh random inputs, not used anywhere else.
++ // The comparison between d1 and 3329 tells the adversary whether d1
++ // is in the field. This is not secret information, since the
++ // failure of this comparison leads to d1 being discarded,
++ declassify d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
+ sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+- let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -286,23 +214,29 @@
+ d1
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ out, sampled_coefficients +! sz 1
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ else
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ in
+- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement &
++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement &
+ usize) =
+ if
+- d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
++ // NOTE: We declassify d2 here, and this should be carefully reviewed.
++ // We believe this is safe because d2 is derived from b2 and b3,
++ // both of which are fresh random inputs, not used anywhere else.
++ // The comparison between d2 and 3329 tells the adversary whether d2
++ // is in the field. This is not secret information, since the
++ // failure of this comparison leads to d2 being discarded,
++ declassify d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &&
+ sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+- let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ out with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -313,31 +247,31 @@
+ d2
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ let sampled_coefficients:usize = sampled_coefficients +! sz 1 in
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ else
+ out, sampled_coefficients
+ <:
+- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ in
+ if sampled_coefficients =. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT
+ then
+ let done:bool = true in
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ else
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)
++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)
+ else
+ done, out, sampled_coefficients
+ <:
+- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize))
++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize))
+ in
+ let _:Prims.unit =
+ if ~.done
+@@ -346,5 +280,4 @@
+ ()
+ in
+ let _:Prims.unit = () <: Prims.unit in
+- out
+-#pop-options
++ out
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.856759304 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.899758043 +0100
+@@ -3,37 +3,77 @@
+ open Core
+ open FStar.Mul
+
+-open Libcrux.Kem.Kyber.Arithmetic
++val rejection_sampling_panic_with_diagnostic: Prims.unit
++ -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True)
+
+ val sample_from_binomial_distribution_2_ (randomness: t_Slice u8)
+- : Prims.Pure (t_PolynomialRingElement_b 3)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize))
+ (ensures
+ fun result ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
+- Spec.Kyber.sample_poly_binomial (sz 2) randomness)
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
++ i ]
++ <:
++ i32)
++ <:
++ i32) <=.
++ 2l
++ <:
++ bool)
++ <:
++ bool))
+
+ val sample_from_binomial_distribution_3_ (randomness: t_Slice u8)
+- : Prims.Pure (t_PolynomialRingElement_b 7)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize))
+ (ensures
+ fun result ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
+- Spec.Kyber.sample_poly_binomial (sz 3) randomness)
++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in
++ Hax_lib.v_forall (fun i ->
++ let i:usize = i in
++ Hax_lib.implies (i <.
++ (Core.Slice.impl__len (Rust_primitives.unsize result
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ <:
++ usize)
++ <:
++ bool)
++ (fun temp_0_ ->
++ let _:Prims.unit = temp_0_ in
++ (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[
++ i ]
++ <:
++ i32)
++ <:
++ i32) <=.
++ 3l
++ <:
++ bool)
++ <:
++ bool))
+
+-val sample_from_binomial_distribution (#p:Spec.Kyber.params)
+- (v_ETA: usize) (randomness: t_Slice u8)
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1))
+- (requires (v_ETA = p.v_ETA1 \/ v_ETA = p.v_ETA2) /\
+- (Core.Slice.impl__len randomness <: usize) =. (v_ETA *! sz 64 <: usize))
+- (ensures
+- fun result ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result ==
+- Spec.Kyber.sample_poly_binomial v_ETA randomness)
++val sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val sample_from_uniform_distribution (randomness: t_Array u8 (sz 840))
+- : Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
+- (requires True)
+- (ensures fun _ -> True)
+-// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0))
+-
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.818760418 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.881758571 +0100
+@@ -1,14 +1,8 @@
+ module Libcrux.Kem.Kyber.Serialize
+-#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3"
++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+
+-open Libcrux.Kem.Kyber.Arithmetic
+-
+-open MkSeq
+-
+-#push-options "--z3rlimit 80"
+-[@@"opaque_to_smt"]
+ let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) =
+ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in
+ let coef2:u8 =
+@@ -25,12 +19,11 @@
+ in
+ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in
+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8)
+-#pop-options
+
+-#push-options "--ifuel 1 --z3rlimit 600 --split_queries always"
+-[@@"opaque_to_smt"]
+ let compress_coefficients_11_
+- coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 =
++ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8:
++ i32)
++ =
+ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in
+ let coef2:u8 =
+ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in
+- coef1, coef2, coef3 <: (u8 & u8 & u8)
+-#pop-options
++ coef1, coef2, coef3 <: (u8 & u8 & u8)
+
+-#push-options "--z3rlimit 60 --split_queries always"
+-[@@"opaque_to_smt"]
+ let compress_coefficients_5_
+- coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8
+- =
++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8:
++ u8)
++ =
+ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 2l <: u8) in
+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8)
+-#pop-options
+
+-#push-options "--z3rlimit 500"
+-[@@"opaque_to_smt"]
+-let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 =
++let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) =
+ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in
+ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in
+ let coefficient4:i32 = (byte5 <>! 6l <: i32) in
+- lemma_get_bit_bounded' coefficient1 10;
+- lemma_get_bit_bounded' coefficient2 10;
+- lemma_get_bit_bounded' coefficient3 10;
+- lemma_get_bit_bounded' coefficient4 10;
+- coefficient1, coefficient2, coefficient3, coefficient4
+-#pop-options
++ coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32)
+
+-#push-options "--z3rlimit 300"
+-[@@"opaque_to_smt"]
+ let decompress_coefficients_11_
+- byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 =
++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32)
++ =
+ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in
+ let coefficient3:i32 =
+@@ -131,14 +109,6 @@
+ in
+ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in
+ let coefficient8:i32 = (byte11 <>! 5l <: i32) in
+- lemma_get_bit_bounded' coefficient1 11;
+- lemma_get_bit_bounded' coefficient2 11;
+- lemma_get_bit_bounded' coefficient3 11;
+- lemma_get_bit_bounded' coefficient4 11;
+- lemma_get_bit_bounded' coefficient5 11;
+- lemma_get_bit_bounded' coefficient6 11;
+- lemma_get_bit_bounded' coefficient7 11;
+- lemma_get_bit_bounded' coefficient8 11;
+ coefficient1,
+ coefficient2,
+ coefficient3,
+@@ -147,21 +117,15 @@
+ coefficient6,
+ coefficient7,
+ coefficient8
+-#pop-options
++ <:
++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
+
+-#push-options "--z3rlimit 50"
+-[@@"opaque_to_smt"]
+-let decompress_coefficients_4_ byte =
++let decompress_coefficients_4_ (byte: u8) =
+ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in
+ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in
+- lemma_get_bit_bounded' coefficient1 4;
+- lemma_get_bit_bounded' coefficient2 4;
+- coefficient1, coefficient2
+-#pop-options
+-
+-#push-options "--z3rlimit 400"
+-[@@"opaque_to_smt"]
+-let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 =
++ coefficient1, coefficient2 <: (i32 & i32)
++
++let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) =
+ let coefficient1:i32 = byte1 &. 31l in
+ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in
+ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in
+@@ -170,14 +134,6 @@
+ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in
+ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in
+ let coefficient8:i32 = byte5 >>! 3l in
+- lemma_get_bit_bounded' coefficient1 5;
+- lemma_get_bit_bounded' coefficient2 5;
+- lemma_get_bit_bounded' coefficient3 5;
+- lemma_get_bit_bounded' coefficient4 5;
+- lemma_get_bit_bounded' coefficient5 5;
+- lemma_get_bit_bounded' coefficient6 5;
+- lemma_get_bit_bounded' coefficient7 5;
+- lemma_get_bit_bounded' coefficient8 5;
+ coefficient1,
+ coefficient2,
+ coefficient3,
+@@ -186,54 +142,31 @@
+ coefficient6,
+ coefficient7,
+ coefficient8
+-#pop-options
+-
+-let cast_bound_lemma
+- #t #u
+- (n: int_t t)
+- (d: num_bits t)
+- : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0)
+- (ensures bounded (cast #(int_t t) #(int_t u) n) d)
+- [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)]
+- = ()
+-
+-#push-options "--z3rlimit 90"
+-[@@"opaque_to_smt"]
+-let int_t_d_cast_lemma #t #u d (n: int_t_d t d)
+- : Lemma (requires bits t < bits u /\ v n >= 0)
+- (ensures bounded (cast #(int_t t) #(int_t u) n) d)
+- [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)]
+- = Math.Lemmas.pow2_double_mult (bits u - 1);
+- Math.Lemmas.small_mod (v n) (modulus u)
+-let mul_in_range (n m: nat)
+- : Lemma
+- (requires n <= 256 /\ m <= 256)
+- (ensures range (n * m) usize_inttype)
+- = Math.Lemmas.pow2_plus 8 8;
+- Math.Lemmas.pow2_le_compat 32 16
+-#pop-options
+-
+-#restart-solver
++ <:
++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
+
+-#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100"
+-[@@"opaque_to_smt"]
+ let compress_then_serialize_10_
+- v_OUT_LEN
+- re
+- =
+- let accT = t_Array u8 v_OUT_LEN in
+- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) ->
+- True
+- in
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 4)
+- (serialized)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 4)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & _) = temp_1_ in
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+ let coefficient1:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32
+@@ -293,96 +226,79 @@
+ serialized)
+ in
+ serialized
+-#pop-options
+
+-#push-options "--fuel 0 --ifuel 0 --z3rlimit 30"
+-[@@"opaque_to_smt"]
+-let update5
+- #n
+- (s: t_Array 't n)
+- (offset: usize {v offset + 5 <= v n})
+- (i0 i1 i2 i3 i4: 't)
+- : s': t_Array 't n {
+- Seq.index s' (v offset + 0) == i0 /\
+- Seq.index s' (v offset + 1) == i1 /\
+- Seq.index s' (v offset + 2) == i2 /\
+- Seq.index s' (v offset + 3) == i3 /\
+- Seq.index s' (v offset + 4) == i4 /\
+- (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i)
+- }
+- = let open Rust_primitives.Hax.Monomorphized_update_at in
+- let s = update_at_usize s offset i0 in
+- let s = update_at_usize s (offset +! sz 1) i1 in
+- let s = update_at_usize s (offset +! sz 2) i2 in
+- let s = update_at_usize s (offset +! sz 3) i3 in
+- let s = update_at_usize s (offset +! sz 4) i4 in
+- s
+-#pop-options
+-
+-#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no"
+ let compress_then_serialize_11_
+- v_OUT_LEN re
+- =
+- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
+- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 8)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 8)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in
+- let coefficient1 =
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ let coefficient1:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient2 =
++ let coefficient2:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient3 =
++ let coefficient3:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient4 =
++ let coefficient4:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient5 =
++ let coefficient5:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient6 =
++ let coefficient6:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient7 =
++ let coefficient7:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32
+ )
+ <:
+ u16)
+ in
+- let coefficient8 =
++ let coefficient8:i32 =
+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32
+ )
+@@ -408,8 +324,6 @@
+ coefficient7
+ coefficient8
+ in
+- assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11);
+- assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype);
+ let serialized:t_Array u8 v_OUT_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 11 *! i <: usize)
+@@ -468,20 +382,29 @@
+ serialized)
+ in
+ serialized
+-#pop-options
+
+-let compress_then_serialize_4_ v_OUT_LEN re =
++let compress_then_serialize_4_
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+- let accT = t_Array u8 v_OUT_LEN in
+- let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
+- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 2)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 2)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+ let coefficient1:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ]
+@@ -516,20 +439,27 @@
+ serialized
+
+ let compress_then_serialize_5_
+- v_OUT_LEN
+- re
+- =
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
+- let accT = t_Array u8 v_OUT_LEN in
+- let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 v_OUT_LEN =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
+- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 8)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 8)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 v_OUT_LEN = serialized in
+- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+ let coefficient1:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ]
+@@ -614,14 +544,6 @@
+ <:
+ u8
+ in
+- let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
+- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ]
+- <:
+- i32)
+- <:
+- u16)
+- <:
+- i32 in
+ let coefficient8:u8 =
+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy
+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ]
+@@ -644,8 +566,6 @@
+ coefficient6
+ coefficient8
+ in
+- assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5);
+- assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype);
+ let serialized:t_Array u8 v_OUT_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 5 *! i <: usize)
+@@ -675,24 +595,35 @@
+ in
+ serialized
+
+-let compress_then_serialize_message re =
++let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+- let accT = t_Array u8 (sz 32) in
+- let inv (acc: accT) (i: usize) = True in
+ let serialized:t_Array u8 (sz 32) =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
+- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 8)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 8)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 32) = serialized in
+- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in
+- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
+- coefficients
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 32) = serialized in
+- let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in
++ let j, coefficient:(usize & i32) = temp_1_ in
+ let coefficient:u16 =
+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient
+ in
+@@ -705,36 +636,28 @@
+ <:
+ t_Array u8 (sz 32))
+ in
+- admit (); // P-F
+ serialized
+
+-let compress_then_serialize_ring_element_u #p
+- v_COMPRESSION_FACTOR
+- v_OUT_LEN
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
++let compress_then_serialize_ring_element_u
++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let _:Prims.unit = () <: Prims.unit in
+- assert (
+- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11) \/
+- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10)
+- );
+- Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
+- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with
+ | 10ul -> compress_then_serialize_10_ v_OUT_LEN re
+ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re
+ | _ ->
+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code"
++
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re =
++let compress_then_serialize_ring_element_v
++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ =
+ let _:Prims.unit = () <: Prims.unit in
+- Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
+- let res =
+- assert (
+- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/
+- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5)
+- );
+- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with
+ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re
+ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re
+ | _ ->
+@@ -742,49 +665,32 @@
+
+ <:
+ Rust_primitives.Hax.t_Never)
+- in
+- admit (); // P-F
+- res
+
+-#push-options "--z3rlimit 160"
+-let deserialize_then_decompress_10_ serialized =
++let deserialize_then_decompress_10_ (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in
+- let inv (acc: accT) (i: usize) = True in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv
+- serialized
+- (sz 5)
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+- let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in
+- let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+- let coefficient1, coefficient2, coefficient3, coefficient4 =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let i, bytes:(usize & t_Slice u8) = temp_1_ in
++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) =
+ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5
+ in
+- let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1
+- <:
+- i32) in
+- let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2
+- <:
+- i32) in
+- let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3
+- <:
+- i32) in
+- let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4
+- <:
+- i32) in
+- assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256);
+- assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype);
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -792,12 +698,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 4 *! i <: usize)
+- coefficient1
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -805,12 +713,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 1 <: usize)
+- coefficient2
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -818,12 +728,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 2 <: usize)
+- coefficient3
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -831,43 +743,44 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 4 *! i <: usize) +! sz 3 <: usize)
+- coefficient4
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ re
+-#pop-options
+
+-#push-options "--z3rlimit 100 --ifuel 0"
+-let deserialize_then_decompress_11_ serialized
+- : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++let deserialize_then_decompress_11_ (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
+- serialized
+- (sz 11)
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+- let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in
+- assert (v i < 32);
+- let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+- let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in
+- let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in
+- let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in
+- let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in
+- let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in
+- let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let i, bytes:(usize & t_Slice u8) = temp_1_ in
++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in
++ let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in
++ let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in
++ let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in
++ let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in
++ let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in
+ let
+ coefficient1,
+ coefficient2,
+@@ -876,21 +789,11 @@
+ coefficient5,
+ coefficient6,
+ coefficient7,
+- coefficient8 =
++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) =
+ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10
+ byte11
+ in
+- let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in
+- let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in
+- let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in
+- let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in
+- let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in
+- let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in
+- let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in
+- let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in
+- assert_spinoff (8 * v i + 8 <= 256);
+- assert_spinoff (range (v (sz 8) * v i) usize_inttype);
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -898,12 +801,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 8 *! i <: usize)
+- coefficient1
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -911,12 +816,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 1 <: usize)
+- coefficient2
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -924,12 +831,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 2 <: usize)
+- coefficient3
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -937,12 +846,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 3 <: usize)
+- coefficient4
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -950,12 +861,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 4 <: usize)
+- coefficient5
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -963,12 +876,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 5 <: usize)
+- coefficient6
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -976,12 +891,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 6 <: usize)
+- coefficient7
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -989,33 +906,35 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 7 <: usize)
+- coefficient8
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ re
+-#pop-options
+
+-#push-options "--z3rlimit 100"
+-let deserialize_then_decompress_4_ serialized =
++let deserialize_then_decompress_4_ (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
+- serialized
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let i, byte:(usize & u8) = temp_1_ in
+- let coefficient1, coefficient2 = decompress_coefficients_4_ byte in
+- assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256);
+- assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype);
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1028,9 +947,9 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1043,32 +962,33 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ re
+-#pop-options
+
+-#push-options "--z3rlimit 150"
+-let deserialize_then_decompress_5_ serialized =
++let deserialize_then_decompress_5_ (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
+- serialized (sz 5)
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+- let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in
+- assert (v i < 32);
+- let byte1 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
+- let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let i, bytes:(usize & t_Slice u8) = temp_1_ in
++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in
++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in
+ let
+ coefficient1,
+ coefficient2,
+@@ -1077,25 +997,10 @@
+ coefficient5,
+ coefficient6,
+ coefficient7,
+- coefficient8 =
++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) =
+ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5
+ in
+- let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in
+- let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in
+- let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in
+- let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 in
+- let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 in
+- let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 in
+- let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 in
+- let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 in
+- // assert (Seq.length serialized == 160);
+- // // assert_norm (160 / 5 == 32);
+- // assert_spinoff (v i < Seq.length serialized);
+- // assert (v i < 32);
+- assert_spinoff (v i < 32 ==> 8 * v i + 8 <= 256);
+- mul_in_range 8 (v i);
+- assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype);
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1103,12 +1008,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 8 *! i <: usize)
+- coefficient1
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1116,12 +1023,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 1 <: usize)
+- coefficient2
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1129,12 +1038,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 2 <: usize)
+- coefficient3
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1142,12 +1053,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 3 <: usize)
+- coefficient4
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1155,12 +1068,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 4 <: usize)
+- coefficient5
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1168,12 +1083,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 5 <: usize)
+- coefficient6
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1181,12 +1098,14 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 6 <: usize)
+- coefficient7
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1194,27 +1113,33 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ ((sz 8 *! i <: usize) +! sz 7 <: usize)
+- coefficient8
++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8
++ <:
++ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ re
+-#pop-options
+
+-#push-options "--z3rlimit 60"
+ let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) =
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True)
+- serialized
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Iter.Traits.Collect.f_into_iter serialized
++ <:
++ Core.Array.Iter.t_IntoIter u8 (sz 32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32)))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32)))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let i, byte:(usize & u8) = temp_1_ in
+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({
+ Core.Ops.Range.f_start = sz 0;
+@@ -1226,11 +1151,10 @@
+ Core.Ops.Range.t_Range usize)
+ re
+ (fun re j ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
+ let j:usize = j in
+ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in
+- lemma_get_bit_bounded' coefficient_compressed 1;
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1244,21 +1168,20 @@
+ i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ in
+- admit(); //P-F
+ re
+-#pop-options
+
+-let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized =
++let deserialize_then_decompress_ring_element_u
++ (v_COMPRESSION_FACTOR: usize)
++ (serialized: t_Slice u8)
++ =
+ let _:Prims.unit = () <: Prims.unit in
+- mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR);
+- assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11);
+- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with
+ | 10ul -> deserialize_then_decompress_10_ serialized
+ | 11ul -> deserialize_then_decompress_11_ serialized
+ | _ ->
+@@ -1267,12 +1190,12 @@
+ <:
+ Rust_primitives.Hax.t_Never)
+
+-let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized =
++let deserialize_then_decompress_ring_element_v
++ (v_COMPRESSION_FACTOR: usize)
++ (serialized: t_Slice u8)
++ =
+ let _:Prims.unit = () <: Prims.unit in
+- mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR);
+- assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5);
+- let res =
+- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with
++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with
+ | 4ul -> deserialize_then_decompress_4_ serialized
+ | 5ul -> deserialize_then_decompress_5_ serialized
+ | _ ->
+@@ -1280,32 +1203,27 @@
+
+ <:
+ Rust_primitives.Hax.t_Never)
+- in
+- admit(); //P-F
+- res
+
+-#push-options "--z3rlimit 220"
+-let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) =
++let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) =
+ let _:Prims.unit = () <: Prims.unit in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO
+ in
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
+- serialized
+- (sz 3)
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8))
+ re
+ (fun re temp_1_ ->
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in
+- let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in
+- let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
+- let byte2:int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
+- let byte3:int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
+- let coef1 = (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) in
+- lemma_get_bit_bounded' coef1 11;
+- lemma_get_bit_bounded' coef2 11;
+- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement =
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in
++ let i, bytes:(usize & t_Slice u8) = temp_1_ in
++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in
++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in
++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in
++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement =
+ {
+ re with
+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+@@ -1313,12 +1231,12 @@
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re
+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
+ (sz 2 *! i <: usize)
+- coef1
++ (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32)
+ }
+ <:
+- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ in
+ re)
+ in
+ re
+-#pop-options
+
+-#push-options "--z3rlimit 100"
+-let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) =
++let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) =
+ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in
+ let serialized:t_Array u8 (sz 384) =
+- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True)
+- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients)
+- (sz 2)
++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate
++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re
++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients
++ <:
++ t_Slice i32)
++ (sz 2)
++ <:
++ Core.Slice.Iter.t_ChunksExact i32)
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
++ <:
++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32))
+ serialized
+ (fun serialized temp_1_ ->
+ let serialized:t_Array u8 (sz 384) = serialized in
+- let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in
+- assert (v i < 128);
++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in
+ let coefficient1:u16 =
+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32)
+ in
+@@ -1357,8 +1281,6 @@
+ let coef1, coef2, coef3:(u8 & u8 & u8) =
+ compress_coefficients_3_ coefficient1 coefficient2
+ in
+- assert_spinoff (3 * v i + 3 <= 384);
+- assert_spinoff (range (v (sz 3) * v i) usize_inttype);
+ let serialized:t_Array u8 (sz 384) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized
+ (sz 3 *! i <: usize)
+@@ -1377,4 +1299,3 @@
+ serialized)
+ in
+ serialized
+-#pop-options
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti
+--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.845759626 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.870758893 +0100
+@@ -2,193 +2,118 @@
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+ open Core
+ open FStar.Mul
+-open MkSeq
+-
+-let int_arr_bitwise_eq
+- #t1 #t2 #n1 #n2
+- (arr1: t_Array (int_t t1) n1)
+- (d1: num_bits t1)
+- (arr2: t_Array (x: int_t t2) n2)
+- (d2: num_bits t2 {v n1 * d1 == v n2 * d2})
+- = forall i. i < v n1 * d1
+- ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i
+
+ val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32)
+- : Prims.Pure (u8 & u8 & u8 & u8 & u8)
+- (requires True)
+- (ensures fun tuple ->
+- int_arr_bitwise_eq
+- (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10
+- (create5 tuple) 8
+- )
++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_coefficients_11_
+ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8:
+- int_t_d i32_inttype 11)
++ i32)
+ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8)
+- (requires True)
+- (ensures fun tuple ->
+- int_arr_bitwise_eq
+- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11
+- (create11 tuple) 8
+- )
+-
+-val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12)
+- : Prims.Pure (u8 & u8 & u8)
+- (requires True)
+- (ensures fun tuple ->
+- int_arr_bitwise_eq
+- (create2 (coefficient1, coefficient2)) 12
+- (create3 tuple) 8
+- )
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val compress_coefficients_3_ (coefficient1 coefficient2: u16)
++ : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_coefficients_5_
+- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5)
+- : Prims.Pure (u8 & u8 & u8 & u8 & u8)
+- (requires True)
+- (ensures fun tuple ->
+- int_arr_bitwise_eq
+- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5
+- (create5 tuple) 8
+- )
+-
+-private unfold type i32_d = int_t_d i32_inttype
+-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8)
+- : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10)
+- (requires True)
+- (ensures fun (r1, r2, r3, r4) ->
+- int_arr_bitwise_eq
+- (create5 (byte1, byte2, byte3, byte4, byte5)) 8
+- (create4 #i32 (r1, r2, r3, r4)) 10
+- )
++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8:
++ u8)
++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True)
++
++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32)
++ : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
+
+ val decompress_coefficients_11_
+- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8)
+- : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11)
+- (requires True)
+- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) ->
+- int_arr_bitwise_eq
+- (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8
+- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11
+- )
++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32)
++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val decompress_coefficients_4_ (byte: u8)
+- : Prims.Pure (i32_d 4 & i32_d 4)
+- (requires True)
+- (ensures fun (r1, r2) ->
+- int_arr_bitwise_eq
+- (create1 byte) 8
+- (create2 (r1, r2)) 4
+- )
+-
+-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8)
+- : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5)
+- (requires True)
+- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) ->
+- int_arr_bitwise_eq
+- (create5 (byte1, byte2, byte3, byte4, byte5)) 8
+- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5
+- )
++ : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True)
++
++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32)
++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32)
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_10_
+- (v_OUT_LEN: usize {v v_OUT_LEN >= 320})
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_11_
+- (v_OUT_LEN: usize {v v_OUT_LEN >= 352})
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_4_
+- (v_OUT_LEN: usize {v v_OUT_LEN >= 128})
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_5_
+- (v_OUT_LEN: usize {v v_OUT_LEN >= 160})
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
++ (v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- : Pure (t_Array u8 (sz 32))
+- (requires True)
+- (ensures (fun res ->
+- res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re)))
++val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True)
+
+ val compress_then_serialize_ring_element_u
+- (#p:Spec.Kyber.params)
+- (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11})
+- (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR })
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- : t_Array u8 v_OUT_LEN
+-
+-val compress_then_serialize_ring_element_v (#p:Spec.Kyber.params)
+- (v_COMPRESSION_FACTOR: usize {v_COMPRESSION_FACTOR = sz 4 || v_COMPRESSION_FACTOR = sz 5})
+- (v_OUT_LEN: usize {v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR})
+- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- : Pure (t_Array u8 v_OUT_LEN)
+- (requires True)
+- (ensures (fun res ->
+- res ==
+- Spec.Kyber.compress_then_encode_v p
+- (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re)))
++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
++
++val compress_then_serialize_ring_element_v
++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize)
++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320})
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++val deserialize_then_decompress_10_ (serialized: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352})
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++val deserialize_then_decompress_11_ (serialized: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128})
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++val deserialize_then_decompress_4_ (serialized: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_5_
+- (serialized: t_Slice u8 {Seq.length serialized == 160})
+- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement
++val deserialize_then_decompress_5_ (serialized: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
+ Prims.l_True
+ (fun _ -> Prims.l_True)
+
+ val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32))
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires True)
+- (ensures fun res ->
+- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res ==
+- Spec.Kyber.decode_then_decompress_message serialized)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val deserialize_then_decompress_ring_element_u
+ (v_COMPRESSION_FACTOR: usize)
+- (serialized: t_Slice u8 {
+- match v v_COMPRESSION_FACTOR with
+- | 10 -> Seq.length serialized == 320
+- | 11 -> Seq.length serialized == 352
+- | _ -> False
+- })
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11)
+- (ensures fun _ -> True)
++ (serialized: t_Slice u8)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+-val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params)
+- (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5})
++val deserialize_then_decompress_ring_element_v
++ (v_COMPRESSION_FACTOR: usize)
+ (serialized: t_Slice u8)
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\
+- length serialized == Spec.Kyber.v_C2_SIZE p))
+- (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res
+- == Spec.Kyber.decode_then_decompress_v p serialized)
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
+
+ val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8)
+- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT))
+- (ensures fun _ -> True)
+-
+-val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement)
+- : Pure (t_Array u8 (sz 384))
+- (requires True)
+- (ensures (fun res -> True))
++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement
++ Prims.l_True
++ (fun _ -> Prims.l_True)
++
++val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)
++ : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True)
+diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst
+--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.839759802 +0100
++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.875758746 +0100
+@@ -3,8 +3,6 @@
+ open Core
+ open FStar.Mul
+
+-type t_Error = | Error_RejectionSampling : t_Error
+-
+ type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+
+ [@@ FStar.Tactics.Typeclasses.tcinstance]
+@@ -52,9 +50,7 @@
+ let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE
+
+ let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize)
+- : Pure (t_Slice u8 & t_Slice u8)
+- (requires (mid <=. v_SIZE))
+- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) =
++ : (t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+ type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+@@ -103,11 +99,8 @@
+
+ let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE
+
+-val impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize)
+- : Pure (t_Slice u8 & t_Slice u8)
+- (requires (mid <=. v_SIZE))
+- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid)))
+-let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) =
++let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize)
++ : (t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+ type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE }
+@@ -157,9 +150,7 @@
+ let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE
+
+ let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize)
+- : Pure (t_Slice u8 & t_Slice u8)
+- (requires (mid <=. v_SIZE))
+- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) =
++ : (t_Slice u8 & t_Slice u8) =
+ Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid
+
+ type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = {
+diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti
+--- extraction-edited/Libcrux_platform.fsti 2024-02-01 11:03:26.826760184 +0100
++++ extraction-secret-independent/Libcrux_platform.fsti 2024-02-01 11:03:26.887758395 +0100
+@@ -1,4 +1,4 @@
+ module Libcrux_platform
+ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+
+-val simd256_support: bool
++val simd256_support : unit -> bool
+diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst
+--- extraction-edited/MkSeq.fst 2024-02-01 11:03:26.814760535 +0100
++++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100
+@@ -1,91 +0,0 @@
+-module MkSeq
+-open Core
+-
+-open FStar.Tactics.V2
+-
+-private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a)
+- = let rec h (i: nat {i <= len}): Tac (list 'a)
+- = if i = len then [] else f i :: h (i + 1)
+- in h 0
+-
+-private let tuple_proj (n: nat) (i: nat): Tac term
+- = if n = 1 then `(id) else
+- let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in
+- Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name])
+-
+-private let tuple_type (n: nat): Tac term
+- = if n = 1 then `(id) else
+- let name = "tuple" ^ string_of_int n in
+- Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name])
+-
+-open Rust_primitives.Integers
+-open Libcrux.Kem.Kyber.Arithmetic
+-
+-// let create4 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10: 'a)
+-// : Pure
+-// (t_Array 'a (sz 11))
+-// (requires True)
+-// (ensures fun (r: t_Array 'a (sz 11)) ->
+-// r.[sz 0] == x0 /\
+-// r.[sz 1] == x1 /\
+-// r.[sz 2] == x2 /\
+-// r.[sz 3] == x3 /\
+-// r.[sz 4] == x4 /\
+-// r.[sz 5] == x5 /\
+-// r.[sz 6] == x6 /\
+-// r.[sz 7] == x7 /\
+-// True
+-// )
+-// = Libcrux.Kem.Kyber.Arithmetic.createi
+-// (sz 11)
+-// (fun x -> match v x with
+-// | 0 -> x0
+-// | 1 -> x1
+-// | 2 -> x2
+-// | 3 -> x3
+-// | 4 -> x4
+-// | 5 -> x5
+-// | 6 -> x6
+-// | 7 -> x7
+-// | 8 -> x8
+-// | 9 -> x9
+-// | 10 -> x10
+-// )
+-
+-private let create_gen_tac (n: nat): Tac sigelt
+- = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in
+- let typ = binder_to_term typ_bd in
+- let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in
+- let input_bd = fresh_binder_named "tup" input_typ in
+- let output_type = `t_Array (`#typ) (sz (`@n)) in
+- let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in
+- let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in
+- let post =
+- let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in
+- let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in
+- let bd = fresh_binder_named "s" output_type in
+- mk_abs [bd] (invs bd)
+- in
+- let comp = C_Eff [] ["Prims"; "Pure"]
+- (`t_Array (`#typ) (sz (`@n)))
+- [ (`(requires True), Q_Explicit); (post, Q_Explicit)] []
+- in
+- let args = [typ_bd; input_bd] in
+- let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in
+- let indexes =
+- let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in
+- Tactics.fold_left mk_and (`True) (init n f)
+- in
+- let lb_def = mk_abs args (`(
+- let l = `#l in
+- let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in
+- FStar.Classical.forall_intro (Seq.lemma_index_is_nth s);
+- assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]);
+- s
+- )) in
+- let lb_typ = mk_arr args (pack_comp comp) in
+- let open FStar.List.Tot in
+- let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in
+- Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] }
+-
+-%splice[] (init 13 (fun i -> create_gen_tac (i + 1)))
+diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst
+--- extraction-edited/Spec.Kyber.fst 2024-02-01 11:03:26.846759597 +0100
++++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100
+@@ -1,433 +0,0 @@
+-module Spec.Kyber
+-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+-open Core
+-open FStar.Mul
+-
+-(** Utils *)
+-let map' #a #b
+- (f:(x:a -> b))
+- (s: t_Slice a): t_Slice b
+- = createi (length s) (fun i -> f (Seq.index s (v i)))
+-
+-let flatten #t #n
+- (#m: usize {range (v n * v m) usize_inttype})
+- (x: t_Array (t_Array t m) n)
+- : t_Array t (m *! n)
+- = createi (m *! n) (fun i -> Seq.index (Seq.index x (v i / v m)) (v i % v m))
+-
+-(** Constants *)
+-let v_BITS_PER_COEFFICIENT: usize = sz 12
+-
+-let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256
+-
+-let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12
+-
+-let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8
+-
+-let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32
+-
+-let v_FIELD_MODULUS: i32 = 3329l
+-
+-let v_H_DIGEST_SIZE: usize = sz 32
+-// Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm)
+-
+-let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5
+-
+-let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE
+-
+-type params_ = {
+- v_RANK: usize;
+- v_ETA1: usize;
+- v_ETA2: usize;
+- v_VECTOR_U_COMPRESSION_FACTOR: usize;
+- v_VECTOR_V_COMPRESSION_FACTOR: usize;
+-}
+-
+-let valid_params p =
+- (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) &&
+- (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) &&
+- p.v_ETA2 =. sz 2 &&
+- (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) &&
+- (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5)
+-
+-let params = p:params_{valid_params p}
+-
+-val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192}
+-let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64
+-
+-val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128}
+-let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64
+-
+-val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
+-let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT
+-
+-val v_T_AS_NTT_ENCODED_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
+-let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p
+-
+-val v_CPA_PKE_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536}
+-let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p
+-
+-val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568}
+-let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32
+-
+-val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168}
+-let v_SECRET_KEY_SIZE (p:params) =
+- (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE)
+-
+-val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR}
+-let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR
+-
+-val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 \/ u <=. sz 1448) /\
+- v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK}
+-let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK
+-
+-val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR }
+-let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR
+-
+-val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)}
+-let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p
+-
+-val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE +
+- v (v_CPA_PKE_CIPHERTEXT_SIZE p)}
+-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) =
+- v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p
+-
+-val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64}
+-let v_KEY_GENERATION_SEED_SIZE: usize =
+- v_CPA_PKE_KEY_GENERATION_SEED_SIZE +!
+- v_SHARED_SECRET_SIZE
+-
+-(** Types *)
+-
+-type t_Error = | Error_RejectionSampling : t_Error
+-
+-type t_Result a b =
+- | Ok: a -> t_Result a b
+- | Err: b -> t_Result a b
+-
+-type t_KyberPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p)
+-type t_KyberPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p)
+-type t_KyberKeyPair (p:params) = t_KyberPrivateKey p & t_KyberPublicKey p
+-
+-type t_KyberCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p)
+-type t_KyberCPAKeyPair (p:params) = t_KyberCPAPrivateKey p & t_KyberPublicKey p
+-
+-type t_KyberCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p)
+-type t_KyberSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE)
+-
+-(** Utility and Hash Function *)
+-assume val v_G (input: t_Slice u8) : t_Array u8 (sz 64)
+-assume val v_H (input: t_Slice u8) : t_Array u8 (sz 32)
+-assume val v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN
+-let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input
+-assume val v_XOF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN
+-
+-(** Kyber Math and Sampling *)
+-
+-type field_element = n:nat{n < v v_FIELD_MODULUS}
+-type polynomial = arr: t_Array nat (sz 256) {forall i. Seq.index arr i < v v_FIELD_MODULUS}
+-type vector (p:params) = t_Array polynomial p.v_RANK
+-type matrix (p:params) = t_Array (vector p) p.v_RANK
+-
+-assume val poly_add: polynomial -> polynomial -> polynomial
+-assume val poly_sub: polynomial -> polynomial -> polynomial
+-assume val vector_add: #p:params -> vector p -> vector p -> vector p
+-assume val vector_dot_product: #p:params -> vector p -> vector p -> polynomial
+-
+-assume val matrix_transpose: #p:params -> matrix p -> matrix p
+-assume val matrix_vector_mul: #p:params -> matrix p -> vector p -> vector p
+-val compute_As_plus_e: #p:params -> a:matrix p -> s:vector p -> e:vector p -> vector p
+-let compute_As_plus_e #p a s e = vector_add (matrix_vector_mul a s) e
+-
+-assume val poly_inv_ntt: #p:params -> polynomial -> polynomial
+-assume val vector_ntt: #p:params -> vector p -> vector p
+-assume val vector_inv_ntt: #p:params -> vector p -> vector p
+-
+-// note we take seed of size 32 not 34 as in hacspec
+-assume val sample_matrix_A: #p:params -> seed:t_Array u8 (sz 32) -> matrix p
+-// note we take seed of size 32 not 33 as in hacspec
+-assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p
+-// note we take seed of size 32 not 33 as in hacspec
+-
+-assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial
+-
+-open Rust_primitives.Integers
+-
+-val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial
+-let sample_poly_cbd #p seed domain_sep =
+- let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in
+- let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in
+- sample_poly_binomial p.v_ETA2 prf_output
+-
+-let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) =
+- vector_ntt (sample_vector_cbd #p seed domain_sep)
+-
+-type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12}
+-
+-let compress_d (d: dT {d <> 12}) (x: field_element): field_element
+- = (pow2 d * x + 1664) / v v_FIELD_MODULUS
+-
+-let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8))
+- : Pure (t_Array u8 bytes)
+- (requires True)
+- (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i))
+- = bit_vec_to_int_t_array 8 bv
+-
+-let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes)
+- : Pure (i: bit_vec (v bytes * 8))
+- (requires True)
+- (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i))
+- = bit_vec_of_int_t_array r 8
+-
+-let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d))
+- = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d)
+-
+-let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial
+- = let bv = bit_vec_of_int_t_array coefficients 8 in
+- let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in
+- let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in
+- introduce forall i. Seq.index p i < v v_FIELD_MODULUS
+- with assert (Seq.index p i == Seq.index p (v (sz i)));
+- p
+-
+-let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)
+- = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in
+- flatten s
+-
+-let vector_decode_12 (#p:params) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p
+- = createi p.v_RANK (fun block ->
+- let block_size = (sz (32 * 12)) in
+- let slice = Seq.slice arr (v block * v block_size)
+- (v block * v block_size + v block_size) in
+- byte_decode 12 slice
+- )
+-
+-let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d))
+- = let coefs: t_Array nat (sz 256) = map (fun (f: nat {f < v v_FIELD_MODULUS}) ->
+- compress_d d f <: nat
+- ) coefficients
+- in
+- byte_encode d coefficients
+-
+-let compress_then_encode_message: polynomial -> t_Array u8 v_SHARED_SECRET_SIZE
+- = byte_encode 1
+-
+-let decode_then_decompress_message: t_Array u8 v_SHARED_SECRET_SIZE -> polynomial
+- = byte_decode 1
+-
+-let compress_then_encode_u (p:params) (vec: vector p): t_Array u8 (v_C1_SIZE p)
+- = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in
+- flatten (map #_ #_ #(fun _ -> True) (byte_encode (v d)) vec)
+-
+-let decode_then_decompress_u (p:params) (arr: t_Array u8 (v_C1_SIZE p)): vector p
+- = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in
+- createi p.v_RANK (fun block ->
+- let block_size = v_C1_BLOCK_SIZE p in
+- let slice = Seq.slice arr (v block * v block_size)
+- (v block * v block_size + v block_size) in
+- byte_decode (v d) slice
+- )
+-
+-let compress_then_encode_v (p:params): polynomial -> t_Array u8 (v_C2_SIZE p)
+- = byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR)
+-
+-let decode_then_decompress_v (p:params): t_Array u8 (v_C2_SIZE p) -> polynomial
+- = byte_decode (v p.v_VECTOR_V_COMPRESSION_FACTOR)
+-
+-(** IND-CPA Functions *)
+-
+-/// This function implements most of Algorithm 12 of the
+-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm.
+-///
+-/// We say "most of" since Algorithm 12 samples the required randomness within
+-/// the function itself, whereas this implementation expects it to be provided
+-/// through the `key_generation_seed` parameter.
+-
+-val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) :
+- t_KyberCPAKeyPair p
+-let ind_cpa_generate_keypair p randomness =
+- let hashed = v_G randomness in
+- let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in
+- let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in
+- let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in
+- let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in
+- let t_as_ntt = compute_As_plus_e #p matrix_A_as_ntt secret_as_ntt error_as_ntt in
+- let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in
+- let secret_key_serialized = vector_encode_12 #p secret_as_ntt in
+- (secret_key_serialized,public_key_serialized)
+-
+-/// This function implements Algorithm 13 of the
+-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm.
+-
+-val ind_cpa_encrypt (p:params) (public_key: t_KyberPublicKey p)
+- (message: t_Array u8 v_SHARED_SECRET_SIZE)
+- (randomness:t_Array u8 v_SHARED_SECRET_SIZE) :
+- t_KyberCiphertext p
+-
+-let ind_cpa_encrypt p public_key message randomness =
+- let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in
+- let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in
+- let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in
+- let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in
+- let error_1 = sample_vector_cbd #p randomness p.v_RANK in
+- let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in
+- let u = vector_add (vector_inv_ntt (matrix_vector_mul (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in
+- let mu = decode_then_decompress_message message in
+- let v = poly_add (poly_add (vector_dot_product t_as_ntt r_as_ntt) error_2) mu in
+- let c1 = compress_then_encode_u p u in
+- let c2 = compress_then_encode_v p v in
+- concat c1 c2
+-
+-/// This function implements Algorithm 14 of the
+-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm.
+-
+-val ind_cpa_decrypt (p:params) (secret_key: t_KyberCPAPrivateKey p)
+- (ciphertext: t_KyberCiphertext p):
+- t_KyberSharedSecret
+-
+-let ind_cpa_decrypt p secret_key ciphertext =
+- let (c1,c2) = split ciphertext (v_C1_SIZE p) in
+- let u = decode_then_decompress_u p c1 in
+- let v = decode_then_decompress_v p c2 in
+- let secret_as_ntt = vector_decode_12 #p secret_key in
+- let w = poly_sub v (poly_inv_ntt #p (vector_dot_product secret_as_ntt (vector_ntt u))) in
+- compress_then_encode_message w
+-
+-(** IND-CCA Functions *)
+-
+-
+-/// This function implements most of Algorithm 15 of the
+-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM key generation algorithm.
+-///
+-/// We say "most of" since Algorithm 15 samples the required randomness within
+-/// the function itself, whereas this implementation expects it to be provided
+-/// through the `randomness` parameter.
+-///
+-/// TODO: input validation
+-
+-val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) :
+- t_KyberKeyPair p
+-let ind_cca_generate_keypair p randomness =
+- let (ind_cpa_keypair_randomness, implicit_rejection_value) =
+- split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in
+-
+- let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in
+- let ind_cca_secret_key = Seq.append ind_cpa_secret_key (
+- Seq.append ind_cpa_public_key (
+- Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in
+- (ind_cca_secret_key, ind_cpa_public_key)
+-
+-/// This function implements most of Algorithm 16 of the
+-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm.
+-///
+-/// We say "most of" since Algorithm 16 samples the required randomness within
+-/// the function itself, whereas this implementation expects it to be provided
+-/// through the `randomness` parameter.
+-///
+-/// TODO: input validation
+-
+-val ind_cca_encapsulate (p:params) (public_key: t_KyberPublicKey p)
+- (randomness:t_Array u8 v_SHARED_SECRET_SIZE) :
+- (t_KyberCiphertext p & t_KyberSharedSecret)
+-let ind_cca_encapsulate p public_key randomness =
+- let to_hash = concat randomness (v_H public_key) in
+- let hashed = v_G to_hash in
+- let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
+- let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in
+- (ciphertext,shared_secret)
+-
+-
+-/// This function implements Algorithm 17 of the
+-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm.
+-
+-val ind_cca_decapsulate (p:params) (secret_key: t_KyberPrivateKey p)
+- (ciphertext: t_KyberCiphertext p):
+- t_KyberSharedSecret
+-let ind_cca_decapsulate p secret_key ciphertext =
+- let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in
+- let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in
+- let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in
+-
+- let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in
+- let to_hash = concat decrypted ind_cpa_public_key_hash in
+- let hashed = v_G to_hash in
+- let (success_shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in
+-
+- assert (Seq.length implicit_rejection_value = 32);
+- let to_hash = concat implicit_rejection_value ciphertext in
+- let rejection_shared_secret = v_J to_hash in
+-
+- let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in
+- if reencrypted = ciphertext
+- then success_shared_secret
+- else rejection_shared_secret
+-
+-
+-(** Kyber-768 Instantiation *)
+-
+-let kyber768_params : params = {
+- v_RANK = sz 3;
+- v_ETA1 = sz 2;
+- v_ETA2 = sz 2;
+- v_VECTOR_U_COMPRESSION_FACTOR = sz 10;
+- v_VECTOR_V_COMPRESSION_FACTOR = sz 4;
+-}
+-
+-let kyber768_generate_keypair (randomness:t_Array u8 (sz 64)):
+- (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) =
+- ind_cca_generate_keypair kyber768_params randomness
+-
+-let kyber768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)):
+- (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) =
+- ind_cca_encapsulate kyber768_params public_key randomness
+-
+-
+-let kyber768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)):
+- t_Array u8 (sz 32) =
+- ind_cca_decapsulate kyber768_params secret_key ciphertext
+-
+-(** Kyber-1024 Instantiation *)
+-
+-let kyber1024_params : params = {
+- v_RANK = sz 4;
+- v_ETA1 = sz 2;
+- v_ETA2 = sz 2;
+- v_VECTOR_U_COMPRESSION_FACTOR = sz 11;
+- v_VECTOR_V_COMPRESSION_FACTOR = sz 5;
+-}
+-
+-let kyber1024_generate_keypair (randomness:t_Array u8 (sz 64)):
+- (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) =
+- ind_cca_generate_keypair kyber1024_params randomness
+-
+-let kyber1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)):
+- (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) =
+- ind_cca_encapsulate kyber1024_params public_key randomness
+-
+-
+-let kyber1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)):
+- t_Array u8 (sz 32) =
+- ind_cca_decapsulate kyber1024_params secret_key ciphertext
+-
+-(** Kyber-512 Instantiation *)
+-
+-let kyber512_params : params = {
+- v_RANK = sz 2;
+- v_ETA1 = sz 3;
+- v_ETA2 = sz 2;
+- v_VECTOR_U_COMPRESSION_FACTOR = sz 10;
+- v_VECTOR_V_COMPRESSION_FACTOR = sz 4;
+-}
+-
+-let kyber512_generate_keypair (randomness:t_Array u8 (sz 64)):
+- (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) =
+- ind_cca_generate_keypair kyber512_params randomness
+-
+-let kyber512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)):
+- (t_Array u8 (sz 768) & t_Array u8 (sz 32)) =
+- ind_cca_encapsulate kyber512_params public_key randomness
+-
+-
+-let kyber512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)):
+- t_Array u8 (sz 32) =
+- ind_cca_decapsulate kyber512_params secret_key ciphertext
diff --git a/proofs/fstar/extraction-secret-independent/.gitignore b/proofs/fstar/extraction-secret-independent/.gitignore
new file mode 100644
index 000000000..4671378ae
--- /dev/null
+++ b/proofs/fstar/extraction-secret-independent/.gitignore
@@ -0,0 +1 @@
+.depend
diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst
new file mode 100644
index 000000000..4993b8a42
--- /dev/null
+++ b/proofs/fstar/extraction/Libcrux.Digest.fst
@@ -0,0 +1,48 @@
+module Libcrux.Digest
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15"
+open Core
+open FStar.Mul
+
+let shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+ Libcrux.Hacl.Sha3.X4.shake128 v_LEN data0 data1 data2 data3
+
+let sha3_256_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha256 payload
+
+let sha3_512_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha512 payload
+
+let shake128 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake128 v_LEN data
+
+let shake256 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake256 v_LEN data
+
+let shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+ let input_len:usize = Core.Slice.impl__len data0 in
+ let _:Prims.unit =
+ if true
+ then
+ let _:Prims.unit =
+ if
+ ~.((input_len =. (Core.Slice.impl__len data1 <: usize) <: bool) &&
+ (input_len =. (Core.Slice.impl__len data2 <: usize) <: bool) &&
+ (input_len =. (Core.Slice.impl__len data3 <: usize) <: bool) &&
+ (input_len <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool) &&
+ (v_LEN <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool))
+ then
+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: input_len == data1.len() && input_len == data2.len() &&\\n input_len == data3.len() && input_len <= u32::MAX as usize &&\\n LEN <= u32::MAX as usize"
+
+ <:
+ Rust_primitives.Hax.t_Never)
+ in
+ ()
+ in
+ let digest0:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data0 in
+ let digest1:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data1 in
+ let digest2:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data2 in
+ let digest3:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data3 in
+ digest0, digest1, digest2, digest3
+ <:
+ (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN)
+
+let shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) =
+ if Libcrux_platform.simd256_support ()
+ then shake128x4_256_ v_LEN data0 data1 data2 data3
+ else shake128x4_portable v_LEN data0 data1 data2 data3
diff --git a/proofs/fstar/patches.sh b/proofs/fstar/patches.sh
new file mode 100755
index 000000000..2228333f5
--- /dev/null
+++ b/proofs/fstar/patches.sh
@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+set -e
+
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+cd "$SCRIPTPATH"
+
+DENYLIST="Makefile Kyber.fst.config.json PROOFS.md"
+
+# `prepare_folder SRC DEST` copies F* files from SRC to DEST/
+prepare_folder() {
+ original="$1"
+ workdir="$2"
+ find "$original" \( -name '*.fst' -o -name '*.fsti' \) -exec cp --parents \{\} "$workdir" \;
+}
+
+# `patch_folder ORIGINAL DESTINATION PATCH` creates the folder
+# `DESTINATION` out of the folder `ORIGINAL` given the patch `PATCH`
+patch_folder() {
+ original="$1"
+ destination="$2"
+ patch="$3"
+ TEMPDIR=$(mktemp -d)
+
+ prepare_folder $original "$TEMPDIR"
+
+ original_basename=$(basename "$original")
+ patch --directory="$TEMPDIR/$original_basename" -s -p1 < "$patch"
+
+ DIR="$TEMPDIR/$original_basename"
+ cp -rfT "$DIR" "$destination"
+
+ rm -rf "$TEMPDIR"
+}
+
+case $1 in
+ apply)
+ for target in extraction-edited extraction-secret-independent; do
+ find "$target" \
+ \( -name '*.fst' -o -name '*.fsti' \) \
+ -type f \
+ -exec rm -f {} +
+ done
+
+ patch_folder extraction extraction-edited \
+ extraction-edited.patch
+ patch_folder extraction-edited extraction-secret-independent \
+ extraction-secret-independent.patch
+ ;;
+
+ create)
+ TEMPDIR=$(mktemp -d)
+
+ for i in extraction extraction-edited extraction-secret-independent; do
+ prepare_folder "$i" "$TEMPDIR"
+ done
+
+ (
+ cd "$TEMPDIR"
+ diff -ruN extraction extraction-edited > extraction-edited.patch || true
+ diff -ruN extraction-edited extraction-secret-independent > extraction-secret-independent.patch || true
+
+
+ )
+ mv "$TEMPDIR/extraction-edited.patch" extraction-edited.patch
+ mv "$TEMPDIR/extraction-secret-independent.patch" extraction-secret-independent.patch
+
+ rm -rf "$TEMPDIR"
+ ;;
+
+ *)
+ echo 'Usage: `'"$0"' COMMAND`'
+ echo ' - `'"$0"' apply`: recreate `extraction-*` folders from the `*.patch` files'
+ echo ' - `'"$0"' create`: recreate `*.patch` files from the `extraction-*` folders'
+ ;;
+esac