From e12905d67f29c90c3f9d96d52a5f34bc40bc1f69 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 29 Jan 2024 16:49:52 +0100 Subject: [PATCH 01/19] feat(fstar/kyber): add diffs for `extraction-{edited,secret-independent}/` --- .github/workflows/hax.yml | 3 + proofs/fstar/extraction-edited.patch | 8945 ++++++++++++++++ proofs/fstar/extraction-edited/.gitignore | 1 + .../fstar/extraction-secret-independent.patch | 9023 +++++++++++++++++ .../extraction-secret-independent/.gitignore | 1 + .../Libcrux.Kem.Kyber.Hash_functions.fst | 2 +- proofs/fstar/patches.sh | 76 + 7 files changed, 18050 insertions(+), 1 deletion(-) create mode 100644 proofs/fstar/extraction-edited.patch create mode 100644 proofs/fstar/extraction-edited/.gitignore create mode 100644 proofs/fstar/extraction-secret-independent.patch create mode 100644 proofs/fstar/extraction-secret-independent/.gitignore create mode 100755 proofs/fstar/patches.sh diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 7057482fb..072219daa 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -72,6 +72,9 @@ jobs: PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ ./hax-driver.py --verify-extraction + - name: 🏃 Regenerate `extraction-*` folders + run: ./proofs/fstar/patches.sh apply + - name: 🏃 Verify Kyber `extraction-edited` F* code run: | env FSTAR_HOME=${{ github.workspace }}/fstar \ diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch new file mode 100644 index 000000000..d5930e88a --- /dev/null +++ b/proofs/fstar/extraction-edited.patch @@ -0,0 +1,8945 @@ +diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.467792008 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.514790151 +0100 +@@ -1,81 +1,356 @@ + module Libcrux.Kem.Kyber.Arithmetic +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" + open Core + open FStar.Mul + +-let get_n_least_significant_bits (n: u8) (value: u32) = ++ ++let lemma_mul_i32_range (n1 n2: i32) (b1 b2: nat) ++ : Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 * b2 < pow2 31)) ++ (ensures (range (v n1 * v n2) i32_inttype /\ i32_range (n1 *! n2) (b1 * b2))) = ++ if v n1 = 0 || v n2 = 0 ++ then () ++ else ++ let open FStar.Math.Lemmas in ++ lemma_abs_bound (v n1) b1; ++ lemma_abs_bound (v n2) b2; ++ lemma_abs_mul (v n1) (v n2); ++ lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2; ++ lemma_mult_le_right b2 (abs (v n1)) b1; ++ lemma_abs_bound (v n1 * v n2) (b1 * b2) ++ ++let lemma_add_i32_range (n1 n2:i32) (b1 b2:nat): ++ Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 + b2 < pow2 31)) ++ (ensures (range (v n1 + v n2) i32_inttype /\ ++ i32_range (n1 +! n2) (b1 + b2))) ++ = () ++ ++let mul_i32_b #b1 #b2 x y = ++ lemma_mul_i32_range x y b1 b2; ++ x *! y ++ ++let add_i32_b #b1 #b2 x y = ++ lemma_add_i32_range x y b1 b2; ++ x +! y ++ ++let sub_i32_b #b1 #b2 x y = ++ x -! y ++ ++let cast_i32_b #b1 #b2 x = ++ x <: i32_b b2 ++ ++#push-options "--ifuel 0 --z3rlimit 150" ++let shr_i32_b #b #t x y = ++ let r = (x <: i32) >>! y in ++ assert (v r == v x / pow2 (v y)); ++ Math.Lemmas.lemma_div_le (v x) b (pow2 (v y)); ++ assert (v x / (pow2 (v y)) <= b / (pow2 (v y))); ++ Math.Lemmas.lemma_div_le (-b) (v x) (pow2 (v y)); ++ assert (v x / (pow2 (v y)) >= (-b) / (pow2 (v y))); ++ if (b % pow2 (v y) = 0) ++ then (Math.Lemmas.div_exact_r b (pow2 (v y)); ++ assert (b = (b/pow2 (v y)) * pow2 (v y)); ++ assert (-b = -((b/pow2 (v y)) * pow2 (v y))); ++ Math.Lemmas.neg_mul_left (b/pow2 (v y)) (pow2 (v y)); ++ assert (-b = (-(b/pow2 (v y))) * pow2 (v y)); ++ assert ((-b)/pow2(v y) = ((-(b/pow2 (v y))) * pow2 (v y)) / pow2 (v y)); ++ Math.Lemmas.cancel_mul_div (-(b/pow2 (v y))) (pow2 (v y)); ++ assert ((-b)/pow2(v y) = -(b/pow2 (v y))); ++ assert (nat_div_ceil b (pow2 (v y)) == b / pow2 (v y)); ++ assert (i32_range r (b / pow2 ( v y))); ++ r <: i32_b (nat_div_ceil b (pow2 (v y)))) ++ else (let rem = b % pow2 (v y) in ++ let quo = b / pow2 (v y) in ++ Math.Lemmas.lemma_div_mod b (pow2 (v y)); ++ assert (b = quo * pow2 (v y) + rem); ++ assert (-b = -(quo * pow2 (v y)) - rem); ++ Math.Lemmas.neg_mul_left quo (pow2 (v y)); ++ assert (-b = (-quo) * pow2 (v y) - rem); ++ assert ((-b)/pow2(v y) = (-rem + (-quo) * pow2 (v y))/pow2 (v y)); ++ Math.Lemmas.division_addition_lemma (-rem) (pow2 (v y)) (-quo); ++ assert ((-b)/pow2(v y) = ((-rem)/pow2 (v y) -quo)); ++ Math.Lemmas.division_definition (-rem) (pow2 (v y)) (-1); ++ assert ((-rem)/pow2 (v y) == -1); ++ assert ((-b)/pow2(v y) = -1 -quo); ++ assert ((-b)/pow2(v y) = (-quo - 1)); ++ assert ((-b)/pow2(v y) = -(quo + 1)); ++ assert (nat_div_ceil b (pow2 (v y)) == quo + 1); ++ assert (i32_range r (quo+1)); ++ r <: i32_b (nat_div_ceil b (pow2 (v y)))) ++#pop-options ++ ++let v_BARRETT_R: i64 = 1L <>! 1l <: i64) + in ++ assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329)); ++ assert (v t = v x * v v_BARRETT_MULTIPLIER + pow2 25); + let quotient:i32 = cast (t >>! v_BARRETT_SHIFT <: i64) <: i32 in ++ assert (v quotient = v t / pow2 26); + let result:i32 = value -! (quotient *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) in +- let _:Prims.unit = () <: Prims.unit in ++ calc (==) { ++ v result % 3329; ++ (==) { } ++ (v value - (v quotient * 3329)) % 3329; ++ (==) {Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329} ++ (v value - (v quotient * 3329) % 3329) % 3329; ++ (==) {Math.Lemmas.cancel_mul_mod (v quotient) 3329} ++ (v value - 0) % 3329; ++ (==) {} ++ (v value) % 3329; ++ }; + result ++#pop-options + +-let montgomery_reduce (value: i32) = ++#push-options "--ifuel 0 --z3rlimit 1600" ++let montgomery_reduce #b value = + let _:i32 = v_MONTGOMERY_R in + let _:Prims.unit = () <: Prims.unit in ++ let v0 = (cast (value <: i32) <: u32) in ++ assert (v v0 == v value % pow2 32); ++ let t0 = (get_n_least_significant_bits v_MONTGOMERY_SHIFT v0 <: u32) in ++ assert (v t0 = (v value % pow2 32) % pow2 16); ++ Math.Lemmas.pow2_modulo_modulo_lemma_1 (v value) 16 32; ++ assert (v t0 = v value % pow2 16); + let t:u32 = +- (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i32) <: u32) <: u32) *! +- v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R ++ t0 *! ++ v_INVERSE_OF_MODULUS_MOD_R + in +- let k:i16 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32) <: i16 in +- let k_times_modulus:i32 = +- (cast (k <: i16) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ assert (v t = (v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R); ++ let k0 = get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32 in ++ let k:i32_b (pow2 15) = cast (cast k0 <: i16) <: i32 in ++ calc (==) { ++ v k % pow2 16; ++ == { } ++ v k0 % pow2 16; ++ == { } ++ v t % pow2 16; ++ == { } ++ ((v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16; ++ == {Math.Lemmas.lemma_mod_mul_distr_l (v value) (v v_INVERSE_OF_MODULUS_MOD_R) (pow2 16)} ++ (v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16; ++ }; ++ assert_norm((62209 * 3329) % pow2 16 == 1); ++ assert((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16 == 1); ++ calc (==) { ++ (v k * 3329) % pow2 16; ++ == {Math.Lemmas.lemma_mod_mul_distr_l (v k) 3329 (pow2 16)} ++ ((v k % pow2 16) * 3329) % pow2 16; ++ == { } ++ ((v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16 * 3329) % pow2 16; ++ == {Math.Lemmas.lemma_mod_mul_distr_l (v value * v v_INVERSE_OF_MODULUS_MOD_R) (3329) (pow2 16)} ++ (v value * v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16; ++ == {Math.Lemmas.paren_mul_right (v value) (v v_INVERSE_OF_MODULUS_MOD_R) 3329} ++ (v value * (v v_INVERSE_OF_MODULUS_MOD_R * 3329)) % pow2 16; ++ == {Math.Lemmas.lemma_mod_mul_distr_r (v value) (v v_INVERSE_OF_MODULUS_MOD_R * 3329) (pow2 16)} ++ (v value * ((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16)) % pow2 16; ++ == {Math.Lemmas.mul_one_right_is_same (v value)} ++ (v value) % pow2 16; ++ }; ++ Math.Lemmas.modulo_add (pow2 16) (- (v k * 3329)) (v value) (v k * 3329); ++ assert ((v value - v k * 3329) % pow2 16 == (v k * 3329 - v k * 3329) % pow2 16); ++ assert ((v value - v k * 3329) % v v_MONTGOMERY_R == 0); ++ let k_times_modulus:i32_b (pow2 15 * 3329) = ++ mul_i32_b k Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS + in +- let c:i32 = k_times_modulus >>! v_MONTGOMERY_SHIFT in +- let value_high:i32 = value >>! v_MONTGOMERY_SHIFT in +- value_high -! c ++ let c:i32_b 1665 = shr_i32_b k_times_modulus v_MONTGOMERY_SHIFT in ++ let value_high:i32_b (nat_div_ceil b (v v_MONTGOMERY_R)) = shr_i32_b value v_MONTGOMERY_SHIFT in ++ assert (v value_high = v value / v v_MONTGOMERY_R); ++ let res: i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665) = sub_i32_b value_high c in ++ calc (==) { ++ v res; ++ == { } ++ (v value_high - v c); ++ == { } ++ ((v value / v v_MONTGOMERY_R) - ((v k * 3329) / v v_MONTGOMERY_R)); ++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} ++ ((v value - (v k * 3329)) / v v_MONTGOMERY_R); ++ }; ++ calc (==) { ++ v res % 3329; ++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} ++ (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * ((v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) % 3329)) % 3329 ; ++ == {Math.Lemmas.lemma_mod_mul_distr_r ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) 3329} ++ (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV)) % 3329 ; ++ == {Math.Lemmas.paren_mul_right ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R) (v v_MONTGOMERY_R_INV)} ++ ((((v value - (v k * 3329)) / v v_MONTGOMERY_R) * v v_MONTGOMERY_R) * v v_MONTGOMERY_R_INV) % 3329 ; ++ == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} ++ ((v value - (v k * 3329)) * v v_MONTGOMERY_R_INV) % 3329 ; ++ == { } ++ ((v value * v v_MONTGOMERY_R_INV) - ((v k * 3329) * v v_MONTGOMERY_R_INV)) % 3329 ; ++ == {Math.Lemmas.paren_mul_right (v k) 3329 (v v_MONTGOMERY_R_INV)} ++ ((v value * v v_MONTGOMERY_R_INV) - (v k * (3329 * v v_MONTGOMERY_R_INV))) % 3329 ; ++ == {Math.Lemmas.swap_mul 3329 (v v_MONTGOMERY_R_INV)} ++ ((v value * v v_MONTGOMERY_R_INV) - (v k * (v v_MONTGOMERY_R_INV * 3329))) % 3329 ; ++ == {Math.Lemmas.paren_mul_right (v k) (v v_MONTGOMERY_R_INV) 3329} ++ ((v value * v v_MONTGOMERY_R_INV) - ((v k * v v_MONTGOMERY_R_INV) * 3329)) % 3329 ; ++ == {Math.Lemmas.lemma_mod_sub (v value * v v_MONTGOMERY_R_INV) 3329 (v k * v v_MONTGOMERY_R_INV)} ++ (v value * v v_MONTGOMERY_R_INV) % 3329 ; ++ }; ++ res ++#pop-options ++ ++let montgomery_multiply_sfe_by_fer fe fer = ++ montgomery_reduce (mul_i32_b fe fer) + +-let montgomery_multiply_fe_by_fer (fe fer: i32) = montgomery_reduce (fe *! fer <: i32) + +-let to_standard_domain (mfe: i32) = +- montgomery_reduce (mfe *! v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32) ++let to_standard_domain mfe = ++ montgomery_reduce (mul_i32_b mfe (v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32_b 1353)) + +-let to_unsigned_representative (fe: i32) = ++let to_unsigned_representative fe = + let _:Prims.unit = () <: Prims.unit in +- cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) +- <: +- u16 ++ logand_lemma Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS (fe >>! 31l <: i32); ++ let res = ++ cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) <: u16 ++ in ++ assert (v fe < 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 3329l); ++ assert (v fe >= 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 0l); ++ assert (v fe + 3329 < pow2 16); ++ assert (v fe >= -3328); ++ assert (v fe < 0 ==> v fe + 3329 >= 0); ++ assert (v fe < 0 ==> v res == (v fe + 3329) % pow2 16); ++ Math.Lemmas.small_mod (v fe + 3329) (pow2 16); ++ assert (v fe < 0 ==> v res == v fe + 3329); ++ assert (v fe >= 0 ==> v res == v fe); ++ res <: int_t_d u16_inttype 12 ++ ++let derefine_poly_b #b x = ++ let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32)) in ++ {f_coefficients = r} ++ ++let derefine_vector_b #v_K #b x = ++ let r = createi v_K (fun i -> derefine_poly_b #b x.[i]) in ++ r ++ ++let derefine_matrix_b #v_K #b x = ++ let r = createi v_K (fun i -> derefine_vector_b #v_K #b x.[i]) in ++ r ++ ++let cast_poly_b #b1 #b2 x = ++ let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32_b b2)) in ++ let res = {f_coefficients = r} in ++ let dx = (derefine_poly_b x).f_coefficients in ++ let dr = (derefine_poly_b res).f_coefficients in ++ assert (forall (i:usize). v i < 256 ==> ++ (dx.[i] <: i32) == ++ (dr.[i] <: i32)); ++ assert (forall i. Seq.index dx i == (dx.[sz i] <: i32)); ++ eq_intro dx dr; ++ assert(Seq.equal dx dr); ++ res + +-let add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) = ++let cast_vector_b #v_K #b1 #b2 x = ++ let r = createi v_K (fun i -> cast_poly_b #b1 #b2 x.[i]) in ++ let dx = derefine_vector_b x in ++ let dr = derefine_vector_b r in ++ assert (forall (i:usize). v i < v v_K ==> ++ dx.[i] == dr.[i]); ++ assert (forall i. Seq.index dx i == dx.[sz i]); ++ assert (forall i. Seq.index dr i == dr.[sz i]); ++ eq_intro dx dr; ++ r ++ ++let down_cast_poly_b #b1 #b2 x = ++ let r = createi (sz 256) ++ (fun i -> ++ let xi:i32_b b2 = x.f_coefficients.[i] in ++ xi) in ++ let res = {f_coefficients = r} in ++ let dx = (derefine_poly_b x).f_coefficients in ++ let dr = (derefine_poly_b res).f_coefficients in ++ assert (forall (i:usize). v i < 256 ==> ++ (dx.[i] <: i32) == ++ (dr.[i] <: i32)); ++ assert (forall i. Seq.index dx i == (dx.[sz i] <: i32)); ++ eq_intro dx dr; ++ assert(Seq.equal dx dr); ++ res ++ ++let down_cast_vector_b #v_K #b1 #b2 x = ++ let r = createi (v_K) ++ (fun i -> down_cast_poly_b #b1 #b2 x.[i]) in ++ let dx = derefine_vector_b x in ++ let dr = derefine_vector_b r in ++ assert (forall (i:usize). v i < v v_K ==> ++ dx.[i] == dr.[i]); ++ assert (forall i. Seq.index dx i == dx.[sz i]); ++ assert (forall i. Seq.index dr i == dr.[sz i]); ++ eq_intro dx dr; ++ assert(Seq.equal dx dr); ++ r ++ ++ ++let add_to_ring_element #b1 #b2 v_K lhs rhs = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let lhs:t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ let orig_lhs = lhs in ++ [@ inline_let] ++ let inv = fun (acc:t_PolynomialRingElement_b (b1+b2)) (i:usize) -> ++ (forall j. j <. i ==> acc.f_coefficients.[j] == lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]) /\ ++ (forall j. j >=. i ==> acc.f_coefficients.[j] == orig_lhs.f_coefficients.[j]) in ++ let lhs:t_PolynomialRingElement_b (b1 + b2) = ++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (b1+b2)) #inv { + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end +- = +- Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice i32) +- <: +- usize ++ Core.Ops.Range.f_end = ++ Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice (i32_b b1)) + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- lhs ++ (cast_poly_b #b1 #(b1+b2) lhs) + (fun lhs i -> +- let lhs:t_PolynomialRingElement = lhs in ++ let lhs:t_PolynomialRingElement_b (b1+b2) = lhs in + let i:usize = i in ++ assert (orig_lhs.f_coefficients.[i] == lhs.f_coefficients.[i]); ++ let lhsi: i32_b b1 = orig_lhs.f_coefficients.[i] in ++ let lhs = + { + lhs with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs.f_coefficients + i +- ((lhs.f_coefficients.[ i ] <: i32) +! (rhs.f_coefficients.[ i ] <: i32) <: i32) ++ (add_i32_b #b1 #b2 (lhsi) (rhs.f_coefficients.[ i ])) + <: +- t_Array i32 (sz 256) ++ t_Array (i32_b (b1 + b2)) (sz 256) + } + <: +- t_PolynomialRingElement) ++ t_PolynomialRingElement_b (b1 + b2) ++ in ++ assert (forall j. (j >. i /\ j <. sz 256) ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j]); ++ lhs ++ ) + in + let _:Prims.unit = () <: Prims.unit in ++ assert (forall j. j <. sz 256 ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]); + lhs ++ ++ ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.437793193 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.501790664 +0100 +@@ -3,10 +3,32 @@ + open Core + open FStar.Mul + ++let pow2_31 = 2147483648 ++let i32_range (n:i32) (b:nat) = ++ b < pow2_31 /\ v n <= b /\ v n >= -b ++ ++type i32_b b = x:i32{i32_range x b} ++let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 ++ ++val mul_i32_b (#b1:nat) (#b2:nat{b1 * b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 * b2){v r == v x * v y} ++val add_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): ++ Pure (i32_b (b1 + b2)) ++ (requires True) ++ (ensures fun r -> v r == v x + v y) ++val sub_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 + b2){v r == v x - v y} ++val cast_i32_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) (x:i32_b b1): r:i32_b b2{v r == v x} ++val shr_i32_b (#b:nat) (#t:inttype) (x:i32_b b) (y:int_t t{v y>0 /\ v y<32}): r:i32_b (nat_div_ceil b (pow2 (v y))) ++ + unfold + let t_FieldElement = i32 + + unfold ++let t_FieldElement_b b = i32_b b ++ ++unfold ++let wfFieldElement = t_FieldElement_b 3328 ++ ++unfold + let t_FieldElementTimesMontgomeryR = i32 + + unfold +@@ -16,119 +38,213 @@ + + let v_BARRETT_SHIFT: i64 = 26L + +-let v_BARRETT_R: i64 = 1L <= 0 /\ v x < 3329 /\ (v x * v v_MONTGOMERY_R) % 3329 == 1 /\ x = 169l} ++ ++let int_to_spec_fe (m:int) : Spec.Kyber.field_element = ++ let m_v = m % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS in ++ assert (m_v > - v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS); ++ if m_v < 0 then ++ m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ else m_v + +-val get_n_least_significant_bits (n: u8) (value: u32) +- : Prims.Pure u32 +- (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) ++ ++let to_spec_fe (m:i32) : Spec.Kyber.field_element = ++ int_to_spec_fe (v m) ++ ++let to_spec_fe_b #b (m:i32_b b) : Spec.Kyber.field_element = to_spec_fe m ++ ++let mont_to_spec_fe (m:t_FieldElement) : Spec.Kyber.field_element = ++ int_to_spec_fe (v m * v v_MONTGOMERY_R_INV) ++ ++val get_n_least_significant_bits (n: u8 {v n > 0 /\ v n < 32}) (value: u32) ++ : Prims.Pure (int_t_d u32_inttype (v n)) ++ (requires v n < 32) + (ensures + fun result -> + let result:u32 = result in +- result <. (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32)) ++ v result = v value % pow2 (v n)) + +-val barrett_reduce (value: i32) +- : Prims.Pure i32 +- (requires +- (Core.Convert.f_from value <: i64) >. (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i64) && +- (Core.Convert.f_from value <: i64) <. v_BARRETT_R) +- (ensures +- fun result -> +- let result:i32 = result in +- result >. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) && +- result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) + +-val montgomery_reduce (value: i32) +- : Prims.Pure i32 +- (requires +- value >=. +- ((Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) *! +- v_MONTGOMERY_R +- <: +- i32) && +- value <=. (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS *! v_MONTGOMERY_R <: i32)) ++//let barrett_pre (value:i32) = ++// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R ++// Appears to work up to +/- 2^28, but not at +/- 2^29 ++ ++let barrett_post (value:i32) (result:i32) = ++ v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = ++ v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ ++val barrett_reduce (value: i32_b (v v_BARRETT_R)) ++ : Prims.Pure wfFieldElement ++ (requires True) ++ (ensures fun r -> barrett_post value r) ++ ++let montgomery_post (value:i32) (result:i32) = ++ v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = ++ (v value * v v_MONTGOMERY_R_INV) % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ ++ ++val montgomery_reduce #b (value: i32_b b) ++ : Prims.Pure (i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665)) ++ (requires True) + (ensures + fun result -> + let result:i32 = result in +- result >=. +- ((Core.Ops.Arith.Neg.neg (3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: i32 +- ) /! +- 2l +- <: +- i32) && +- result <=. ((3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) /! 2l <: i32)) +- +-val montgomery_multiply_fe_by_fer (fe fer: i32) +- : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) +- +-val to_standard_domain (mfe: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) +- +-val to_unsigned_representative (fe: i32) +- : Prims.Pure u16 +- (requires +- fe >=. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) && +- fe <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) ++ montgomery_post value result) ++ ++ ++val montgomery_multiply_sfe_by_fer #b1 #b2 (fe:i32_b b1) (fer: i32_b b2) ++ : Pure (i32_b (nat_div_ceil (b1 * b2) (v v_MONTGOMERY_R) + 1665)) ++ (requires (b1 * b2 < pow2_31)) ++ (ensures (fun result -> ++ montgomery_post (mul_i32_b fe fer) (result))) ++ ++ ++val to_standard_domain #b (mfe: i32_b b) ++ : Pure (i32_b (nat_div_ceil (b * 1353) (v v_MONTGOMERY_R) + 1665)) ++ (requires (b * 1353 < pow2_31)) ++ (ensures (fun result -> ++ montgomery_post (mul_i32_b mfe (1353l <: i32_b 1353)) result)) ++ ++ ++val to_unsigned_representative (fe: wfFieldElement) ++ : Prims.Pure (int_t_d u16_inttype 12) ++ (requires True) + (ensures + fun result -> + let result:u16 = result in ++ v result == to_spec_fe fe /\ + result >=. 0us && + result <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) + +-type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) } ++type t_PolynomialRingElement = { f_coefficients:t_Array (t_FieldElement) (sz 256) } ++ ++type t_PolynomialRingElement_b b = { f_coefficients:t_Array (i32_b b) (sz 256) } ++ ++type wfPolynomialRingElement = t_PolynomialRingElement_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1) ++ ++val derefine_poly_b (#b1:nat) (x:t_PolynomialRingElement_b b1): ++ r:t_PolynomialRingElement{ ++ forall (i:usize). v i < 256 ==> (r.f_coefficients.[i] <: i32) == (x.f_coefficients.[i] <: i32)} ++ ++val derefine_vector_b (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K): ++ r:t_Array t_PolynomialRingElement v_K{ ++ forall (i:usize). (v i < v v_K) ==> ++ (let ri : t_PolynomialRingElement = r.[i] in ++ let xi : t_PolynomialRingElement_b b = x.[i] in ++ ri == derefine_poly_b xi)} ++ ++val derefine_matrix_b (#v_K:usize) (#b:nat) ++ (x:t_Array (t_Array (t_PolynomialRingElement_b b) v_K) v_K) : ++ r:t_Array (t_Array t_PolynomialRingElement v_K) v_K{ ++ forall (i:usize). (v i < v v_K) ==> ++ (let ri : t_Array (t_PolynomialRingElement) v_K = r.[i] in ++ let xi : t_Array (t_PolynomialRingElement_b b) v_K = x.[i] in ++ ri == derefine_vector_b xi)} ++ ++ ++val cast_poly_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) ++ (x:t_PolynomialRingElement_b b1) ++ : Pure (t_PolynomialRingElement_b b2) ++ (requires True) ++ (ensures fun r -> derefine_poly_b x == derefine_poly_b r) ++ ++val cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) ++ (x:t_Array (t_PolynomialRingElement_b b1) v_K) ++ : Pure (t_Array (t_PolynomialRingElement_b b2) v_K) ++ (requires True) ++ (ensures fun r -> derefine_vector_b x == derefine_vector_b r) ++ ++let poly_range (#b:nat) (x:t_PolynomialRingElement_b b) (b':nat) = ++ (forall (i:usize). v i < 256 ==> i32_range (x.f_coefficients.[i] <: i32) b') ++ ++let vector_range (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K) (b':nat) = ++ (forall (i:usize). v i < v v_K ==> poly_range #b x.[i] b') ++ ++val down_cast_poly_b (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31}) ++ (x:t_PolynomialRingElement_b b1): ++ Pure (t_PolynomialRingElement_b b2) ++ (requires (poly_range x b2)) ++ (ensures fun r -> derefine_poly_b x == derefine_poly_b r) ++ ++val down_cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31}) ++ (x:t_Array (t_PolynomialRingElement_b b1) v_K): ++ Pure (t_Array (t_PolynomialRingElement_b b2) v_K) ++ (requires (vector_range x b2)) ++ (ensures fun r -> derefine_vector_b x == derefine_vector_b r) ++ ++let op_String_Access #t #l (a:t_Array t l) (i:usize{v i < v l}) : t = a.[i] ++ ++let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = ++ let p = createi #nat (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) in ++ assert (forall i. Seq.index p i = to_spec_fe (m.f_coefficients.[sz i])); ++ assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); ++ p ++ ++let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = ++ to_spec_poly (derefine_poly_b m) ++ ++let mont_to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = ++ let p = createi #nat (sz 256) (fun i -> mont_to_spec_fe (m.f_coefficients.[i])) in ++ assert (forall i. Seq.index p i = mont_to_spec_fe (m.f_coefficients.[sz i])); ++ assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); ++ p ++ ++ ++let to_spec_vector (#p:Spec.Kyber.params) ++ (m:t_Array (t_PolynomialRingElement) p.v_RANK) ++ : (Spec.Kyber.vector p) = ++ createi p.v_RANK (fun i -> to_spec_poly (m.[i])) ++ ++ ++let to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat) ++ (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK) ++ : (Spec.Kyber.vector p) = ++ to_spec_vector (derefine_vector_b m) ++ ++let mont_to_spec_vector (#p:Spec.Kyber.params) ++ (m:t_Array (t_PolynomialRingElement) p.v_RANK) ++ : (Spec.Kyber.vector p) = ++ createi p.v_RANK (fun i -> mont_to_spec_poly (m.[i])) ++ ++let mont_to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat) ++ (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK) ++ : (Spec.Kyber.vector p) = ++ mont_to_spec_vector (derefine_vector_b m) ++ ++let to_spec_matrix (#p:Spec.Kyber.params) ++ (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK)) ++ : (Spec.Kyber.matrix p) = ++ createi p.v_RANK (fun i -> to_spec_vector (m.[i])) ++ ++let to_spec_matrix_b (#p:Spec.Kyber.params) (#b:nat) ++ (m:(t_Array (t_Array (t_PolynomialRingElement_b b) p.v_RANK) p.v_RANK)) ++ : (Spec.Kyber.matrix p) = ++ to_spec_matrix (derefine_matrix_b m) ++ ++let mont_to_spec_matrix (#p:Spec.Kyber.params) ++ (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK)) ++ : (Spec.Kyber.matrix p) = ++ createi p.v_RANK (fun i -> mont_to_spec_vector (m.[i])) ++ ++let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement_b 1 = ++ { f_coefficients = Rust_primitives.Hax.repeat (0l <: i32_b 1) (sz 256) } <: t_PolynomialRingElement_b 1 ++ ++val add_to_ring_element (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (v_K: usize) (lhs: t_PolynomialRingElement_b b1) (rhs: t_PolynomialRingElement_b b2) ++ : Prims.Pure (t_PolynomialRingElement_b (b1 + b2)) ++ (requires True) ++ (ensures fun result -> ++ (forall i. v result.f_coefficients.[i] == v lhs.f_coefficients.[i] + v rhs.f_coefficients.[i])) ++ ++ + +-let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement = +- { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } <: t_PolynomialRingElement + +-val add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) +- : Prims.Pure t_PolynomialRingElement +- (requires +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- ((Core.Num.impl__i32__abs (lhs.f_coefficients.[ i ] <: i32) <: i32) <=. +- (((cast (v_K <: usize) <: i32) -! 1l <: i32) *! +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- i32) +- <: +- bool) && +- ((Core.Num.impl__i32__abs (rhs.f_coefficients.[ i ] <: i32) <: i32) <=. +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- bool)) +- <: +- bool)) +- (ensures +- fun result -> +- let result:t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.f_coefficients.[ i ] <: i32) <: i32) <=. +- ((cast (v_K <: usize) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- i32) +- <: +- bool) +- <: +- bool)) +diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst +--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.449792719 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.505790506 +0100 +@@ -1,39 +1,79 @@ + module Libcrux.Kem.Kyber.Compress +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" + open Core + open FStar.Mul + +-let compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) = +- let _:Prims.unit = () <: Prims.unit in +- let _:Prims.unit = () <: Prims.unit in +- let compressed:u64 = (cast (fe <: u16) <: u64) <>! 35l in +- cast (Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits coefficient_bits +- (cast (compressed <: u64) <: u32) +- <: +- u32) +- <: +- i32 +- +-let compress_message_coefficient (fe: u16) = ++let compress_message_coefficient fe = + let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in ++ assert (v shifted == 1664 - v fe); + let mask:i16 = shifted >>! 15l in ++ assert (v mask = v shifted / pow2 15); ++ assert (if v shifted < 0 then mask = ones else mask = zero); + let shifted_to_positive:i16 = mask ^. shifted in ++ logxor_lemma shifted mask; ++ assert (v shifted < 0 ==> v shifted_to_positive = v (lognot shifted)); ++ neg_equiv_lemma shifted; ++ assert (v (lognot shifted) = -(v shifted) -1); ++ assert (v shifted >= 0 ==> v shifted_to_positive = v (mask `logxor` shifted)); ++ assert (v shifted >= 0 ==> mask = zero); ++ assert (v shifted >= 0 ==> mask ^. shifted = shifted); ++ assert (v shifted >= 0 ==> v shifted_to_positive = v shifted); ++ assert (shifted_to_positive >=. 0s); + let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in +- cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 ++ assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe); ++ assert (1664 - v fe < 0 ==> v shifted_positive_in_range == -2497 + v fe); ++ let r0 = shifted_positive_in_range >>! 15l in ++ let r1 = r0 &. 1s in ++ let res = cast (r1) <: u8 in ++ assert (v r0 = v shifted_positive_in_range / pow2 15); ++ assert (if v shifted_positive_in_range < 0 then r0 = ones else r0 = zero); ++ logand_lemma 1s r0; ++ assert (if v shifted_positive_in_range < 0 then r1 = 1s else r1 = 0s); ++ assert ((v fe >= 833 && v fe <= 2496) ==> r1 = 1s); ++ assert (v fe < 833 ==> r1 = 0s); ++ assert (v fe > 2496 ==> r1 = 0s); ++ assert (v res = v r1); ++ res ++ ++let compress_ciphertext_coefficient coefficient_bits fe = ++ let _:Prims.unit = () <: Prims.unit in ++ let _:Prims.unit = () <: Prims.unit in ++ let compressed:u32 = (cast (fe <: u16) <: u32) <>! (coefficient_bits +! 1uy <: u8) in +- cast (decompressed <: u32) <: i32 ++ let res = cast (decompressed <: u32) <: i32 in ++ let res : Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 = res in ++ res + +-let decompress_message_coefficient (fe: i32) = +- (Core.Ops.Arith.Neg.neg fe <: i32) &. +- ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) ++let decompress_message_coefficient fe = ++ let res = (Core.Ops.Arith.Neg.neg fe <: i32) &. ++ ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) in ++ assert (v ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) == 1665); ++ assert (res == logand #i32_inttype (Core.Ops.Arith.Neg.neg fe) 1665l); ++ assert (v fe == 0 ==> Core.Ops.Arith.Neg.neg fe = zero); ++ logand_lemma 1665l zero; ++ assert (v fe == 0 ==> res == zero); ++ res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 ++#pop-options +diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.446792838 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.508790388 +0100 +@@ -3,8 +3,19 @@ + open Core + open FStar.Mul + +-val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) +- : Prims.Pure i32 ++val compress_message_coefficient (fe: u16) ++ : Prims.Pure u8 ++ (requires v fe < 3329) ++ (ensures ++ fun result -> ++ let result:u8 = result in ++ if 833 <= v fe && v fe <= 2496 ++ then result =. 1uy ++ else result =. 0uy) ++ ++ ++val compress_ciphertext_coefficient (coefficient_bits: u8 {v coefficient_bits > 0 /\ v coefficient_bits <= 32}) (fe: u16) ++ : Prims.Pure (int_t_d i32_inttype (v coefficient_bits)) + (requires + (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || + coefficient_bits =. 11uy) && +@@ -15,32 +26,19 @@ + result >=. 0l && + result <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32)) + +-val compress_message_coefficient (fe: u16) +- : Prims.Pure u8 +- (requires fe <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) +- (ensures +- fun result -> +- let result:u8 = result in +- Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- result =. 1uy <: bool) && +- Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- result =. 0uy <: bool)) ++open Rust_primitives.Integers + +-val decompress_ciphertext_coefficient (coefficient_bits: u8) (fe: i32) +- : Prims.Pure i32 +- (requires +- (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || +- coefficient_bits =. 11uy) && +- fe >=. 0l && +- fe <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32)) ++val decompress_ciphertext_coefficient ++ (coefficient_bits: u8 {coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || coefficient_bits =. 11uy}) ++ (fe: int_t_d i32_inttype (v coefficient_bits)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) ++ (requires True) + (ensures + fun result -> + let result:i32 = result in + result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) + + val decompress_message_coefficient (fe: i32) +- : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfFieldElement ++ (requires fe =. 0l || fe =. 1l) ++ (fun result -> v result >= 0 /\ v result < 3329) +diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.455792482 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.534789360 +0100 +@@ -15,7 +15,8 @@ + + let v_FIELD_MODULUS: i32 = 3329l + +-let v_H_DIGEST_SIZE: usize = sz 32 ++let v_H_DIGEST_SIZE: usize = ++ Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) + + let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 + +diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.462792205 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.491791059 +0100 +@@ -4,56 +4,163 @@ + open FStar.Mul + + let is_non_zero (value: u8) = ++ let orig_value = value in + let value:u16 = cast (value <: u8) <: u16 in +- let result:u16 = +- ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &. +- 1us +- in +- cast (result <: u16) <: u8 ++ let result:u8 = cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) in ++ let res:u8 = result &. 1uy in ++ if v orig_value = 0 then ( ++ assert(value == zero); ++ lognot_lemma value; ++ assert((~.value +. 1us) == zero); ++ assert((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero); ++ logor_lemma value zero; ++ assert((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == value); ++ assert (v result == v ((value >>! 8l))); ++ assert ((v value / pow2 8) == 0); ++ assert (result == 0uy); ++ logand_lemma 1uy result; ++ assert (res == 0uy); ++ res) ++ else ( ++ assert (v value <> 0); ++ lognot_lemma value; ++ assert (v (~.value) = pow2 16 - 1 - v value); ++ assert (v (~.value) + 1 = pow2 16 - v value); ++ assert (v (value) <= pow2 8 - 1); ++ assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); ++ assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); ++ assert ((v (~.value) + 1)/pow2 8 = (pow2 8 - 1)); ++ assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1); ++ assert (result = ones); ++ logand_lemma 1uy result; ++ assert (res = 1uy); ++ res ++ ) + +-let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) = ++let compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE lhs rhs = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + let (r: u8):u8 = 0uy in ++ [@ inline_let] ++ let inv = fun (acc:u8) (i:usize) -> ++ v i <= v v_CIPHERTEXT_SIZE /\ ++ (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then ++ acc == 0uy ++ else ~ (acc == 0uy)) ++ in + let r:u8 = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Rust_primitives.Iterators.foldi_range #_ #u8 #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) + r + (fun r i -> + let r:u8 = r in + let i:usize = i in +- r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8) ++ let nr = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8 in ++ if r =. 0uy then ( ++ if (Seq.index lhs (v i) = Seq.index rhs (v i)) then ( ++ logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); ++ assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero); ++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); ++ assert (nr = r); ++ assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j); ++ assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j); ++ eq_intro (Seq.slice lhs 0 (v i + 1)) (Seq.slice rhs 0 (v i + 1)); ++ nr ++ ) ++ else ( ++ logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); ++ assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero); ++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); ++ assert (v nr > 0); ++ assert (Seq.index (Seq.slice lhs 0 (v i+1)) (v i) <> ++ Seq.index (Seq.slice rhs 0 (v i+1)) (v i)); ++ assert (Seq.slice lhs 0 (v i+1) <> Seq.slice rhs 0 (v i + 1)); ++ nr ++ ) ++ ) else ( ++ logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); ++ assert (v nr >= v r); ++ assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i)); ++ if (Seq.slice lhs 0 (v i+1) = Seq.slice rhs 0 (v i + 1)) then ++ (assert (forall j. j < v i + 1 ==> Seq.index (Seq.slice lhs 0 (v i+1)) j == Seq.index (Seq.slice rhs 0 (v i+1)) j); ++ eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i)); ++ assert(False)) ++ else nr ++ ) ++ ) + in +- is_non_zero r ++ let res = is_non_zero r in ++ res + ++#push-options "--ifuel 0 --z3rlimit 50" + let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in ++ assert (if selector = 0uy then mask = ones else mask = zero); ++ lognot_lemma mask; ++ assert (if selector = 0uy then ~.mask = zero else ~.mask = ones); + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in ++ [@ inline_let] ++ let inv = fun (acc:t_Array u8 (sz 32)) (i:usize) -> ++ v i <= 32 /\ ++ (forall j. j < v i ==> (if (selector =. 0uy) then Seq.index acc j == Seq.index lhs j else Seq.index acc j == Seq.index rhs j)) /\ ++ (forall j. j >= v i ==> Seq.index acc j == 0uy) ++ in + let out:t_Array u8 (sz 32) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Rust_primitives.Iterators.foldi_range #_ #(t_Array u8 (sz 32)) #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) + out + (fun out i -> + let out:t_Array u8 (sz 32) = out in ++ assert ((out.[ i ] <: u8) = 0uy); ++ let outi = ++ ((out.[ i ] <: u8) |. ++ (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) ++ <: ++ u8) ++ <: ++ u8) in ++ if (selector = 0uy) then ( ++ logand_lemma (lhs.[ i ] <: u8) mask; ++ assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8)); ++ logand_lemma (rhs.[ i ] <: u8) (~.mask); ++ assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero); ++ logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8); ++ assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8)); ++ logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8); ++ assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8)); ++ assert (outi = (lhs.[ i ] <: u8)) ++ ) ++ else ( ++ logand_lemma (lhs.[ i ] <: u8) mask; ++ assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero); ++ logand_lemma (rhs.[ i ] <: u8) (~.mask); ++ assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8)); ++ logor_lemma (rhs.[ i ] <: u8) zero; ++ assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8)); ++ assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == (rhs.[ i ] <: u8)); ++ logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8); ++ assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (rhs.[ i ] <: u8)); ++ assert (outi = (rhs.[ i ] <: u8)) ++ ); + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + i +- (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) ++ outi + <: + t_Array u8 (sz 32)) + in +- out ++ if (selector =. 0uy) then ( ++ eq_intro out lhs; ++ out ++ ) ++ else ( ++ eq_intro out rhs; ++ out ++ ) ++#pop-options +diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.444792916 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.502790625 +0100 +@@ -20,7 +20,8 @@ + + val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) + : Prims.Pure u8 +- Prims.l_True ++ (requires (length lhs == v_CIPHERTEXT_SIZE /\ ++ length rhs == v_CIPHERTEXT_SIZE)) + (ensures + fun result -> + let result:u8 = result in +@@ -35,15 +36,10 @@ + + val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) + : Prims.Pure (t_Array u8 (sz 32)) +- Prims.l_True ++ (requires (length lhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE /\ ++ length rhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE)) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in +- Hax_lib.implies (selector =. 0uy <: bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- result =. lhs <: bool) && +- Hax_lib.implies (selector <>. 0uy <: bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- result =. rhs <: bool)) ++ Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && ++ Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) +diff -ruN extraction/Libcrux.Kem.Kyber.Conversions.fst extraction-edited/Libcrux.Kem.Kyber.Conversions.fst +--- extraction/Libcrux.Kem.Kyber.Conversions.fst 2024-01-30 10:40:46.465792087 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,87 +0,0 @@ +-module Libcrux.Kem.Kyber.Conversions +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +- +-let into_padded_array (#v_LEN: usize) (slice: t_Slice u8) : t_Array u8 v_LEN = +- let _:Prims.unit = +- if true +- then +- let _:Prims.unit = +- if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) +- then +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" +- +- <: +- Rust_primitives.Hax.t_Never) +- in +- () +- in +- let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in +- let out:t_Array u8 v_LEN = +- Rust_primitives.Hax.update_at out +- ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } +- ) +- (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out +- ({ +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize +- }) +- <: +- t_Slice u8) +- slice +- <: +- t_Slice u8) +- in +- out +- +-class t_UpdatingArray (#v_Self: Type) = { f_push:v_Self -> t_Slice u8 -> v_Self } +- +-type t_UpdatableArray (v_LEN: usize) = { +- f_value:t_Array u8 v_LEN; +- f_pointer:usize +-} +- +-let impl__new (#v_LEN: usize) (value: t_Array u8 v_LEN) : t_UpdatableArray v_LEN = +- { f_value = value; f_pointer = sz 0 } +- +-let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : t_Array u8 v_LEN = self.f_value +- +-let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = +- { +- f_push +- = +- fun (self: t_UpdatableArray v_LEN) (other: t_Slice u8) -> +- let self:t_UpdatableArray v_LEN = +- { +- self with +- f_value +- = +- Rust_primitives.Hax.update_at (f_value self <: t_UpdatableArray v_LEN) +- ({ +- Core.Ops.Range.f_start = self.f_pointer; +- Core.Ops.Range.f_end +- = +- self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize +- }) +- (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut self.f_value +- ({ +- Core.Ops.Range.f_start = self.f_pointer; +- Core.Ops.Range.f_end +- = +- self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize +- }) +- <: +- t_Slice u8) +- other +- <: +- t_Slice u8) +- } +- in +- let self:t_UpdatableArray v_LEN = +- { self with f_pointer = self.f_pointer +! (Core.Slice.impl__len other <: usize) } +- in +- self +- } +- +-let to_unsigned_representative (fe: i32) : u16 = +- cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 +\ Pas de fin de ligne à la fin du fichier +diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst +--- extraction/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.460792284 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.527789637 +0100 +@@ -1,12 +1,29 @@ + module Libcrux.Kem.Kyber +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" + open Core + open FStar.Mul + +-let serialize_kem_secret_key ++let update_at_range_lemma #n ++ (s: t_Slice 't) ++ (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).in_range s i}) ++ (x: t_Slice 't) ++ : Lemma ++ (requires (Seq.length x == v i.f_end - v i.f_start)) ++ (ensures ( ++ let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in ++ let len = v i.f_start in ++ forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i ++ )) ++ [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)] ++ = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in ++ let len = v i.f_start in ++ introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i ++ with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i ++ /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) ++ ++let serialize_kem_secret_key #p + (v_SERIALIZED_KEY_LEN: usize) +- (private_key public_key implicit_rejection_value: t_Slice u8) +- = ++ (private_key public_key implicit_rejection_value: t_Slice u8) = + let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in + let pointer:usize = sz 0 in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = +@@ -55,6 +72,8 @@ + t_Slice u8) + in + let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in ++ let h_public_key = (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) ++ <: t_Slice u8) in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ +@@ -70,16 +89,7 @@ + pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: usize + } + <: +- Core.Ops.Range.t_Range usize ] +- <: +- t_Slice u8) +- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key +- <: +- t_Array u8 (sz 32)) +- <: +- t_Slice u8) +- <: +- t_Slice u8) ++ Core.Ops.Range.t_Range usize ]) h_public_key) + in + let pointer:usize = pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = +@@ -106,14 +116,32 @@ + <: + t_Slice u8) + in ++ assert (Seq.slice out 0 (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) `Seq.equal` private_key); ++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) ++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) `Seq.equal` public_key); ++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! ++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) ++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! ++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! ++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)) ++ `Seq.equal` Libcrux.Kem.Kyber.Hash_functions.v_H public_key); ++ assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! ++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! ++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)) ++ (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! ++ Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! ++ Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE +! ++ Spec.Kyber.v_SHARED_SECRET_SIZE)) ++ == implicit_rejection_value); ++ lemma_slice_append_4 out private_key public_key (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value; + out + +-let decapsulate ++let decapsulate #p + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) +- = ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) = ++ let orig_secret_key = secret_key.f_value in + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Libcrux.Kem.Kyber.Types.impl_12__split_at v_SECRET_KEY_SIZE secret_key v_CPA_SECRET_KEY_SIZE + in +@@ -123,8 +151,12 @@ + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE + in ++ assert (ind_cpa_secret_key == slice orig_secret_key (sz 0) v_CPA_SECRET_KEY_SIZE); ++ assert (ind_cpa_public_key == slice orig_secret_key v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE)); ++ assert (ind_cpa_public_key_hash == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)); ++ assert (implicit_rejection_value == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) (length orig_secret_key)); + let decrypted:t_Array u8 (sz 32) = +- Libcrux.Kem.Kyber.Ind_cpa.decrypt v_K ++ Libcrux.Kem.Kyber.Ind_cpa.decrypt #p v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR +@@ -152,6 +184,9 @@ + <: + t_Slice u8) + in ++ lemma_slice_append to_hash decrypted ind_cpa_public_key_hash; ++ assert (decrypted == Spec.Kyber.ind_cpa_decrypt p ind_cpa_secret_key ciphertext.f_value); ++ assert (to_hash == concat decrypted ind_cpa_public_key_hash); + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + in +@@ -159,6 +194,10 @@ + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + in ++ assert ((shared_secret,pseudorandomness) == split hashed Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE); ++ assert (length implicit_rejection_value = v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE); ++ assert (length implicit_rejection_value = Spec.Kyber.v_SHARED_SECRET_SIZE); ++ assert (Spec.Kyber.v_SHARED_SECRET_SIZE <=. Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p); + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux.Kem.Kyber.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE +@@ -180,11 +219,13 @@ + <: + t_Slice u8) + in ++ lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value; + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) + in ++ assert (implicit_rejection_shared_secret == Spec.Kyber.v_J to_hash); + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = +- Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE ++ Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted + pseudorandomness +@@ -194,16 +235,18 @@ + (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + in ++ let res = + Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + selector ++ in ++ res + +-let encapsulate ++let encapsulate #p + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- (randomness: t_Array u8 (sz 32)) +- = ++ (randomness: t_Array u8 (sz 32)) = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64) + (Rust_primitives.unsize randomness <: t_Slice u8) +@@ -234,6 +277,10 @@ + <: + t_Slice u8) + in ++ assert (Seq.slice to_hash 0 (v Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) == randomness); ++ lemma_slice_append to_hash randomness (Spec.Kyber.v_H public_key.f_value); ++ assert (to_hash == concat randomness (Spec.Kyber.v_H public_key.f_value)); ++ + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + in +@@ -242,7 +289,7 @@ + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = +- Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE ++ Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE +@@ -252,23 +299,17 @@ + <: + t_Slice u8) randomness pseudorandomness + in +- let shared_secret:t_Array u8 (sz 32) = +- match Core.Convert.f_try_into shared_secret with +- | Core.Result.Result_Ok shared_secret -> shared_secret +- | Core.Result.Result_Err _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" +- <: +- Rust_primitives.Hax.t_Never) +- in +- Core.Convert.f_into ciphertext, shared_secret ++ Core.Convert.f_into ciphertext, ++ Core.Result.impl__unwrap (Core.Convert.f_try_into shared_secret ++ <: ++ Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + <: + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +-let generate_keypair ++let generate_keypair #p + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) +- (randomness: t_Array u8 (sz 64)) +- = ++ (randomness: t_Array u8 (sz 64)) = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; +@@ -286,7 +327,7 @@ + in + let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & + t_Array u8 v_PUBLIC_KEY_SIZE) = +- Libcrux.Kem.Kyber.Ind_cpa.generate_keypair v_K ++ Libcrux.Kem.Kyber.Ind_cpa.generate_keypair #p v_K + v_CPA_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT +@@ -295,7 +336,7 @@ + ind_cpa_keypair_randomness + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = +- serialize_kem_secret_key v_PRIVATE_KEY_SIZE ++ serialize_kem_secret_key #p v_PRIVATE_KEY_SIZE + (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) + (Rust_primitives.unsize public_key <: t_Slice u8) + implicit_rejection_value +@@ -308,3 +349,4 @@ + v_PUBLIC_KEY_SIZE + private_key + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) ++ +diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti +--- extraction/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.469791929 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.490791099 +0100 +@@ -10,31 +10,75 @@ + Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + +-val serialize_kem_secret_key ++val serialize_kem_secret_key (#p:Spec.Kyber.params) + (v_SERIALIZED_KEY_LEN: usize) + (private_key public_key implicit_rejection_value: t_Slice u8) +- : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 v_SERIALIZED_KEY_LEN) ++ (requires (length private_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ ++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ length implicit_rejection_value == Spec.Kyber.v_SHARED_SECRET_SIZE /\ ++ v_SERIALIZED_KEY_LEN == Spec.Kyber.v_SECRET_KEY_SIZE p)) ++ (ensures (fun res -> res == ++ Seq.append private_key ( ++ Seq.append public_key ( ++ Seq.append (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value)))) + +-val decapsulate ++val decapsulate (#p:Spec.Kyber.params) + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 (sz 32)) ++ (requires ( p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ ++ Spec.Kyber.valid_params p /\ ++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ ++ v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ ++ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p /\ ++ v_SECRET_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\ ++ v_CPA_SECRET_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ ++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ ++ v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\ ++ v_C1_BLOCK_SIZE == Spec.Kyber.v_C1_BLOCK_SIZE p /\ ++ v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\ ++ v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p ++ )) ++ (ensures (fun res -> ++ res == Spec.Kyber.ind_cca_decapsulate p secret_key.f_value ciphertext.f_value)) + +-val encapsulate ++val encapsulate (#p:Spec.Kyber.params) + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) ++ (requires (p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ ++ Spec.Kyber.valid_params p /\ ++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ ++ v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ ++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ ++ v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\ ++ v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\ ++ v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\ ++ v_VECTOR_U_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p ++ )) + +-val generate_keypair ++ (ensures (fun (ct,ss) -> ++ (ct.f_value,ss) == Spec.Kyber.ind_cca_encapsulate p public_key.f_value randomness)) ++ ++ ++val generate_keypair (#p:Spec.Kyber.params) + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ (requires (v_K == p.v_RANK /\ v_ETA1 == p.v_ETA1 /\ ++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ ++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ v_CPA_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ ++ v_PRIVATE_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\ ++ v_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p ++ )) ++ (ensures (fun kp -> ++ (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) +diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.458792363 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.519789953 +0100 +@@ -3,18 +3,27 @@ + open Core + open FStar.Mul + +-let v_G (input: t_Slice u8) = Libcrux.Digest.sha3_512_ input ++let v_G (input: t_Slice u8) = ++ let res = Libcrux.Digest.sha3_512_ input in ++ admit(); // We assume that sha3_512 correctly implements G ++ res + +-let v_H (input: t_Slice u8) = Libcrux.Digest.sha3_256_ input ++let v_H (input: t_Slice u8) = ++ let res = Libcrux.Digest.sha3_256_ input in ++ admit(); // We assume that sha3_512 correctly implements H ++ res + +-let v_PRF (v_LEN: usize) (input: t_Slice u8) = Libcrux.Digest.shake256 v_LEN input ++let v_PRF (v_LEN: usize) (input: t_Slice u8) = ++ let res = Libcrux.Digest.shake256 v_LEN input in ++ admit(); // We assume that sha3_512 correctly implements H ++ res + + let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) = + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K + in + let out:t_Array (t_Array u8 (sz 840)) v_K = +- if ~.(Libcrux_platform.simd256_support () <: bool) || ~.true ++ if ~.(Libcrux_platform.simd256_support <: bool) || ~.false + then + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +@@ -100,4 +109,5 @@ + in + out + in ++ admit(); //P-F + out +diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.480791494 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.512790229 +0100 +@@ -3,12 +3,24 @@ + open Core + open FStar.Mul + +-val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) ++val v_G (input: t_Slice u8) ++ : Pure (t_Array u8 (sz 64)) ++ (requires True) ++ (ensures (fun res -> res == Spec.Kyber.v_G input)) + +-val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++val v_H (input: t_Slice u8) ++ : Pure (t_Array u8 (sz 32)) ++ (requires True) ++ (ensures (fun res -> res == Spec.Kyber.v_H input)) + + val v_PRF (v_LEN: usize) (input: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 v_LEN) ++ (requires True) ++ (ensures (fun res -> res == Spec.Kyber.v_PRF v_LEN input)) + + val v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +- : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array (t_Array u8 (sz 840)) v_K) ++ (requires True) ++ (ensures (fun res -> ++ (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Helper.fst extraction-edited/Libcrux.Kem.Kyber.Helper.fst +--- extraction/Libcrux.Kem.Kyber.Helper.fst 2024-01-30 10:40:46.461792245 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,6 +0,0 @@ +-module Libcrux.Kem.Kyber.Helper +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +- +- +diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.443792956 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.517790032 +0100 +@@ -1,5 +1,5 @@ + module Libcrux.Kem.Kyber.Ind_cpa +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" + open Core + open FStar.Mul + +@@ -37,33 +37,37 @@ + in + out + +-let sample_ring_element_cbd ++unfold let acc_t (v_K v_ETA:usize) = (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) v_K) ++unfold let inv_t v_K v_ETA = acc_t v_K v_ETA -> usize -> Type ++ ++let wfZero: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) ++ ++let etaZero (v_ETA:usize{v v_ETA >= 1 /\ v v_ETA < pow2 31}): Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA) = ++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #(v v_ETA) Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) ++ ++let sample_vector_cbd (#p:Spec.Kyber.params) + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) +- (prf_input: t_Array u8 (sz 33)) +- (domain_separator: u8) +- = +- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let domain_separator, error_1_, prf_input:(u8 & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & +- t_Array u8 (sz 33)) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ (prf_input: t_Array u8 (sz 33)) domain_separator = ++ let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = ++ Rust_primitives.Hax.repeat (etaZero (sz (pow2 (v v_ETA2) - 1))) v_K ++ in ++ let orig_domain_separator = domain_separator in ++ [@ inline_let] ++ let inv : inv_t v_K v_ETA2 = fun (acc:acc_t v_K v_ETA2) (i:usize) -> ++ let (domain_separator,prf_input,error_1_) = acc in ++ if (i >=. sz 0 && i <=. v_K) ++ then ++ domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i)) ++ else true in ++ let (domain_separator, prf_input, error_1_):acc_t v_K (v_ETA2) = ++ Rust_primitives.Iterators.foldi_range #_ #(acc_t v_K (v_ETA2)) #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- (domain_separator, error_1_, prf_input +- <: +- (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & t_Array u8 (sz 33)) +- ) ++ (domain_separator, prf_input, error_1_) + (fun temp_0_ i -> +- let domain_separator, error_1_, prf_input:(u8 & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & +- t_Array u8 (sz 33)) = ++ let domain_separator, prf_input, error_1_:acc_t v_K (v_ETA2) = + temp_0_ + in + let i:usize = i in +@@ -77,49 +81,46 @@ + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ + i +- (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2 ++ (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2 + (Rust_primitives.unsize prf_output <: t_Slice u8) + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) + in +- domain_separator, error_1_, prf_input +- <: +- (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & +- t_Array u8 (sz 33))) ++ domain_separator, prf_input, error_1_) + in +- let hax_temp_output:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = error_1_ in ++ let hax_temp_output:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = error_1_ in ++ admit(); //P-F + prf_input, domain_separator, hax_temp_output + <: +- (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ (t_Array u8 (sz 33) & u8 & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA2)) v_K) + +-let sample_vector_cbd_then_ntt ++#push-options "--split_queries no --z3rlimit 300" ++let sample_vector_cbd_then_ntt (#p:Spec.Kyber.params) + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) +- (prf_input: t_Array u8 (sz 33)) +- (domain_separator: u8) +- = +- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ (prf_input: t_Array u8 (sz 33)) domain_separator = ++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat (wfZero) v_K ++ in ++ let orig_domain_separator = domain_separator in ++ [@ inline_let] ++ let inv: (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K) -> usize -> Type = fun acc i -> ++ let (domain_separator,prf_input,re_as_ntt) = acc in ++ if (i >=. sz 0 && i <=. v_K) ++ then ++ domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i)) ++ else true in ++ let (domain_separator, prf_input, re_as_ntt):(u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K)= ++ Rust_primitives.Iterators.foldi_range #_ #_ #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- (domain_separator, prf_input, re_as_ntt +- <: +- (u8 & t_Array u8 (sz 33) & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- ) ++ (domain_separator, prf_input, re_as_ntt) + (fun temp_0_ i -> + let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = + temp_0_ + in + let i:usize = i in +@@ -133,64 +134,74 @@ + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA ++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1) = ++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA + (Rust_primitives.unsize prf_output <: t_Slice u8) + in +- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b r in ++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt + i + (Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element r + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in + domain_separator, prf_input, re_as_ntt + <: + (u8 & t_Array u8 (sz 33) & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)) + in ++ admit(); //P-F + re_as_ntt, domain_separator + <: +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) + +-let compress_then_serialize_u +- (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) +- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- = ++ ++let compress_then_serialize_u #p v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN input = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let orig_out = out in ++ let acc_t = t_Array u8 v_OUT_LEN in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in + let out:t_Array u8 v_OUT_LEN = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Iter.Traits.Collect.f_into_iter input +- <: +- Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv ++ input + out + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in +- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in ++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in ++ assert (i <. v_K); ++ assert (v i + 1 <= v v_K); ++ assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN); ++ assert (((v i + 1) * (v v_OUT_LEN / v v_K)) <= v v_OUT_LEN); ++ assert (v_OUT_LEN /! v_K == Spec.Kyber.v_C1_BLOCK_SIZE p); ++ assert (range (v i * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype); ++ assert (range ((v i + 1) * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype); ++ assert ((Core.Ops.Range.impl_index_range_slice u8 usize_inttype).in_range out ++ { ++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; ++ Core.Ops.Range.f_end ++ = ++ (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize ++ }); ++ assert (((i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p) -! (i *! Spec.Kyber.v_C1_BLOCK_SIZE p) == Spec.Kyber.v_C1_BLOCK_SIZE p); + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ +- Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; +- Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize ++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; ++ Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (out.[ { +- Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; ++ Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; + Core.Ops.Range.f_end + = +- (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize +- } +- <: +- Core.Ops.Range.t_Range usize ] ++ (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize ++ } ] + <: + t_Slice u8) +- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u ++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u #p + v_COMPRESSION_FACTOR + v_BLOCK_LEN + re +@@ -203,201 +214,234 @@ + <: + t_Array u8 v_OUT_LEN) + in ++ admit();//P-F + out + +-let deserialize_then_decompress_u +- (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) +- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- = +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8) +- ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! ++#push-options "--split_queries always" ++let deserialize_then_decompress_u (#p:Spec.Kyber.params) ++ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize) ++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat wfZero v_K ++ in ++ let acc_t1 = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in ++ [@ inline_let] ++ let inv = fun (acc:acc_t1) (i:usize) -> True in ++ let sl : t_Slice u8 = ciphertext.[ ++ { Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in ++ assert (length sl == v_VECTOR_U_ENCODED_SIZE); ++ let chunk_len = ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: +- usize) +- <: +- Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ usize) in ++ FStar.Math.Lemmas.cancel_mul_mod (v p.v_RANK) (v (Spec.Kyber.v_C1_BLOCK_SIZE p)) ; ++ assert (v chunk_len == v (Spec.Kyber.v_C1_BLOCK_SIZE p)); ++ assert (Seq.length sl % v (Spec.Kyber.v_C1_BLOCK_SIZE p) = 0); ++ assert (Seq.length sl == v (Spec.Kyber.v_C1_SIZE p)); ++ assert (Seq.length sl / v (Spec.Kyber.v_C1_BLOCK_SIZE p) == v v_K); ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t1 #inv ++ sl ++ chunk_len + u_as_ntt + (fun u_as_ntt temp_1_ -> +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = + u_as_ntt + in +- let i, u_bytes:(usize & t_Slice u8) = temp_1_ in +- let u:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let i, u_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in ++ let u:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR + u_bytes + in +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ assert (v i < v v_K); ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt + i + (Libcrux.Kem.Kyber.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR u + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in + u_as_ntt) + in ++ admit(); //P-F + u_as_ntt ++#pop-options + +-let deserialize_public_key (v_K: usize) (public_key: t_Slice u8) = +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact public_key +- Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT +- <: +- Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++#push-options "--z3rlimit 200" ++let deserialize_public_key (#p:Spec.Kyber.params) ++ (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat wfZero v_K ++ in ++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in ++ let sl : t_Slice u8 = public_key.[ ++ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in ++ let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv ++ sl ++ chunk_len + tt_as_ntt + (fun tt_as_ntt temp_1_ -> +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = + tt_as_ntt + in +- let i, tt_as_ntt_bytes:(usize & t_Slice u8) = temp_1_ in ++ let i, tt_as_ntt_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element tt_as_ntt_bytes + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + in +- tt_as_ntt +- +-let deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) = +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact secret_key +- Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT +- <: +- Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ admit(); //P-F ++ tt_as_ntt ++#pop-options ++ ++#push-options "--split_queries always" ++let deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) = ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat wfZero v_K ++ in ++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in ++ let sl : t_Slice u8 = secret_key in ++ let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in ++ assert(v chunk_len == 384); ++ assert(Seq.length secret_key == v (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)); ++ assert(Seq.length secret_key == (v v_K * 256 * 12)/8); ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv ++ sl ++ chunk_len + secret_as_ntt + (fun secret_as_ntt temp_1_ -> +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = + secret_as_ntt + in +- let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in ++ let i, secret_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt + i + (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element secret_bytes + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + in ++ admit(); //P-F + secret_as_ntt ++#pop-options + +-let decrypt ++#push-options "--z3rlimit 400 --split_queries no" ++let decrypt #p + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (secret_key: t_Slice u8) +- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- = +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext ++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ deserialize_then_decompress_u #p v_K ++ v_CIPHERTEXT_SIZE ++ v_VECTOR_U_ENCODED_SIZE ++ v_U_COMPRESSION_FACTOR ++ ciphertext + in +- let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR ++ let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v #p v_V_COMPRESSION_FACTOR + (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + in +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- deserialize_secret_key v_K secret_key ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ deserialize_secret_key #p v_K secret_key + in +- let message:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Matrix.compute_message v_K v secret_as_ntt u_as_ntt ++ let message:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Matrix.compute_message #p v_K v secret_as_ntt u_as_ntt + in +- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message +- +-let encrypt +- (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: +- usize) ++ let res = Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message in ++ res ++#pop-options ++ ++#push-options "--z3rlimit 200" ++let encrypt #p ++ v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) +- (randomness: t_Slice u8) +- = +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- deserialize_public_key v_K public_key ++ (randomness: t_Slice u8) = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ deserialize_public_key #p v_K v_T_AS_NTT_ENCODED_SIZE public_key + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = +- Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K + (into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in +- let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & ++ let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & + u8) = +- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy ++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + in ++ assert (v domain_separator == v v_K); + let tmp0, tmp1, out:(t_Array u8 (sz 33) & u8 & +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = +- sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ sample_vector_cbd #p v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator + in + let prf_input:t_Array u8 (sz 33) = tmp0 in + let domain_separator:u8 = tmp1 in +- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = out in ++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = out in + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + in ++ assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator))); ++ assert (prf_input == Seq.append randomness (Seq.create 1 domain_separator)); + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2 ++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1) = ++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2 + (Rust_primitives.unsize prf_output <: t_Slice u8) + in +- let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Libcrux.Kem.Kyber.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_ ++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b error_2_ in ++ let u:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Libcrux.Kem.Kyber.Matrix.compute_vector_u #p v_K v_A_transpose r_as_ntt error_1_ + in +- let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message message + in +- let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Matrix.compute_ring_element_v v_K ++ let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Matrix.compute_ring_element_v #p v_K + tt_as_ntt + r_as_ntt + error_2_ + message_as_ring_element + in + let c1:t_Array u8 v_C1_LEN = +- compress_then_serialize_u v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u ++ compress_then_serialize_u #p v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u + in + let c2:t_Array u8 v_C2_LEN = +- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR ++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v #p v_V_COMPRESSION_FACTOR + v_C2_LEN + v + in ++ assert (v_C1_LEN = Spec.Kyber.v_C1_SIZE p); ++ assert (v_C2_LEN = Spec.Kyber.v_C2_SIZE p); ++ assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN); ++ assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE); + let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE = + into_padded_array v_CIPHERTEXT_SIZE (Rust_primitives.unsize c1 <: t_Slice u8) + in +@@ -413,28 +457,25 @@ + <: + t_Slice u8) + in ++ lemma_slice_append ciphertext c1 c2; + ciphertext ++#pop-options + +-let serialize_secret_key ++let serialize_secret_key (#p:Spec.Kyber.params) + (v_K v_OUT_LEN: usize) +- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- = ++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let orig_out = out in ++ let acc_t = t_Array u8 v_OUT_LEN in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in + let out:t_Array u8 v_OUT_LEN = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Iter.Traits.Collect.f_into_iter key +- <: +- Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv ++ key + out + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in +- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in ++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start +@@ -473,13 +514,14 @@ + <: + t_Array u8 v_OUT_LEN) + in ++ admit(); //P-F + out + +-let serialize_public_key ++ ++let serialize_public_key (#p:Spec.Kyber.params) + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- (seed_for_a: t_Slice u8) +- = ++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (seed_for_a: t_Slice u8) = + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + in +@@ -496,7 +538,7 @@ + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) +- (Rust_primitives.unsize (serialize_secret_key v_K ++ (Rust_primitives.unsize (serialize_secret_key #p v_K + v_RANKED_BYTES_PER_RING_ELEMENT + tt_as_ntt + <: +@@ -522,42 +564,49 @@ + <: + t_Slice u8) + in ++ lemma_slice_append public_key_serialized ++ (Spec.Kyber.vector_encode_12 (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt)) ++ seed_for_a; + public_key_serialized + +-let generate_keypair ++ ++let generate_keypair #p + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) +- (key_generation_seed: t_Slice u8) +- = ++ (key_generation_seed: t_Slice u8) = + let hashed:t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = +- Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K + (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + true + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + into_padded_array (sz 33) seed_for_secret_and_error + in +- let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + v_K & + u8) = +- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy ++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + in +- let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) = +- sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator ++ let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) = ++ sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator + in +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Libcrux.Kem.Kyber.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Libcrux.Kem.Kyber.Matrix.compute_As_plus_e #p v_K v_A_transpose secret_as_ntt error_as_ntt + in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = +- serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A ++ serialize_public_key #p v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = +- serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt ++ serialize_secret_key #p v_K v_PRIVATE_KEY_SIZE secret_as_ntt + in ++ let res = + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) ++ in ++ res ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.478791573 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.532789439 +0100 +@@ -1,80 +1,152 @@ + module Libcrux.Kem.Kyber.Ind_cpa +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" + open Core + open FStar.Mul + +-val into_padded_array (v_LEN: usize) (slice: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) ++val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : ++ Pure (t_Array u8 v_LEN) ++ (requires (length slice <=. v_LEN)) ++ (ensures (fun res -> Seq.slice res 0 (Seq.length slice) == slice)) + +-val sample_ring_element_cbd ++val sample_vector_cbd (#p:Spec.Kyber.params) + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) +- : Prims.Pure +- (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires v domain_separator <= v v_K /\ v_K <=. sz 4 /\ ++ v_K = p.v_RANK /\ v_ETA2 = p.v_ETA2 /\ ++ v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p) ++ (ensures (fun (prf,ds,x) -> v ds == v domain_separator + v v_K /\ ++ Seq.slice prf 0 32 == Seq.slice prf_input 0 32 /\ ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x == ++ Spec.Kyber.sample_vector_cbd #p (Seq.slice prf_input 0 32) (sz (v domain_separator)))) + +-val sample_vector_cbd_then_ntt ++ ++val sample_vector_cbd_then_ntt (#p:Spec.Kyber.params) + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (prf_input: t_Array u8 (sz 33)) +- (domain_separator: u8) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (domain_separator: u8{v domain_separator <= v v_K /\ v_K <=. sz 4}) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) ++ (requires (v_K == p.v_RANK /\ v_ETA == p.v_ETA1 /\ v_ETA_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p)) ++ (ensures (fun (x,ds) -> v ds == v domain_separator + v v_K /\ ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x == ++ Spec.Kyber.sample_vector_cbd_then_ntt #p (Seq.slice prf_input 0 32) (sz (v domain_separator)))) + +-val compress_then_serialize_u ++val compress_then_serialize_u (#p:Spec.Kyber.params) + (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) +- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ : Pure (t_Array u8 v_OUT_LEN) ++ (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_C1_SIZE p /\ ++ v_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ ++ v_BLOCK_LEN = Spec.Kyber.v_C1_BLOCK_SIZE p)) ++ (ensures (fun res -> ++ res == Spec.Kyber.compress_then_encode_u p ++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p input))) + +-val deserialize_then_decompress_u +- (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) ++val deserialize_then_decompress_u (#p:Spec.Kyber.params) ++ (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_public_key (v_K: usize) (public_key: t_Slice u8) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires v_K == p.v_RANK /\ ++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ ++ v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\ ++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR) ++ (ensures fun res -> ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res == ++ Spec.Kyber.(vector_ntt (decode_then_decompress_u p (Seq.slice ciphertext 0 (v (Spec.Kyber.v_C1_SIZE p)))))) ++ ++val deserialize_public_key (#p:Spec.Kyber.params) ++ (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires v_K == p.v_RANK /\ ++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p) ++ (ensures fun res -> ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b res == ++ Spec.Kyber.vector_decode_12 #p (slice public_key (sz 0) v_T_AS_NTT_ENCODED_SIZE)) ++ ++val deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires v_K == p.v_RANK /\ ++ length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p) ++ (ensures fun res -> ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res == ++ Spec.Kyber.vector_decode_12 #p secret_key) ++ + +-val decrypt ++val decrypt (#p:Spec.Kyber.params) + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (secret_key: t_Slice u8) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 (sz 32)) ++ (requires (v_K == p.v_RANK /\ ++ length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ ++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ ++ v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\ ++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ ++ v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR)) ++ (ensures (fun res -> ++ res == Spec.Kyber.ind_cpa_decrypt p secret_key ciphertext)) ++ + +-val encrypt ++val encrypt (#p:Spec.Kyber.params) + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) +- (randomness: t_Slice u8) +- : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) +- +-val serialize_secret_key ++ (randomness: t_Slice u8{length randomness <. sz 33}) ++ : Pure (t_Array u8 v_CIPHERTEXT_SIZE) ++ (requires (v_K == p.v_RANK /\ ++ v_ETA1 = p.v_ETA1 /\ ++ v_ETA1_RANDOMNESS_SIZE = Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ ++ v_ETA2 = p.v_ETA2 /\ ++ v_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p /\ ++ v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ ++ v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ ++ v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR /\ ++ length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ length randomness == Spec.Kyber.v_SHARED_SECRET_SIZE /\ ++ v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ ++ v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\ ++ v_C1_LEN == Spec.Kyber.v_C1_SIZE p /\ ++ v_C2_LEN == Spec.Kyber.v_C2_SIZE p)) ++ (ensures (fun ct -> ct == Spec.Kyber.ind_cpa_encrypt p public_key message randomness)) ++ ++val serialize_secret_key (#p:Spec.Kyber.params) + (v_K v_OUT_LEN: usize) +- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val serialize_public_key ++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ : Pure (t_Array u8 v_OUT_LEN) ++ (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) ++ (ensures (fun res -> ++ res == Spec.Kyber.vector_encode_12 #p ++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p key))) ++ ++val serialize_public_key (#p:Spec.Kyber.params) + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + (seed_for_a: t_Slice u8) +- : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 v_PUBLIC_KEY_SIZE) ++ (requires (v_K == p.v_RANK /\ ++ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\ ++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ length seed_for_a == sz 32)) ++ (ensures (fun res -> res == Seq.append (Spec.Kyber.vector_encode_12 ++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt)) ++ seed_for_a)) + +-val generate_keypair ++val generate_keypair (#p:Spec.Kyber.params) + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (key_generation_seed: t_Slice u8) +- : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) ++ (requires (v_K == p.v_RANK /\ ++ v_ETA1 == p.v_ETA1 /\ ++ v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ ++ v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ ++ v_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ ++ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\ ++ length key_generation_seed == Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE)) ++ (ensures (fun (sk,pk) -> (sk,pk) == Spec.Kyber.ind_cpa_generate_keypair p key_generation_seed)) ++ ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.477791613 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.495790901 +0100 +@@ -3,22 +3,23 @@ + open Core + open FStar.Mul + +-let decapsulate_1024_ ++let decapsulate_1024_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) +- = +- Libcrux.Kem.Kyber.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) = ++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber1024_params ++ (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext + + let encapsulate_1024_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) +- (randomness: t_Array u8 (sz 32)) +- = +- Libcrux.Kem.Kyber.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) ++ (randomness: t_Array u8 (sz 32)) = ++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber1024_params ++ (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) + (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair (sz 4) ++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber1024_params ++ (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.439793114 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.485791296 +0100 +@@ -5,20 +5,21 @@ + + let decapsulate_512_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) +- = +- Libcrux.Kem.Kyber.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) = ++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber512_params ++ (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext + + let encapsulate_512_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) +- (randomness: t_Array u8 (sz 32)) +- = +- Libcrux.Kem.Kyber.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) ++ (randomness: t_Array u8 (sz 32)) = ++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber512_params ++ (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) + (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair (sz 2) ++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber512_params ++ (sz 2) + (sz 768) + (sz 1632) + (sz 800) +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.434793312 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.487791217 +0100 +@@ -3,22 +3,24 @@ + open Core + open FStar.Mul + ++ + let decapsulate_768_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) +- = +- Libcrux.Kem.Kyber.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) = ++ Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber768_params ++ (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext + + let encapsulate_768_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) +- (randomness: t_Array u8 (sz 32)) +- = +- Libcrux.Kem.Kyber.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) ++ (randomness: t_Array u8 (sz 32)) = ++ Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber768_params ++ (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) + (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair (sz 3) ++ Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber768_params ++ (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.468791968 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.488791178 +0100 +@@ -74,16 +74,19 @@ + val decapsulate_768_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++ : Pure (t_Array u8 (sz 32)) ++ (requires True) ++ (ensures (fun res -> res == Spec.Kyber.kyber768_decapsulate secret_key.f_value ciphertext.f_value)) + + val encapsulate_768_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) ++ (requires True) ++ (ensures (fun (ct,ss)-> (ct.f_value,ss) == Spec.Kyber.kyber768_encapsulate public_key.f_value randomness)) + + val generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) ++ (requires (True)) ++ (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.453792561 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.498790783 +0100 +@@ -3,192 +3,188 @@ + open Core + open FStar.Mul + +-let compute_As_plus_e +- (v_K: usize) +- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) +- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- = +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A +- <: +- t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Slice.Iter.t_Iter +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) ++open Libcrux.Kem.Kyber.Arithmetic ++ ++let op_Array_Access (x:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) (i:usize{v i < 256}): i32 = ++ x.f_coefficients.[i] ++ ++ ++#push-options "--ifuel 0 --z3rlimit 700" ++let compute_As_plus_e v_K matrix_A s_as_ntt error_as_ntt = ++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in ++ let result:t_Array wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat wfZero v_K ++ in ++ [@ inline_let] ++ let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) -> ++ (v i <= v v_K) /\ ++ (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero) ++ in ++ assert (inv0 result (sz 0)); ++ let result:t_Array wfPolynomialRingElement v_K = ++ Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #(t_Array wfPolynomialRingElement v_K) #inv0 ++ matrix_A + result + (fun result temp_1_ -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in +- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = ++ let orig_result = result in ++ let orig_result_cast = (cast_vector_b #v_K #3328 #(v v_K * 3328) orig_result) in ++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = + temp_1_ + in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter (Rust_primitives.unsize row +- <: +- t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- <: +- Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) +- result ++ [@ inline_let] ++ let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) -> ++ (v inner <= v v_K) /\ ++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) (v inner * 3328)) ++ in ++ assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0); ++ assert(inv1 orig_result_cast (sz 0)); ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = ++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv1 ++ row ++ orig_result_cast + (fun result temp_1_ -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- result +- in + let j, matrix_element:(usize & +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = + temp_1_ + in +- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let resulti = down_cast_poly_b #(v v_K * 3328) #(v j * 3328) result.[i] in ++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply matrix_element +- (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) = ++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K ++ resulti ++ product) in ++ let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(v v_K * 3328) product_sum in ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K +- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- product +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ product_sum + in + result) + in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end +- = +- Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) ++ let result1 = result in ++ [@ inline_let] ++ let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) -> ++ (v inner <= 256) /\ ++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)).f_coefficients.[j] 3328)) ++ // And all indexes above v inner are unchanged from result1 ++ in ++ assert (inv2 result1 (sz 0)); ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = ++ Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv2 { ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ } + result +- (fun result j -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- result +- in ++ (fun result j -> ++ let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = result in + let j:usize = j in +- let coefficient_normal_form:i32 = +- Libcrux.Kem.Kyber.Arithmetic.to_standard_domain ((result.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] +- <: +- i32) ++ let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) in ++ let coefficient_normal_form: i32_b ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) = ++ Libcrux.Kem.Kyber.Arithmetic.to_standard_domain #(v v_K * 3328) (resulti ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) + in ++ assert ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665 <= 1940); ++ let coefficient_normal_form: i32_b 1940 = cast_i32_b #((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) #1940 coefficient_normal_form in ++ let x1: i32_b 3328 = (error_as_ntt.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] in ++ let x2: i32_b 5268 = add_i32_b coefficient_normal_form x1 in ++ assert (5268 <= v v_BARRETT_R /\ v v_BARRETT_R < pow2 31); ++ let x3: i32_b (v v_BARRETT_R) = cast_i32_b #5268 #(v v_BARRETT_R) x2 in ++ let resultij: i32_b 3328 = Libcrux.Kem.Kyber.Arithmetic.barrett_reduce x3 in ++ let resultij: i32_b (v v_K * 3328) = cast_i32_b #3328 #(v v_K * 3328) resultij in ++ let resulti_coeffs = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize ++ (resulti.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ j resultij in ++ let result = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i + ({ +- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with ++ resulti with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- j +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +! +- ((error_as_ntt.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] +- <: +- i32) +- <: +- i32) +- <: +- i32) +- <: +- t_Array i32 (sz 256) ++ = resulti_coeffs + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))) +- in +- result ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K*3328)) in ++ assert ((result.[i]).f_coefficients.[j] == resultij); ++ assert(inv2 result (j +! sz 1)); ++ let result: x:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K{inv2 x (j +! mk_int 1)} = result in ++ result) in ++ assert (v i + 1 < v v_K ==> result.[i +! sz 1] == orig_result_cast.[i +! sz 1]); ++ let result: t_Array wfPolynomialRingElement v_K = ++ down_cast_vector_b #v_K #(v v_K * 3328) #3328 result in ++ assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]); ++ assume (inv0 result (i +! sz 1)); ++ result) ++ in ++ admit(); //P-F ++ result ++#pop-options + +-let compute_message +- (v_K: usize) +- (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- = +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++#push-options "--ifuel 0 --z3rlimit 100" ++let compute_message #p v_K m_v secret_as_ntt u_as_ntt = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> ++ (v i <= v v_K) /\ ++ (poly_range #(v v_K * 3328) acc (v i * 3328)) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = ++ Rust_primitives.Iterators.foldi_range #_ #acc_t #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- result ++ result + (fun result i -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in + let i:usize = i in +- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let result:t_PolynomialRingElement_b (v i * 3328) = ++ down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in ++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply (secret_as_ntt.[ i ] + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i+1) * 3328) = + Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product + in ++ let result = cast_poly_b #((v i + 1) * 3328) #(v v_K * 3328) result in ++ assert(inv result (i +! sz 1)); + result) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result ++ let acc_t = t_PolynomialRingElement_b (64*v v_K*3328) in ++ let result:acc_t = Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> ++ (v i <= 256) /\ ++ (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K*3328) = ++ Rust_primitives.Iterators.foldi_range #_ #_ #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- result ++ result + (fun result i -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in + let i:usize = i in +- let coefficient_normal_form:i32 = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) *! +- 1441l +- <: +- i32) +- in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- result with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((v ++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 ++ result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in ++ let resulti : i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((m_v + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] + <: + i32) -! +@@ -196,81 +192,77 @@ + <: + i32) + <: +- i32) ++ i32) in ++ let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in ++ let result = ++ { ++ result with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ i resulti + } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in ++ assert (inv result (i +! sz 1)); + result) + in ++ admit(); //P-F + result ++#pop-options + +-let compute_ring_element_v +- (v_K: usize) +- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++#push-options "--ifuel 0 --z3rlimit 100" ++let compute_ring_element_v v_K tt_as_ntt r_as_ntt error_2_ message = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ [@ inline_let] ++ let inv = fun (acc:t_PolynomialRingElement_b (v v_K * 3328)) (i:usize) -> ++ (v i <= 256) /\ ++ (poly_range acc (v i * 3328)) in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = ++ Rust_primitives.Iterators.foldi_range #_ #_ #inv ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- <: +- Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- let i:usize = i in +- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply (tt_as_ntt.[ i ] + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let result:t_PolynomialRingElement_b (v i * 3328) = ++ down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i + 1) * 3328) = + Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product + in +- result) ++ cast_poly_b result) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) = + Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ [@ inline_let] ++ let inv = fun (acc:t_PolynomialRingElement_b (64 * v v_K * 3328)) (i:usize) -> ++ (v i <= 256) /\ ++ (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) = ++ Rust_primitives.Iterators.foldi_range #_ #_ #inv { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- result ++ result + (fun result i -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- let i:usize = i in +- let coefficient_normal_form:i32 = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) *! +- 1441l +- <: +- i32) +- in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- result with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +! ++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 ++ result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in ++ let resulti : i32_b 3328 = ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +! + (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) + <: + i32) +! +@@ -278,157 +270,151 @@ + <: + i32) + <: +- i32) ++ i32) in ++ let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in ++ let result = ++ { ++ result with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ i resulti + } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + result) + in ++ admit(); //P-F + result ++#pop-options + ++#push-options "--ifuel 0 --z3rlimit 300" + let compute_vector_u + (v_K: usize) +- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) +- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- = +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K +- in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt +- <: +- t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Slice.Iter.t_Iter +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) ++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) ++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat wfZero v_K ++ in ++ let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in ++ [@ inline_let] ++ let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) -> ++ (v i <= v v_K) /\ ++ (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero) ++ in ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #acc_t #inv0 ++ a_as_ntt + result + (fun result temp_1_ -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in +- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = result in ++ let orig_result = result in ++ let orig_result_cast = (cast_vector_b #v_K #3328 #(64 * v v_K * 3328) orig_result) in ++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = + temp_1_ + in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter (Rust_primitives.unsize row +- <: +- t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- <: +- Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate +- (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) +- result ++ [@ inline_let] ++ let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) (inner:usize) -> ++ (v inner <= v v_K) /\ ++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) (v inner * 3328)) ++ in ++ assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0); ++ assert(inv1 orig_result_cast (sz 0)); ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K = ++ Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) #inv1 ++ row ++ orig_result_cast + (fun result temp_1_ -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- result +- in +- let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = + temp_1_ + in +- let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let resulti = down_cast_poly_b #(64 * v v_K * 3328) #(v j * 3328) result.[i] in ++ let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply a_element +- (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) = ++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K ++ resulti ++ product) in ++ let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(64 * v v_K * 3328) product_sum in ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K +- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- product +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ product_sum + in + result) + in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); ++ assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); ++ let resulti : t_PolynomialRingElement_b (v v_K * 3328) = down_cast_poly_b result.[i] in ++ let result = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K +- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end +- = +- Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) ++ (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K resulti) ++ in ++ [@ inline_let] ++ let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) (inner:usize) -> ++ (v inner <= 256) /\ ++ (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ ++ (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] 3328)) ++ // And all indexes above v inner are unchanged from result1 ++ in ++ assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); ++ assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); ++ assert (inv2 result (sz 0)); ++ let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = ++ Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) #inv2 { ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ } + result + (fun result j -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- result +- in +- let j:usize = j in +- let coefficient_normal_form:i32 = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (((result.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] +- <: +- i32) *! +- 1441l +- <: +- i32) +- in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = result in ++ let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) in ++ let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ++ (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 ++ (resulti <: t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in ++ let resultij: i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ++ (add_i32_b coefficient_normal_form ((error_1_.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]))) in ++ let result = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i + ({ +- (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with ++ resulti with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients + = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (resulti ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients) + j +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +! +- ((error_1_.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] +- <: +- i32) +- <: +- i32) +- <: +- i32) +- <: +- t_Array i32 (sz 256) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- in +- result)) ++ (cast_i32_b #3328 #(64 * v v_K * 3328) resultij) ++ }) in ++ result) ++ in ++ let result: t_Array wfPolynomialRingElement v_K = ++ down_cast_vector_b #v_K #(64 * v v_K * 3328) #3328 result in ++ assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]); ++ assume (inv0 result (i +! sz 1)); ++ result) + in ++ admit(); //P-F + result ++#pop-options + + let sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) = +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = +- Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- v_K +- <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- v_K ++ let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat wfZero v_K) v_K + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K +@@ -440,7 +426,7 @@ + v_A_transpose + (fun v_A_transpose i -> + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = + v_A_transpose + in + let i:usize = i in +@@ -496,11 +482,11 @@ + v_A_transpose + (fun v_A_transpose j -> + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = + v_A_transpose + in + let j:usize = j in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ] + <: + t_Array u8 (sz 840)) +@@ -508,33 +494,34 @@ + if transpose + then + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose + j + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j + ] + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + i + sampled + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + in + v_A_transpose + else + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i + ] + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + j + sampled + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) + in + v_A_transpose)) + in ++ admit(); //P-F + v_A_transpose +diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.440793075 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.515790111 +0100 +@@ -3,39 +3,71 @@ + open Core + open FStar.Mul + +-val compute_As_plus_e ++ ++val compute_As_plus_e (#p:Spec.Kyber.params) + (v_K: usize) +- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) +- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) ++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires (v_K == p.v_RANK)) ++ (ensures fun res -> ++ let open Libcrux.Kem.Kyber.Arithmetic in ++ v_K == p.v_RANK /\ ++ to_spec_vector_b #p res = ++ Spec.Kyber.compute_As_plus_e #p ++ (to_spec_matrix_b #p matrix_A) ++ (to_spec_vector_b #p s_as_ntt) ++ (to_spec_vector_b #p error_as_ntt)) ++ + +-val compute_message ++val compute_message (#p:Spec.Kyber.params) + (v_K: usize) +- (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (poly_v: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires (v_K == p.v_RANK)) ++ (ensures (fun res -> ++ let secret_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p secret_as_ntt in ++ let u_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p u_as_ntt in ++ let v_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b poly_v in ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == ++ Spec.Kyber.(poly_sub v_spec (poly_inv_ntt #p (vector_dot_product secret_spec u_spec))))) + +-val compute_ring_element_v ++// TODO: error_2_ changed from `t_PolynomialRingElement_b 3` to `t_PolynomialRingElement_b 7` ++val compute_ring_element_v (#p:Spec.Kyber.params) + (v_K: usize) +- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (error_2_: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7) ++ (message: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires (v_K == p.v_RANK)) ++ (ensures fun res -> ++ let tt_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt in ++ let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in ++ let e2_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b error_2_ in ++ let m_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b message in ++ let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res in ++ res_spec == Spec.Kyber.(poly_add (poly_add (vector_dot_product tt_spec r_spec) e2_spec) m_spec)) + +-val compute_vector_u ++val compute_vector_u (#p:Spec.Kyber.params) + (v_K: usize) +- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) +- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) +- : Prims.Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) ++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (requires (v_K == p.v_RANK)) ++ (ensures fun res -> ++ let a_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p a_as_ntt in ++ let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in ++ let e_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p error_1_ in ++ let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res in ++ res_spec == Spec.Kyber.(vector_add (vector_inv_ntt (matrix_vector_mul a_spec r_spec)) e_spec)) ++ ++ ++ ++val sample_matrix_A (#p:Spec.Kyber.params) (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) ++ : Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) ++ (requires (v_K == p.v_RANK)) ++ (ensures fun res -> ++ let matrix_A = Spec.Kyber.sample_matrix_A #p (Seq.slice seed 0 32) in ++ if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A ++ else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) +diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.447792798 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.504790546 +0100 +@@ -1,56 +1,130 @@ + module Libcrux.Kem.Kyber.Ntt +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" + open Core + open FStar.Mul + +-let ntt_multiply_binomials (a0, a1: (i32 & i32)) (b0, b1: (i32 & i32)) (zeta: i32) = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b0 <: i32) +! +- ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b1 <: i32) <: i32) *! zeta <: i32) +- <: +- i32), +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b1 <: i32) +! (a1 *! b0 <: i32) <: i32) +- <: +- (i32 & i32) +- +-let invert_ntt_at_layer +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- = ++ ++let v_ZETAS_TIMES_MONTGOMERY_R = ++ let list : list (i32_b 1664) = ++ [ ++ (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; ++ 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); ++ (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; ++ (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; ++ 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; ++ (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; ++ 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; ++ (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); ++ (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; ++ (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); ++ (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l ++ ] ++ in ++ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); ++ FStar.Pervasives.assert_norm (List.Tot.index list 1 == -758l); ++ Seq.of_list list ++ ++open Libcrux.Kem.Kyber.Arithmetic ++ ++#push-options "--z3rlimit 50" ++let ntt_multiply_binomials (a0,a1) (b0,b1) zeta = ++ let r0 = montgomery_reduce (mul_i32_b a1 b1) in ++ let res = ++ montgomery_reduce (add_i32_b (mul_i32_b a0 b0) (mul_i32_b r0 zeta)), ++ montgomery_reduce (add_i32_b (mul_i32_b a0 b1) (mul_i32_b a1 b0)) in ++ res ++#pop-options ++ ++val mul_zeta_red (#v_K:usize{v v_K >= 1 /\ v v_K <= 4}) ++ (#b:nat{b <= v v_K * 3328 * 64}) ++ (zeta_i:usize{v zeta_i > 0 /\ v zeta_i <= 128} ) ++ (layer:usize{v layer > 0 /\ ++ v layer <= 7 /\ ++ v zeta_i == pow2 (8 - v layer) /\ ++ b == v v_K * 3328 * pow2(v layer - 1)}) ++ (x:i32_b (2*b)) ++ (i:usize{v i < 128 / pow2 (v layer)}) : ++ i32_b (2*b) ++let mul_zeta_red #v_K #b zeta_i layer x i = ++ let zeta_i = zeta_i -! sz 1 -! i in ++ let zeta:i32_b 1664 = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in ++ if layer <=. sz 6 then ( ++ assert (b <= 4 * 3328 * 32); ++ assert (2*b*1664 < pow2 31); ++ let product:i32_b (2 * b * 1664) = mul_i32_b x zeta in ++ let res = montgomery_reduce product in ++ res ++ ) else ( ++ assert (v i < 1); ++ assert (zeta_i = sz 1); ++ assert (zeta = -758l); ++ let zeta:i32_b 758 = zeta in ++ let product:i32_b (2 * b * 758) = mul_i32_b x zeta in ++ let res = montgomery_reduce product in ++ res ++ ) ++ ++ ++val lemma_zeta_decr: orig:usize -> fin:usize -> layer:usize{v layer <= 7} -> ++ Lemma (v fin == v orig - 128/(pow2 (v layer)) /\ ++ v orig == pow2 (8 - v layer) ==> ++ v fin == pow2 (7 - v layer)) ++let lemma_zeta_decr orig fin layer = () ++ ++#push-options "--ifuel 0 --z3rlimit 1200" ++let invert_ntt_at_layer #v_K #b zeta_i re layer = + let step:usize = sz 1 < 0); ++ assert (v step == pow2 (v layer)); ++ let orig_re = re in ++ let orig_zeta_i = zeta_i in ++ [@ inline_let] ++ let inv = fun (acc:t_PolynomialRingElement_b (2*b) & usize) (i:usize) -> ++ let (re,zeta_i) = acc in ++ v zeta_i == v orig_zeta_i - v i /\ ++ (forall k. (v k >= 2 * v i * v step (* + 2 * v step *)) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]) ++ in ++ let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = ++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (2*b) & usize) #inv { + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 128 >>! layer <: usize ++ Core.Ops.Range.f_end = sz 128 /! step + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ (cast_poly_b #b #(2*b) re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize)) + (fun temp_0_ round -> +- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in ++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = temp_0_ in + let round:usize = round in ++ let orig_re_round = re in + let zeta_i:usize = zeta_i -! sz 1 in +- let offset:usize = (round *! step <: usize) *! sz 2 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ assert(v round * v step < 128); ++ assert(v round * v step + v step <= 128); ++ assert(v round * v step * 2 <= 254); ++ assert(v round * v step * 2 + 2 * v step <= 256); ++ let offset:usize = (round *! step) *! sz 2 in ++ assert (v offset + 2 * v step <= 256); ++ assert (v offset + v step <= 256); ++ assert (forall k. v k >= v offset ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); ++ [@ inline_let] ++ let inv = fun (acc:t_PolynomialRingElement_b (2 * b)) (i:usize) -> ++ (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\ ++ (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = ++ Rust_primitives.Iterators.foldi_range #_ #_ #inv { + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! step <: usize +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) ++ } + re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = re in ++ assert (re.f_coefficients.[j] == orig_re_round.f_coefficients.[j]); ++ assert (re.f_coefficients.[j +! step] == orig_re_round.f_coefficients.[j +! step]); ++ assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]); ++ assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]); ++ let re_j:i32_b b = orig_re.f_coefficients.[j] in ++ let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in + let j:usize = j in +- let a_minus_b:i32 = +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] <: i32) -! +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let a_minus_b:i32_b (2*b) = sub_i32_b re_j_step re_j in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -58,17 +132,13 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] +- <: +- i32) +- <: +- i32) ++ (add_i32_b re_j re_j_step) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let red = mul_zeta_red #v_K #b orig_zeta_i layer a_minus_b round in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -76,74 +146,69 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! step <: usize) +- (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! +- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) +- <: +- i32) +- <: +- i32) ++ red + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) + in + re) + in +- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ re, zeta_i <: t_PolynomialRingElement_b (2*b) & usize) + in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = re in ++ lemma_zeta_decr orig_zeta_i zeta_i layer; ++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) ++#pop-options + +-let invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++#push-options "--z3rlimit 500" ++let invert_ntt_montgomery v_K re = + let _:Prims.unit = () <: Prims.unit in ++ let b = v v_K * 3328 in ++ assert (v v_K <= 4); ++ assert (b <= 4 * 3328); + let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 1) ++ assert (v zeta_i == pow2 (8 - 1)); ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) = ++ invert_ntt_at_layer #v_K #b zeta_i re (sz 1) + in + let zeta_i:usize = tmp0 in +- let hoist1:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist1 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 2) ++ let hoist1 = out in ++ let re = hoist1 in ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (4*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 2) + in + let zeta_i:usize = tmp0 in +- let hoist2:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist2 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 3) ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 3) + in + let zeta_i:usize = tmp0 in +- let hoist3:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist3 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 4) ++ assert (8*b = v v_K * 3328 * pow2 (4 - 1)); ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (16*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 4) + in + let zeta_i:usize = tmp0 in +- let hoist4:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist4 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 5) ++ assert (16*b == v v_K * 3328 * pow2 (5 - 1)); ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (32*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 5) + in + let zeta_i:usize = tmp0 in +- let hoist5:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist5 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 6) ++ assert (32*b = v v_K * 3328 * pow2 (6 - 1)); ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 6) + in + let zeta_i:usize = tmp0 in +- let hoist6:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist6 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- invert_ntt_at_layer zeta_i re (sz 7) ++ assert (64*b = v v_K * 3328 * pow2 (7 - 1)); ++ let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b)) = ++ invert_ntt_at_layer #v_K zeta_i re (sz 7) + in + let zeta_i:usize = tmp0 in +- let hoist7:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist7 in + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ admit(); ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 2 ++ Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize) +@@ -151,7 +216,7 @@ + Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b) = re in + let i:usize = i in + { + re with +@@ -170,52 +235,84 @@ + t_Array i32 (sz 256) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) + in +- re ++ re ++#pop-options + +-let ntt_at_layer +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer v__initial_coefficient_bound: usize) +- = +- let step:usize = sz 1 <= 0 /\ v zeta_i <= 63} ) ++ (layer:usize{v layer > 0 /\ ++ v layer <= 7 /\ ++ v zeta_i == pow2 (7 - v layer) - 1}) ++ (x:i32_b b) ++ (i:usize{v i < 128/(pow2 (v layer))}) ++ : i32_b 3328 ++let mul_zeta_red2 #b zeta_i layer x i = ++ let zeta_i = zeta_i +! sz 1 +! i in ++ let zeta = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in ++ assert (b * 1664 < 65536 * 3328); ++ let red = Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer #(3328+b) #1664 x ++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) in ++ red ++#pop-options ++ ++#push-options "--ifuel 0 --z3rlimit 5000" ++let ntt_at_layer #b zeta_i re layer initial_coefficient_bound = ++ let step = sz 1 < ++ let (re,zeta_i) = acc in ++ v zeta_i == v orig_zeta_i + v i /\ ++ (forall k. v k >= 2 * v i * v step ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]) ++ in ++ let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = ++ Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (3328+b) & usize) #inv { + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 128 >>! layer <: usize ++ Core.Ops.Range.f_end = loop_end + } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ (cast_poly_b #b #(3328+b) re, zeta_i) + (fun temp_0_ round -> +- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in ++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = temp_0_ in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in +- let offset:usize = (round *! step <: usize) *! sz 2 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ assert(v round * v step < 128); ++ assert(v round * v step + v step <= 128); ++ assert(v round * v step * 2 <= 254); ++ assert(v round * v step * 2 + 2 * v step <= 256); ++ let offset:usize = (round *! step) *! sz 2 in ++ assert (v offset + 2 * v step <= 256); ++ assert (v offset + v step <= 256); ++ [@ inline_let] ++ let inv: t_PolynomialRingElement_b (3328+b) -> int_t usize_inttype -> Type0 = ++ fun (acc:t_PolynomialRingElement_b (3328+b)) (i:usize) -> ++ (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\ ++ (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) ++ in ++ assert (forall k. (v k >= v offset /\ v k < v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); ++ assert (forall k. (v k >= v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); ++ assert (inv re offset); ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+ b) = ++ Rust_primitives.Iterators.foldi_range #usize_inttype #(t_PolynomialRingElement_b (3328+b)) #inv { + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! step <: usize +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) ++ } + re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in + let j:usize = j in +- let t:i32 = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_fe_by_fer (re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] +- <: +- i32) +- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]); ++ assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]); ++ let re_j:i32_b b = orig_re.f_coefficients.[j] in ++ let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in ++ let t:i32_b 3328 = mul_zeta_red2 #b orig_zeta_i layer ++ re_j_step round in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -223,12 +320,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! step <: usize) +- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32) ++ (sub_i32_b #b #3328 re_j_step t) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -236,64 +333,70 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32) ++ (add_i32_b #b #3328 re_j t) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) + in + re) + in +- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize)) + in + let _:Prims.unit = () <: Prims.unit in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in ++ assert (v zeta_i = v orig_zeta_i + 128/v step); ++ assert (v zeta_i = v orig_zeta_i + pow2(7 - v layer)); ++ assert (v zeta_i = pow2(8 - v layer) - 1); ++ zeta_i, hax_temp_output ++#pop-options + +-let ntt_at_layer_3_ +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- = +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- ntt_at_layer zeta_i re layer (sz 3) ++let ntt_at_layer_3_ #b zeta_i re layer = ++ let tmp0, out = ++ ntt_at_layer zeta_i re layer (sz 7879) + in + let zeta_i:usize = tmp0 in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- +-let ntt_at_layer_3328_ +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- = +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let hax_temp_output = out in ++ zeta_i, hax_temp_output ++ ++let ntt_at_layer_3328_ zeta_i re layer = ++ let tmp0, out = + ntt_at_layer zeta_i re layer (sz 3328) + in + let zeta_i:usize = tmp0 in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ let hax_temp_output = out in ++ zeta_i, hax_temp_output + +-let ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++#push-options "--ifuel 0 --z3rlimit 1500" ++#restart-solver ++let ntt_binomially_sampled_ring_element re = + let _:Prims.unit = () <: Prims.unit in + let zeta_i:usize = sz 1 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ [@ inline_let] ++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207)) (i:usize) -> ++ (v i <= 128) /\ ++ (forall (j:usize). (v j >= v i /\ v j < 128) ==> ++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) /\ ++ (forall (j:usize). (v j >= v i + 128 /\ v j < 256) ==> ++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in ++ assert (inv re (sz 0)); ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = ++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207) #inv ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 128 + } + <: + Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- re ++ (cast_poly_b re) + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in + let j:usize = j in +- let t:i32 = +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ] <: i32) *! +- (-1600l) ++ let t:i32_b (7*1600) = ++ mul_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ]) ++ (-1600l <: i32_b 1600) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -301,12 +404,10 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! sz 128 <: usize) +- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32) ++ (sub_i32_b #7 #11200 (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32_b 7) t) + } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -314,90 +415,76 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32) ++ (add_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) t) + } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + let _:Prims.unit = () <: Prims.unit in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ assert (v zeta_i = pow2 (7 - 6) - 1); ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 6) + in +- let zeta_i:usize = tmp0 in +- let hoist8:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist8 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 5) + in +- let zeta_i:usize = tmp0 in +- let hoist9:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist9 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 4) + in +- let zeta_i:usize = tmp0 in +- let hoist10:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist10 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 3) + in +- let zeta_i:usize = tmp0 in +- let hoist11:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist11 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 2) + in +- let zeta_i:usize = tmp0 in +- let hoist12:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist12 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3_ zeta_i re (sz 1) + in +- let zeta_i:usize = tmp0 in +- let hoist13:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist13 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in ++ [@ inline_let] ++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207))) (i:usize) -> ++ (v i <= 256) /\ ++ (forall (j:usize). (v j < v i) ==> ++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)).f_coefficients.[j] 3328) ++ in ++ assert (inv re (sz 0)); ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = ++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)) #inv ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } + <: + Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in ++ let rei:i32_b (v v_BARRETT_R) = cast_i32_b #(6*3328+11207) #(v v_BARRETT_R) (re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]) in ++ let rei: i32_b (6*3328+11207) = cast_i32_b #3328 #(6*3328+11207) ( ++ Libcrux.Kem.Kyber.Arithmetic.barrett_reduce rei) in + let i:usize = i in ++ let re_coeffs:t_Array (i32_b (6*3328+11207)) (sz 256) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ i rei in + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) +- <: +- i32) +- <: +- t_Array i32 (sz 256) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = re_coeffs ++ }) + in +- re ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = down_cast_poly_b #(6*3328+11207) #3328 re in ++ re ++#pop-options ++ + +-let ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++#push-options "--z3rlimit 100" ++let ntt_multiply lhs rhs = + let _:Prims.unit = () <: Prims.unit in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 1 = + Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end +@@ -408,34 +495,31 @@ + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) +- out ++ (cast_poly_b out) + (fun out i -> +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = out in + let i:usize = i in +- let product:(i32 & i32) = ++ assert (v i * 4 + 4 <= 256); ++ let product = + ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i + <: + usize ] + <: +- i32), ++ i32_b 3328), + (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1 + <: + usize ] + <: +- i32) +- <: +- (i32 & i32)) +- ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32), ++ i32_b 3328)) ++ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32_b 3328), + (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1 + <: + usize ] + <: +- i32) +- <: +- (i32 & i32)) +- (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32) ++ i32_b 3328)) ++ (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32_b 1664) + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -446,9 +530,9 @@ + product._1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -459,41 +543,29 @@ + product._2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 + in +- let product:(i32 & i32) = ++ let product = + ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i + <: + usize) +! + sz 2 + <: +- usize ] +- <: +- i32), ++ usize ]), + (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3 + <: +- usize ] +- <: +- i32) +- <: +- (i32 & i32)) ++ usize ])) ++ + ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 2 + <: +- usize ] +- <: +- i32), ++ usize ]), + (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3 + <: +- usize ] +- <: +- i32) +- <: +- (i32 & i32)) +- (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32) +- <: +- i32) ++ usize ])) ++ (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ]) <: i32_b 1664) ++ + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -504,9 +576,9 @@ + product._1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -517,72 +589,55 @@ + product._2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 + in + out) + in + out ++#pop-options + +-let ntt_vector_u +- (v_VECTOR_U_COMPRESSION_FACTOR: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = ++#push-options "--ifuel 0 --z3rlimit 200" ++let ntt_vector_u v_VECTOR_U_COMPRESSION_FACTOR re = + let _:Prims.unit = () <: Prims.unit in + let zeta_i:usize = sz 0 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 7) + in +- let zeta_i:usize = tmp0 in +- let hoist14:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist14 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 6) + in +- let zeta_i:usize = tmp0 in +- let hoist15:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist15 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 5) + in +- let zeta_i:usize = tmp0 in +- let hoist16:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist16 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 4) + in +- let zeta_i:usize = tmp0 in +- let hoist17:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist17 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 3) + in +- let zeta_i:usize = tmp0 in +- let hoist18:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist18 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 2) + in +- let zeta_i:usize = tmp0 in +- let hoist19:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist19 in +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let zeta_i, re = + ntt_at_layer_3328_ zeta_i re (sz 1) + in +- let zeta_i:usize = tmp0 in +- let hoist20:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist20 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ [@ inline_let] ++ let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))) (i:usize) -> ++ (v i <= 256) /\ ++ (forall (j:usize). (v j < v i) ==> ++ i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)).f_coefficients.[j] 3328) ++ in ++ assert (inv re (sz 0)); ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = ++ Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) #inv ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } + <: + Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = re in + let i:usize = i in + { + re with +@@ -592,15 +647,10 @@ + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + i + (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) +- <: +- i32) +- <: +- t_Array i32 (sz 256) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ])) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) + in +- re ++ down_cast_poly_b #(8*3328) #3328 re ++#pop-options +diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.451792640 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.497790822 +0100 +@@ -2,223 +2,80 @@ + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul ++open Libcrux.Kem.Kyber.Arithmetic + +-let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 128) = +- let list = +- [ +- (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; +- 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); +- (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; +- (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; +- 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; +- (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; +- 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; +- (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); +- (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; +- (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); +- (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l +- ] +- in +- FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); +- Rust_primitives.Hax.array_of_list list +- +-val ntt_multiply_binomials: (i32 & i32) -> (i32 & i32) -> zeta: i32 +- -> Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) +- +-val invert_ntt_at_layer +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) ++val v_ZETAS_TIMES_MONTGOMERY_R: x:t_Array (i32_b 1664) (sz 128){v (x.[sz 1] <: i32) == -758} + +-val ntt_at_layer +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer v__initial_coefficient_bound: usize) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++val ntt_multiply_binomials (a:wfFieldElement&wfFieldElement) (b: wfFieldElement&wfFieldElement) (zeta: i32_b 1664) : ++ Pure (wfFieldElement & wfFieldElement) ++ (requires True) ++ (ensures (fun _ -> True)) ++ ++val invert_ntt_at_layer (#v_K:usize{v v_K >= 1 /\ v v_K <= 4}) ++ (#b:nat{b <= v v_K * 3328 * 64}) ++ (zeta_i: usize{v zeta_i >= 1 /\ v zeta_i <= 128}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) ++ (layer: usize{v layer > 0 /\ ++ v layer <= 7 /\ ++ v zeta_i == pow2 (8 - v layer) /\ ++ b == v v_K * 3328 * pow2(v layer - 1)}) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) + Prims.l_True +- (fun _ -> Prims.l_True) ++ (fun x -> let (zeta_fin,re) = x in v zeta_fin == pow2 (7 - v layer)) + +-val ntt_at_layer_3_ +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++val invert_ntt_montgomery (v_K: usize{v v_K >= 1 /\ v v_K <= 4}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) ++ : Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) ++ ++val ntt_at_layer ++ (#b:nat{b <= 31175}) ++ (zeta_i: usize{v zeta_i < 128}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) ++ (layer: usize{v layer > 0 /\ ++ v layer <= 7 /\ ++ v zeta_i == pow2 (7 - v layer) - 1}) ++ (initial_coefficient_bound: usize{b == (7 - v layer) * 3328 + v initial_coefficient_bound}) ++ : Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) ++ (requires True) ++ (ensures fun (zeta_i, result) -> v zeta_i == pow2 (8 - v layer) - 1) ++ ++val ntt_at_layer_3_ (#b:nat) ++ (zeta_i: usize{v zeta_i < 128}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) ++ (layer: usize{v layer > 0 /\ ++ v layer <= 6 /\ ++ v zeta_i == pow2 (7 - v layer) - 1 /\ ++ b == (6 - v layer) * 3328 + 11207}) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) + Prims.l_True +- (fun _ -> Prims.l_True) ++ (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1) + +-val ntt_at_layer_3328_ +- (zeta_i: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- (layer: usize) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++val ntt_at_layer_3328_ (#b:nat{b <= 7*3328}) ++ (zeta_i: usize{v zeta_i < 128}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) ++ (layer: usize{v layer > 0 /\ ++ v layer <= 7 /\ ++ v zeta_i == pow2 (7 - v layer) - 1 /\ ++ b == (7 - v layer) * 3328 + 3328}) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) + Prims.l_True +- (fun _ -> Prims.l_True) +- +-val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- (requires +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) +- <: +- i32) <=. +- 3l +- <: +- bool) +- <: +- bool)) +- (ensures +- fun result -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ +- i ] +- <: +- i32) +- <: +- i32) <. +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- bool) +- <: +- bool)) +- +-val ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- (requires +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) >=. 0l <: bool) && +- ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) <. 4096l <: bool +- ) && +- ((Core.Num.impl__i32__abs (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) +- <: +- i32) <=. +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- bool)) +- <: +- bool)) +- (ensures +- fun result -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ +- i ] +- <: +- i32) +- <: +- i32) <=. +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- bool) +- <: +- bool)) ++ (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1) + ++val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7) ++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires True) ++ (ensures (fun _ -> True)) ++ ++val ntt_multiply (lhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) ++ (rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) ++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) ++ (requires True) ++ (ensures (fun _ -> True)) ++ + val ntt_vector_u + (v_VECTOR_U_COMPRESSION_FACTOR: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- (requires +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) +- <: +- i32) <=. +- 3328l +- <: +- bool) +- <: +- bool)) +- (ensures +- fun result -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ +- i ] +- <: +- i32) +- <: +- i32) <. +- Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- <: +- bool) +- <: +- bool)) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) ++ : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires True) ++ (ensures fun _ -> True) ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.475791692 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.525789716 +0100 +@@ -3,27 +3,34 @@ + open Core + open FStar.Mul + +-let rejection_sampling_panic_with_diagnostic (_: Prims.unit) = ++let rejection_sampling_panic_with_diagnostic () : Prims.unit = ++ admit(); // This should never be reachable + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" + <: + Rust_primitives.Hax.t_Never) + ++#push-options "--ifuel 0 --z3rlimit 100" + let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) = +- let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ let sampled: t_PolynomialRingElement_b 3 = ++ cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ ++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in ++ let sl : t_Slice u8 = randomness in ++ let chunk_len = sz 4 in ++ assert (v (length sl) == 128); ++ assert (Seq.length sl == 128); ++ assert_norm (128 % 4 == 0); ++ let sampled = ++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv ++ sl ++ chunk_len + sampled + (fun sampled temp_1_ -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in +- let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in ++ let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in ++ assert(chunk_number <. sz 32); + let (random_bits_as_u32: u32):u32 = + (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. + ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in ++ logand_lemma (random_bits_as_u32 >>! 1l <: u32) 1431655765ul; ++ assert(odd_bits <=. 1431655765ul); + let coin_toss_outcomes:u32 = even_bits +! odd_bits in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by +- ({ ++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in ++ [@ inline_let] ++ let inv : acc_t -> u32 -> Type = fun acc i -> True in ++ Rust_primitives.Iterators.foldi_range_step_by #u32_inttype #(acc_t) #inv ({ + Core.Ops.Range.f_start = 0ul; + Core.Ops.Range.f_end = Core.Num.impl__u32__BITS +- } +- <: +- Core.Ops.Range.t_Range u32) +- (sz 4) +- <: +- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) +- <: +- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) ++ } ++ <: ++ Core.Ops.Range.t_Range u32) ++ (sz 4) + sampled + (fun sampled outcome_set -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in + let outcome_set:u32 = outcome_set in ++ assert (v outcome_set + 4 <= 32); ++ let out_1 = ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) in + let outcome_1_:i32 = +- cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i32 ++ cast out_1 <: i32 + in ++ let out_2 = ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) in + let outcome_2_:i32 = +- cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) +- <: +- i32 ++ cast out_2 <: i32 + in ++ logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; ++ assert (v out_1 >= 0); ++ assert (v out_1 <= 3); ++ assert (v outcome_1_ == v out_1 @% pow2 32); ++ Math.Lemmas.small_modulo_lemma_1 (v out_1) (pow2 32); ++ assert (v outcome_1_ == v out_1); ++ assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); ++ logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; ++ assert (v out_2 >= 0); ++ assert (v out_2 <= 3); ++ assert (v outcome_2_ == v out_2 @% pow2 32); ++ Math.Lemmas.small_modulo_lemma_1 (v out_2) (pow2 32); ++ assert (v outcome_2_ == v out_2); ++ assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); + let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ assert (outcome_set <. 32ul); ++ assert (v (outcome_set >>! 2l <: u32) = v outcome_set / 4); ++ assert (v (outcome_set >>! 2l <: u32) < 8); ++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 32); ++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 64); ++ assert (v offset < 8); ++ assert (8 * v chunk_number + 8 <= 256); ++ assert (8 * v chunk_number + v offset < 256); ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 = + { + sampled with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -73,29 +104,36 @@ + (outcome_1_ -! outcome_2_ <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 + in + sampled)) +- in +- let _:Prims.unit = () <: Prims.unit in +- sampled ++ in ++ let _:Prims.unit = () <: Prims.unit in ++ admit(); // P-F ++ sampled ++#pop-options + ++#push-options "--ifuel 0 --z3rlimit 200" + let sample_from_binomial_distribution_3_ (randomness: t_Slice u8) = +- let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ let sampled:t_PolynomialRingElement_b 7 = ++ (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) + in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) (i:usize) -> True in ++ let sl : t_Slice u8 = randomness in ++ let chunk_len = sz 3 in ++ assert (v (length sl) == 192); ++ assert (Seq.length sl == 192); ++ assert_norm (192 % 3 == 0); ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = ++ Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv ++ sl ++ chunk_len + sampled + (fun sampled temp_1_ -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in +- let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in ++ let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in + let (random_bits_as_u24: u32):u32 = + ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. + ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in ++ logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; ++ assert (second_bits <=. 2396745ul); + let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in ++ logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul; ++ assert (third_bits <=. 2396745ul); + let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by +- ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } +- <: +- Core.Ops.Range.t_Range i32) +- (sz 6) +- <: +- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) +- <: +- Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) ++ let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in ++ [@ inline_let] ++ let inv : acc_t -> i32 -> Type = fun acc i -> True in ++ Rust_primitives.Iterators.foldi_range_step_by #i32_inttype #(acc_t) #inv ({ ++ Core.Ops.Range.f_start = 0l; ++ Core.Ops.Range.f_end = 24l ++ } ++ <: ++ Core.Ops.Range.t_Range i32) ++ (sz 6) + sampled + (fun sampled outcome_set -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in + let outcome_set:i32 = outcome_set in + let outcome_1_:i32 = + cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i32 +@@ -128,8 +173,22 @@ + <: + i32 + in ++ logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; ++ Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32)) (pow2 32); ++ assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); ++ logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; ++ Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32)) (pow2 32); ++ assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); + let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ assert (outcome_set <. 24l); ++ assert (v (outcome_set /! 6l <: i32) = v outcome_set / 6); ++ assert (v (outcome_set /! 6l <: i32) < 4); ++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 32); ++ Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 64); ++ assert (v offset < 4); ++ assert (4 * v chunk_number + 4 <= 256); ++ assert (4 * v chunk_number + v offset < 256); ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = + { + sampled with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -140,15 +199,18 @@ + (outcome_1_ -! outcome_2_ <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 + in + sampled)) + in + let _:Prims.unit = () <: Prims.unit in ++ admit(); + sampled ++#pop-options + + let sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in ++ Rust_primitives.Integers.mk_int_equiv_lemma #u32_inttype (v v_ETA); + match cast (v_ETA <: usize) <: u32 with + | 2ul -> sample_from_binomial_distribution_2_ randomness + | 3ul -> sample_from_binomial_distribution_3_ randomness +@@ -158,46 +220,62 @@ + <: + Rust_primitives.Hax.t_Never) + ++#push-options "--z3rlimit 50" + let sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) = + let (sampled_coefficients: usize):usize = sz 0 in +- let (out: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ let (out: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in + let done:bool = false in +- let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & ++ let acc_t = (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) in ++ [@ inline_let] ++ let inv = fun (acc:acc_t) -> True in ++ let sl : t_Slice u8 = randomness in ++ let chunk_len = sz 3 in ++ let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & + usize) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks ( +- Rust_primitives.unsize randomness <: t_Slice u8) +- (sz 3) +- <: +- Core.Slice.Iter.t_Chunks u8) +- <: +- Core.Slice.Iter.t_Chunks u8) ++ Rust_primitives.Iterators.fold_chunks_exact #u8 #acc_t #inv ++ sl ++ chunk_len + (done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)) + (fun temp_0_ bytes -> + let done, out, sampled_coefficients:(bool & +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & + usize) = + temp_0_ + in +- let bytes:t_Slice u8 = bytes in ++ let bytes:t_Array u8 chunk_len = bytes in + if ~.done <: bool + then + let b1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let b2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in + let b3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ assert(v b1 >= 0 /\ v b1 < pow2 8); ++ assert(v b2 >= 0 /\ v b2 < pow2 8); ++ assert(v b3 >= 0 /\ v b3 < pow2 8); + let d1:i32 = ((b2 &. 15l <: i32) <= v b1); ++ assert (v d1 >= 0); + let d2:i32 = (b3 <>! 4l <: i32) in +- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & ++ logor_lemma (b3 <>! 4l <: i32); ++ assert (v d2 >= v b3 * pow2 4); ++ assert (v d2 >= 0); ++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & + usize) = + if + d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -208,23 +286,23 @@ + d1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in + out, sampled_coefficients +! sz 1 + <: +- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + else + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + in +- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & ++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & + usize) = + if + d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -235,31 +313,31 @@ + d2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in + let sampled_coefficients:usize = sampled_coefficients +! sz 1 in + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + else + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + in + if sampled_coefficients =. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then + let done:bool = true in + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + else + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) + else + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)) + in + let _:Prims.unit = + if ~.done +@@ -268,4 +346,5 @@ + () + in + let _:Prims.unit = () <: Prims.unit in +- out ++ out ++#pop-options +diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.432793391 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.523789795 +0100 +@@ -3,77 +3,37 @@ + open Core + open FStar.Mul + +-val rejection_sampling_panic_with_diagnostic: Prims.unit +- -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) ++open Libcrux.Kem.Kyber.Arithmetic + + val sample_from_binomial_distribution_2_ (randomness: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ : Prims.Pure (t_PolynomialRingElement_b 3) + (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (ensures + fun result -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ +- i ] +- <: +- i32) +- <: +- i32) <=. +- 2l +- <: +- bool) +- <: +- bool)) ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == ++ Spec.Kyber.sample_poly_binomial (sz 2) randomness) + + val sample_from_binomial_distribution_3_ (randomness: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ : Prims.Pure (t_PolynomialRingElement_b 7) + (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize)) + (ensures + fun result -> +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in +- Hax_lib.v_forall (fun i -> +- let i:usize = i in +- Hax_lib.implies (i <. +- (Core.Slice.impl__len (Rust_primitives.unsize result +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- <: +- usize) +- <: +- bool) +- (fun temp_0_ -> +- let _:Prims.unit = temp_0_ in +- (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ +- i ] +- <: +- i32) +- <: +- i32) <=. +- 3l +- <: +- bool) +- <: +- bool)) ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == ++ Spec.Kyber.sample_poly_binomial (sz 3) randomness) + +-val sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) ++val sample_from_binomial_distribution (#p:Spec.Kyber.params) ++ (v_ETA: usize) (randomness: t_Slice u8) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) ++ (requires (v_ETA = p.v_ETA1 \/ v_ETA = p.v_ETA2) /\ ++ (Core.Slice.impl__len randomness <: usize) =. (v_ETA *! sz 64 <: usize)) ++ (ensures ++ fun result -> ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == ++ Spec.Kyber.sample_poly_binomial v_ETA randomness) + + val sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ (requires True) ++ (ensures fun _ -> True) ++// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.473791771 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.484791336 +0100 +@@ -1,1301 +1,4 @@ + module Libcrux.Kem.Kyber.Serialize +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul + +-let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = +- let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in +- let coef2:u8 = +- ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) +- in +- let coef3:u8 = +- ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) +- in +- let coef4:u8 = +- ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) +- in +- let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in +- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) +- +-let compress_coefficients_11_ +- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +- i32) +- = +- let coef1:u8 = cast (coefficient1 <: i32) <: u8 in +- let coef2:u8 = +- ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) +- in +- let coef3:u8 = +- ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) +- in +- let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in +- let coef5:u8 = +- ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) +- in +- let coef6:u8 = +- ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) +- in +- let coef7:u8 = +- ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) +- in +- let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in +- let coef9:u8 = +- ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) +- in +- let coef10:u8 = +- ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) +- in +- let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in +- coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 +- <: +- (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +- +-let compress_coefficients_3_ (coefficient1 coefficient2: u16) = +- let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in +- let coef2:u8 = +- cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in +- coef1, coef2, coef3 <: (u8 & u8 & u8) +- +-let compress_coefficients_5_ +- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: +- u8) +- = +- let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) +- in +- let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in +- let coef4:u8 = +- (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) +- in +- let coef5:u8 = (coefficient8 <>! 2l <: u8) in +- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) +- +-let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = +- let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in +- let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in +- let coefficient4:i32 = (byte5 <>! 6l <: i32) in +- coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32) +- +-let decompress_coefficients_11_ +- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) +- = +- let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in +- let coefficient3:i32 = +- (((byte5 &. 1l <: i32) <>! 6l <: i32) +- in +- let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in +- let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in +- let coefficient6:i32 = +- (((byte9 &. 3l <: i32) <>! 7l <: i32) +- in +- let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in +- let coefficient8:i32 = (byte11 <>! 5l <: i32) in +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 +- <: +- (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- +-let decompress_coefficients_4_ (byte: u8) = +- let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in +- let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in +- coefficient1, coefficient2 <: (i32 & i32) +- +-let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = +- let coefficient1:i32 = byte1 &. 31l in +- let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in +- let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in +- let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in +- let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in +- let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in +- let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in +- let coefficient8:i32 = byte5 >>! 3l in +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 +- <: +- (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- +-let compress_then_serialize_10_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let serialized:t_Array u8 v_OUT_LEN = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 4) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- let coefficient1:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient2:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient3:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient4:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 +- ) +- <: +- u16) +- in +- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = +- compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 5 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- serialized) +- in +- serialized +- +-let compress_then_serialize_11_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let serialized:t_Array u8 v_OUT_LEN = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 8) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- let coefficient1:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient2:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient3:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient4:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient5:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient6:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient7:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient8:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 +- ) +- <: +- u16) +- in +- let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8) = +- compress_coefficients_11_ coefficient1 +- coefficient2 +- coefficient3 +- coefficient4 +- coefficient5 +- coefficient6 +- coefficient7 +- coefficient8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 11 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 5 <: usize) +- coef6 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 6 <: usize) +- coef7 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 7 <: usize) +- coef8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 8 <: usize) +- coef9 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 9 <: usize) +- coef10 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 10 <: usize) +- coef11 +- in +- serialized) +- in +- serialized +- +-let compress_then_serialize_4_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let serialized:t_Array u8 v_OUT_LEN = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 2) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- let coefficient1:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient2:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- i +- ((coefficient2 < +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- let coefficient1:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient2:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient3:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient4:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient5:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient6:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient7:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient8:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = +- compress_coefficients_5_ coefficient2 +- coefficient1 +- coefficient4 +- coefficient3 +- coefficient5 +- coefficient7 +- coefficient6 +- coefficient8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 5 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- serialized) +- in +- serialized +- +-let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in +- let serialized:t_Array u8 (sz 32) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 8) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 32) = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 32) = serialized in +- let j, coefficient:(usize & i32) = temp_1_ in +- let coefficient:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient +- in +- let coefficient_compressed:u8 = +- Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient +- in +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- i +- ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re +- | 11ul -> compress_then_serialize_11_ v_OUT_LEN re +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- +-let compress_then_serialize_ring_element_v +- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- = +- let _:Prims.unit = () <: Prims.unit in +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 4ul -> compress_then_serialize_4_ v_OUT_LEN re +- | 5ul -> compress_then_serialize_5_ v_OUT_LEN re +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- +-let deserialize_then_decompress_10_ (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) = +- decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 4 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 2 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 3 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- in +- re +- +-let deserialize_then_decompress_11_ (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in +- let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in +- let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in +- let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in +- let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in +- let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in +- let +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = +- decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 +- byte11 +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 8 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 2 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 3 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 4 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 5 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 6 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 7 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- in +- re +- +-let deserialize_then_decompress_4_ (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, byte:(usize & u8) = temp_1_ in +- let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 2 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 2 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- in +- re +- +-let deserialize_then_decompress_5_ (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = +- decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 8 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 2 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 3 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 4 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 5 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 6 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 7 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- in +- re +- +-let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Iter.Traits.Collect.f_into_iter serialized +- <: +- Core.Array.Iter.t_IntoIter u8 (sz 32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, byte:(usize & u8) = temp_1_ in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 8 +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- re +- (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let j:usize = j in +- let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! j <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed +- +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- in +- re +- +-let deserialize_then_decompress_ring_element_u +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- = +- let _:Prims.unit = () <: Prims.unit in +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 10ul -> deserialize_then_decompress_10_ serialized +- | 11ul -> deserialize_then_decompress_11_ serialized +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- +-let deserialize_then_decompress_ring_element_v +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- = +- let _:Prims.unit = () <: Prims.unit in +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 4ul -> deserialize_then_decompress_4_ serialized +- | 5ul -> deserialize_then_decompress_5_ serialized +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- +-let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 2 *! i <: usize) +- (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- in +- re) +- in +- re +- +-let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +- let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in +- let serialized:t_Array u8 (sz 384) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 2) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 384) = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in +- let coefficient1:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) +- in +- let coefficient2:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) +- in +- let coef1, coef2, coef3:(u8 & u8 & u8) = +- compress_coefficients_3_ coefficient1 coefficient2 +- in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 3 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 3 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 3 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- serialized) +- in +- serialized ++include Libcrux.Kem.Kyber.Serialize.PartA ++include Libcrux.Kem.Kyber.Serialize.PartB +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-30 10:40:46.436793233 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 +@@ -1,119 +0,0 @@ +-module Libcrux.Kem.Kyber.Serialize +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +- +-val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_coefficients_11_ +- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +- i32) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val compress_coefficients_3_ (coefficient1 coefficient2: u16) +- : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_coefficients_5_ +- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: +- u8) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) +- +-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) +- : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) +- +-val decompress_coefficients_11_ +- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) +- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val decompress_coefficients_4_ (byte: u8) +- : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) +- +-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) +- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val compress_then_serialize_10_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_11_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_4_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_5_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_ring_element_u +- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_ring_element_v +- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_10_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_11_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_4_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_5_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_ring_element_u +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_ring_element_v +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst +--- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-30 10:40:46.511790269 +0100 +@@ -0,0 +1,182 @@ ++module Libcrux.Kem.Kyber.Serialize.PartA ++#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" ++open Core ++open FStar.Mul ++ ++open Libcrux.Kem.Kyber.Arithmetic ++ ++open MkSeq ++ ++#push-options "--z3rlimit 50" ++let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = ++ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in ++ let coef2:u8 = ++ ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) ++ in ++ let coef3:u8 = ++ ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) ++ in ++ let coef4:u8 = ++ ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) ++ in ++ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in ++ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++#pop-options ++ ++#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" ++let compress_coefficients_11_ ++ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = ++ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in ++ let coef2:u8 = ++ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) ++ in ++ let coef3:u8 = ++ ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) ++ in ++ let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in ++ let coef5:u8 = ++ ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) ++ in ++ let coef6:u8 = ++ ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) ++ in ++ let coef7:u8 = ++ ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) ++ in ++ let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in ++ let coef9:u8 = ++ ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) ++ in ++ let coef10:u8 = ++ ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) ++ in ++ let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in ++ coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 ++ <: ++ (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) ++#pop-options ++ ++#push-options "--z3rlimit 20" ++let compress_coefficients_3_ coefficient1 coefficient2 = ++ let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in ++ get_bit_pow2_minus_one_u16 255 (sz 0); ++ let coef2:u8 = ++ cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in ++ coef1, coef2, coef3 <: (u8 & u8 & u8) ++#pop-options ++ ++#push-options "--z3rlimit 60 --split_queries always" ++let compress_coefficients_5_ ++ coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 ++ = ++ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) ++ in ++ let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in ++ let coef4:u8 = ++ (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) ++ in ++ let coef5:u8 = (coefficient8 <>! 2l <: u8) in ++ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++#pop-options ++ ++#push-options "--z3rlimit 500" ++let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = ++ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in ++ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in ++ let coefficient4:i32 = (byte5 <>! 6l <: i32) in ++ lemma_get_bit_bounded' coefficient1 10; ++ lemma_get_bit_bounded' coefficient2 10; ++ lemma_get_bit_bounded' coefficient3 10; ++ lemma_get_bit_bounded' coefficient4 10; ++ coefficient1, coefficient2, coefficient3, coefficient4 ++#pop-options ++ ++#push-options "--z3rlimit 300" ++let decompress_coefficients_11_ ++ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = ++ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in ++ let coefficient3:i32 = ++ (((byte5 &. 1l <: i32) <>! 6l <: i32) ++ in ++ let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in ++ let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in ++ let coefficient6:i32 = ++ (((byte9 &. 3l <: i32) <>! 7l <: i32) ++ in ++ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in ++ let coefficient8:i32 = (byte11 <>! 5l <: i32) in ++ lemma_get_bit_bounded' coefficient1 11; ++ lemma_get_bit_bounded' coefficient2 11; ++ lemma_get_bit_bounded' coefficient3 11; ++ lemma_get_bit_bounded' coefficient4 11; ++ lemma_get_bit_bounded' coefficient5 11; ++ lemma_get_bit_bounded' coefficient6 11; ++ lemma_get_bit_bounded' coefficient7 11; ++ lemma_get_bit_bounded' coefficient8 11; ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 ++#pop-options ++ ++#push-options "--z3rlimit 50" ++let decompress_coefficients_4_ byte = ++ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in ++ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in ++ lemma_get_bit_bounded' coefficient1 4; ++ lemma_get_bit_bounded' coefficient2 4; ++ coefficient1, coefficient2 ++#pop-options ++ ++#push-options "--z3rlimit 400" ++let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = ++ let coefficient1:i32 = byte1 &. 31l in ++ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in ++ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in ++ let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in ++ let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in ++ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in ++ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in ++ let coefficient8:i32 = byte5 >>! 3l in ++ lemma_get_bit_bounded' coefficient1 5; ++ lemma_get_bit_bounded' coefficient2 5; ++ lemma_get_bit_bounded' coefficient3 5; ++ lemma_get_bit_bounded' coefficient4 5; ++ lemma_get_bit_bounded' coefficient5 5; ++ lemma_get_bit_bounded' coefficient6 5; ++ lemma_get_bit_bounded' coefficient7 5; ++ lemma_get_bit_bounded' coefficient8 5; ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 ++#pop-options ++ +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti +--- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-30 10:40:46.510790309 +0100 +@@ -0,0 +1,91 @@ ++module Libcrux.Kem.Kyber.Serialize.PartA ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++open MkSeq ++ ++let int_arr_bitwise_eq ++ #t1 #t2 #n1 #n2 ++ (arr1: t_Array (int_t t1) n1) ++ (d1: bit_num t1) ++ (arr2: t_Array (x: int_t t2) n2) ++ (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) ++ = forall i. i < v n1 * d1 ++ ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i ++ ++val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 ++ (create5 tuple) 8 ++ ) ++ ++val compress_coefficients_11_ ++ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: ++ int_t_d i32_inttype 11) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 ++ (create11 tuple) 8 ++ ) ++ ++val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) ++ : Prims.Pure (u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create2 (coefficient1, coefficient2)) 12 ++ (create3 tuple) 8 ++ ) ++ ++val compress_coefficients_5_ ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 ++ (create5 tuple) 8 ++ ) ++ ++private unfold type i32_d = int_t_d i32_inttype ++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4) -> ++ int_arr_bitwise_eq ++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 ++ (create4 #i32 (r1, r2, r3, r4)) 10 ++ ) ++ ++val decompress_coefficients_11_ ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> ++ int_arr_bitwise_eq ++ (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 ++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 ++ ) ++ ++val decompress_coefficients_4_ (byte: u8) ++ : Prims.Pure (i32_d 4 & i32_d 4) ++ (requires True) ++ (ensures fun (r1, r2) -> ++ int_arr_bitwise_eq ++ (create1 byte) 8 ++ (create2 (r1, r2)) 4 ++ ) ++ ++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> ++ int_arr_bitwise_eq ++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 ++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 ++ ) +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst +--- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-30 10:40:46.507790427 +0100 +@@ -0,0 +1,1192 @@ ++module Libcrux.Kem.Kyber.Serialize.PartB ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++open MkSeq ++open Libcrux.Kem.Kyber.Serialize.PartA ++ ++let cast_bound_lemma ++ #t #u ++ (n: int_t t) ++ (d: bit_num t) ++ : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) ++ (ensures bounded (cast #(int_t t) #(int_t u) n) d) ++ [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] ++ = () ++ ++#push-options "--z3rlimit 60" ++let int_t_d_cast_lemma #t #u d (n: int_t_d t d) ++ : Lemma (requires bits t < bits u /\ v n >= 0) ++ (ensures bounded (cast #(int_t t) #(int_t u) n) d) ++ [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)] ++ = Math.Lemmas.pow2_double_mult (bits u - 1); ++ Math.Lemmas.small_mod (v n) (modulus u) ++let mul_in_range (n m: nat) ++ : Lemma ++ (requires n <= 256 /\ m <= 256) ++ (ensures range (n * m) usize_inttype) ++ = Math.Lemmas.pow2_plus 8 8; ++ Math.Lemmas.pow2_le_compat 32 16 ++#pop-options ++ ++#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" ++let compress_then_serialize_10_ ++ v_OUT_LEN ++ re ++ = ++ let accT = t_Array u8 v_OUT_LEN in ++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> ++ True ++ in ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 4) ++ (serialized) ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & _) = temp_1_ in ++ let coefficient1:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient2:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient3:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient4:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = ++ compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 5 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ serialized) ++ in ++ serialized ++#pop-options ++ ++#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" ++let update5 ++ #n ++ (s: t_Array 't n) ++ (offset: usize {v offset + 5 <= v n}) ++ (i0 i1 i2 i3 i4: 't) ++ : s': t_Array 't n { ++ Seq.index s' (v offset + 0) == i0 /\ ++ Seq.index s' (v offset + 1) == i1 /\ ++ Seq.index s' (v offset + 2) == i2 /\ ++ Seq.index s' (v offset + 3) == i3 /\ ++ Seq.index s' (v offset + 4) == i4 /\ ++ (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i) ++ } ++ = let open Rust_primitives.Hax.Monomorphized_update_at in ++ let s = update_at_usize s offset i0 in ++ let s = update_at_usize s (offset +! sz 1) i1 in ++ let s = update_at_usize s (offset +! sz 2) i2 in ++ let s = update_at_usize s (offset +! sz 3) i3 in ++ let s = update_at_usize s (offset +! sz 4) i4 in ++ s ++#pop-options ++ ++#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" ++let compress_then_serialize_11_ ++ v_OUT_LEN re ++ = ++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 8) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in ++ let coefficient1 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient2 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient3 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient4 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient5 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient6 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient7 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient8 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8) = ++ compress_coefficients_11_ coefficient1 ++ coefficient2 ++ coefficient3 ++ coefficient4 ++ coefficient5 ++ coefficient6 ++ coefficient7 ++ coefficient8 ++ in ++ assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11); ++ assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype); ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 11 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 5 <: usize) ++ coef6 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 6 <: usize) ++ coef7 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 7 <: usize) ++ coef8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 8 <: usize) ++ coef9 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 9 <: usize) ++ coef10 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 10 <: usize) ++ coef11 ++ in ++ serialized) ++ in ++ serialized ++#pop-options ++ ++let compress_then_serialize_4_ v_OUT_LEN re = ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let accT = t_Array u8 v_OUT_LEN in ++ let inv (acc: accT) (i: usize) = True in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 2) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in ++ let coefficient1:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient2:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ i ++ ((coefficient2 < ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in ++ let coefficient1:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient2:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient3:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient4:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient5:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient6:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient7:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32 in ++ let coefficient8:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = ++ compress_coefficients_5_ coefficient2 ++ coefficient1 ++ coefficient4 ++ coefficient3 ++ coefficient5 ++ coefficient7 ++ coefficient6 ++ coefficient8 ++ in ++ assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5); ++ assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype); ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 5 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ serialized) ++ in ++ serialized ++ ++let compress_then_serialize_message re = ++ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in ++ let accT = t_Array u8 (sz 32) in ++ let inv (acc: accT) (i: usize) = True in ++ let serialized:t_Array u8 (sz 32) = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 8) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 32) = serialized in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in ++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) ++ coefficients ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 32) = serialized in ++ let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in ++ let coefficient:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient ++ in ++ let coefficient_compressed:u8 = ++ Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient ++ in ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ i ++ ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re ++ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re = ++ let _:Prims.unit = () <: Prims.unit in ++ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); ++ let res = ++ assert ( ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/ ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5) ++ ); ++ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with ++ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re ++ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ in ++ admit (); // P-F ++ res ++ ++#push-options "--z3rlimit 160" ++let deserialize_then_decompress_10_ serialized = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in ++ let inv (acc: accT) (i: usize) = True in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ serialized ++ (sz 5) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in ++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let coefficient1, coefficient2, coefficient3, coefficient4 = ++ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 ++ in ++ let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 ++ <: ++ i32) in ++ let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 ++ <: ++ i32) in ++ let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 ++ <: ++ i32) in ++ let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 ++ <: ++ i32) in ++ assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256); ++ assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 4 *! i <: usize) ++ coefficient1 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 1 <: usize) ++ coefficient2 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 2 <: usize) ++ coefficient3 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 3 <: usize) ++ coefficient4 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ in ++ re ++#pop-options ++ ++#push-options "--z3rlimit 100 --ifuel 0" ++let deserialize_then_decompress_11_ serialized ++ : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) ++ serialized ++ (sz 11) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in ++ assert (v i < 32); ++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in ++ let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in ++ let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in ++ let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in ++ let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in ++ let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in ++ let ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 = ++ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 ++ byte11 ++ in ++ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in ++ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in ++ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in ++ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in ++ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in ++ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in ++ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in ++ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in ++ assert_spinoff (8 * v i + 8 <= 256); ++ assert_spinoff (range (v (sz 8) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 8 *! i <: usize) ++ coefficient1 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ coefficient2 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ coefficient3 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ coefficient4 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ coefficient5 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ coefficient6 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ coefficient7 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ coefficient8 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ in ++ re ++#pop-options ++ ++#push-options "--z3rlimit 100" ++let deserialize_then_decompress_4_ serialized = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) ++ serialized ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, byte:(usize & u8) = temp_1_ in ++ let coefficient1, coefficient2 = decompress_coefficients_4_ byte in ++ assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256); ++ assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 2 *! i <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 2 *! i <: usize) +! sz 1 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ in ++ re ++#pop-options ++ ++#push-options "--z3rlimit 150" ++let deserialize_then_decompress_5_ serialized = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) ++ serialized (sz 5) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in ++ assert (v i < 32); ++ let byte1 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 = ++ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 ++ in ++ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in ++ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in ++ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in ++ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 in ++ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 in ++ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 in ++ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 in ++ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 in ++ // assert (Seq.length serialized == 160); ++ // // assert_norm (160 / 5 == 32); ++ // assert_spinoff (v i < Seq.length serialized); ++ // assert (v i < 32); ++ assert_spinoff (v i < 32 ==> 8 * v i + 8 <= 256); ++ mul_in_range 8 (v i); ++ assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 8 *! i <: usize) ++ coefficient1 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ coefficient2 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ coefficient3 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ coefficient4 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ coefficient5 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ coefficient6 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ coefficient7 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ coefficient8 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ in ++ re ++#pop-options ++ ++#push-options "--z3rlimit 60" ++let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) ++ serialized ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, byte:(usize & u8) = temp_1_ in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end = sz 8 ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ re ++ (fun re j -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let j:usize = j in ++ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in ++ lemma_get_bit_bounded' coefficient_compressed 1; ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! j <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed ++ ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ in ++ admit(); //P-F ++ re ++#pop-options ++ ++let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized = ++ let _:Prims.unit = () <: Prims.unit in ++ mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); ++ assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11); ++ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with ++ | 10ul -> deserialize_then_decompress_10_ serialized ++ | 11ul -> deserialize_then_decompress_11_ serialized ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = ++ let _:Prims.unit = () <: Prims.unit in ++ mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR); ++ assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5); ++ let res = ++ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with ++ | 4ul -> deserialize_then_decompress_4_ serialized ++ | 5ul -> deserialize_then_decompress_5_ serialized ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ in ++ admit(); //P-F ++ res ++ ++#push-options "--z3rlimit 100" ++let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) ++ serialized ++ (sz 3) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in ++ let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let coef1 = (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) in ++ lemma_get_bit_bounded' coef1 11; ++ lemma_get_bit_bounded' coef2 11; ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 2 *! i <: usize) ++ coef1 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 2 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ in ++ re) ++ in ++ re ++#pop-options ++ ++#push-options "--z3rlimit 100" ++let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = ++ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 2) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 384) = serialized in ++ let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in ++ assert (v i < 128); ++ let coefficient1:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) ++ in ++ let coefficient2:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) ++ in ++ let coef1, coef2, coef3:(u8 & u8 & u8) = ++ compress_coefficients_3_ coefficient1 coefficient2 ++ in ++ assert_spinoff (3 * v i + 3 <= 384); ++ assert_spinoff (range (v (sz 3) * v i) usize_inttype); ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 3 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 3 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 3 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ serialized) ++ in ++ serialized ++#pop-options +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti +--- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-30 10:40:46.494790941 +0100 +@@ -0,0 +1,108 @@ ++module Libcrux.Kem.Kyber.Serialize.PartB ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++open MkSeq ++ ++val compress_then_serialize_10_ ++ (v_OUT_LEN: usize {v v_OUT_LEN >= 320}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_11_ ++ (v_OUT_LEN: usize {v v_OUT_LEN >= 352}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_4_ ++ (v_OUT_LEN: usize {v v_OUT_LEN >= 128}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_5_ ++ (v_OUT_LEN: usize {v v_OUT_LEN >= 160}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Pure (t_Array u8 (sz 32)) ++ (requires True) ++ (ensures (fun res -> ++ res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) ++ ++val compress_then_serialize_ring_element_u ++ (#p:Spec.Kyber.params) ++ (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11}) ++ (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR }) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : t_Array u8 v_OUT_LEN ++ ++val compress_then_serialize_ring_element_v (#p:Spec.Kyber.params) ++ (v_COMPRESSION_FACTOR: usize {v_COMPRESSION_FACTOR = sz 4 || v_COMPRESSION_FACTOR = sz 5}) ++ (v_OUT_LEN: usize {v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR}) ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Pure (t_Array u8 v_OUT_LEN) ++ (requires True) ++ (ensures (fun res -> ++ res == ++ Spec.Kyber.compress_then_encode_v p ++ (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) ++ ++val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320}) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352}) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128}) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_5_ ++ (serialized: t_Slice u8 {Seq.length serialized == 160}) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires True) ++ (ensures fun res -> ++ Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == ++ Spec.Kyber.decode_then_decompress_message serialized) ++ ++val deserialize_then_decompress_ring_element_u ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8 { ++ match v v_COMPRESSION_FACTOR with ++ | 10 -> Seq.length serialized == 320 ++ | 11 -> Seq.length serialized == 352 ++ | _ -> False ++ }) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11) ++ (ensures fun _ -> True) ++ ++val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params) ++ (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5}) ++ (serialized: t_Slice u8) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\ ++ length serialized == Spec.Kyber.v_C2_SIZE p)) ++ (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res ++ == Spec.Kyber.decode_then_decompress_v p serialized) ++ ++val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) ++ : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) ++ (ensures fun _ -> True) ++ ++val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ : Pure (t_Array u8 (sz 384)) ++ (requires True) ++ (ensures (fun res -> True)) +diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst +--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.450792679 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.500790704 +0100 +@@ -3,6 +3,8 @@ + open Core + open FStar.Mul + ++type t_Error = | Error_RejectionSampling : t_Error ++ + type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +@@ -50,7 +52,9 @@ + let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE + + let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) +- : (t_Slice u8 & t_Slice u8) = ++ : Pure (t_Slice u8 & t_Slice u8) ++ (requires (mid <=. v_SIZE)) ++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } +@@ -99,8 +103,11 @@ + + let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE + +-let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) +- : (t_Slice u8 & t_Slice u8) = ++val impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) ++ : Pure (t_Slice u8 & t_Slice u8) ++ (requires (mid <=. v_SIZE)) ++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) ++let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } +@@ -150,7 +157,9 @@ + let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE + + let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) +- : (t_Slice u8 & t_Slice u8) = ++ : Pure (t_Slice u8 & t_Slice u8) ++ (requires (mid <=. v_SIZE)) ++ (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { +diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti +--- extraction/Libcrux_platform.fsti 2024-01-30 10:40:46.456792442 +0100 ++++ extraction-edited/Libcrux_platform.fsti 2024-01-30 10:40:46.530789518 +0100 +@@ -1,4 +1,4 @@ + module Libcrux_platform + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + +-val simd256_support : unit -> bool ++val simd256_support: bool +diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +--- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/MkSeq.fst 2024-01-30 10:40:46.518789992 +0100 +@@ -0,0 +1,91 @@ ++module MkSeq ++open Core ++ ++open FStar.Tactics.V2 ++ ++private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a) ++ = let rec h (i: nat {i <= len}): Tac (list 'a) ++ = if i = len then [] else f i :: h (i + 1) ++ in h 0 ++ ++private let tuple_proj (n: nat) (i: nat): Tac term ++ = if n = 1 then `(id) else ++ let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in ++ Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) ++ ++private let tuple_type (n: nat): Tac term ++ = if n = 1 then `(id) else ++ let name = "tuple" ^ string_of_int n in ++ Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) ++ ++open Rust_primitives.Integers ++open Libcrux.Kem.Kyber.Arithmetic ++ ++// let create4 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10: 'a) ++// : Pure ++// (t_Array 'a (sz 11)) ++// (requires True) ++// (ensures fun (r: t_Array 'a (sz 11)) -> ++// r.[sz 0] == x0 /\ ++// r.[sz 1] == x1 /\ ++// r.[sz 2] == x2 /\ ++// r.[sz 3] == x3 /\ ++// r.[sz 4] == x4 /\ ++// r.[sz 5] == x5 /\ ++// r.[sz 6] == x6 /\ ++// r.[sz 7] == x7 /\ ++// True ++// ) ++// = Libcrux.Kem.Kyber.Arithmetic.createi ++// (sz 11) ++// (fun x -> match v x with ++// | 0 -> x0 ++// | 1 -> x1 ++// | 2 -> x2 ++// | 3 -> x3 ++// | 4 -> x4 ++// | 5 -> x5 ++// | 6 -> x6 ++// | 7 -> x7 ++// | 8 -> x8 ++// | 9 -> x9 ++// | 10 -> x10 ++// ) ++ ++private let create_gen_tac (n: nat): Tac sigelt ++ = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in ++ let typ = binder_to_term typ_bd in ++ let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in ++ let input_bd = fresh_binder_named "tup" input_typ in ++ let output_type = `t_Array (`#typ) (sz (`@n)) in ++ let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in ++ let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in ++ let post = ++ let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in ++ let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in ++ let bd = fresh_binder_named "s" output_type in ++ mk_abs [bd] (invs bd) ++ in ++ let comp = C_Eff [] ["Prims"; "Pure"] ++ (`t_Array (`#typ) (sz (`@n))) ++ [ (`(requires True), Q_Explicit); (post, Q_Explicit)] [] ++ in ++ let args = [typ_bd; input_bd] in ++ let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in ++ let indexes = ++ let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in ++ Tactics.fold_left mk_and (`True) (init n f) ++ in ++ let lb_def = mk_abs args (`( ++ let l = `#l in ++ let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in ++ FStar.Classical.forall_intro (Seq.lemma_index_is_nth s); ++ assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]); ++ s ++ )) in ++ let lb_typ = mk_arr args (pack_comp comp) in ++ let open FStar.List.Tot in ++ let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in ++ Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] } ++ ++%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) +diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst +--- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Spec.Kyber.fst 2024-01-30 10:40:46.528789597 +0100 +@@ -0,0 +1,426 @@ ++module Spec.Kyber ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++open Core ++open FStar.Mul ++ ++(** Utils *) ++let map' #a #b ++ (f:(x:a -> b)) ++ (s: t_Slice a): t_Slice b ++ = createi (length s) (fun i -> f (Seq.index s (v i))) ++ ++let flatten #t #n ++ (#m: usize {range (v n * v m) usize_inttype}) ++ (x: t_Array (t_Array t m) n) ++ : t_Array t (m *! n) ++ = createi (m *! n) (fun i -> Seq.index (Seq.index x (v i / v m)) (v i % v m)) ++ ++(** Constants *) ++let v_BITS_PER_COEFFICIENT: usize = sz 12 ++ ++let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 ++ ++let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 ++ ++let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 ++ ++let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 ++ ++let v_FIELD_MODULUS: i32 = 3329l ++ ++let v_H_DIGEST_SIZE: usize = sz 32 ++// Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) ++ ++let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 ++ ++let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE ++ ++type params_ = { ++ v_RANK: usize; ++ v_ETA1: usize; ++ v_ETA2: usize; ++ v_VECTOR_U_COMPRESSION_FACTOR: usize; ++ v_VECTOR_V_COMPRESSION_FACTOR: usize; ++} ++ ++let valid_params p = ++ (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) && ++ (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) && ++ p.v_ETA2 =. sz 2 && ++ (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) && ++ (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5) ++ ++let params = p:params_{valid_params p} ++ ++val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192} ++let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64 ++ ++val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128} ++let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64 ++ ++val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} ++let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT ++ ++val v_T_AS_NTT_ENCODED_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} ++let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p ++ ++val v_CPA_PKE_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} ++let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p ++ ++val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} ++let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32 ++ ++val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} ++let v_SECRET_KEY_SIZE (p:params) = ++ (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) ++ ++val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR} ++let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR ++ ++val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 \/ u <=. sz 1448) /\ ++ v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK} ++let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK ++ ++val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR } ++let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR ++ ++val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)} ++let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p ++ ++val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE + ++ v (v_CPA_PKE_CIPHERTEXT_SIZE p)} ++let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) = ++ v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p ++ ++val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64} ++let v_KEY_GENERATION_SEED_SIZE: usize = ++ v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! ++ v_SHARED_SECRET_SIZE ++ ++(** Types *) ++ ++type t_Error = | Error_RejectionSampling : t_Error ++ ++type t_Result a b = ++ | Ok: a -> t_Result a b ++ | Err: b -> t_Result a b ++ ++type t_KyberPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p) ++type t_KyberPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p) ++type t_KyberKeyPair (p:params) = t_KyberPrivateKey p & t_KyberPublicKey p ++ ++type t_KyberCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p) ++type t_KyberCPAKeyPair (p:params) = t_KyberCPAPrivateKey p & t_KyberPublicKey p ++ ++type t_KyberCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p) ++type t_KyberSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) ++ ++(** Utility and Hash Function *) ++assume val v_G (input: t_Slice u8) : t_Array u8 (sz 64) ++assume val v_H (input: t_Slice u8) : t_Array u8 (sz 32) ++assume val v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN ++let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input ++assume val v_XOF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN ++ ++(** Kyber Math and Sampling *) ++ ++type field_element = n:nat{n < v v_FIELD_MODULUS} ++type polynomial = arr: t_Array nat (sz 256) {forall i. Seq.index arr i < v v_FIELD_MODULUS} ++type vector (p:params) = t_Array polynomial p.v_RANK ++type matrix (p:params) = t_Array (vector p) p.v_RANK ++ ++assume val poly_add: polynomial -> polynomial -> polynomial ++assume val poly_sub: polynomial -> polynomial -> polynomial ++assume val vector_add: #p:params -> vector p -> vector p -> vector p ++assume val vector_dot_product: #p:params -> vector p -> vector p -> polynomial ++ ++assume val matrix_transpose: #p:params -> matrix p -> matrix p ++assume val matrix_vector_mul: #p:params -> matrix p -> vector p -> vector p ++val compute_As_plus_e: #p:params -> a:matrix p -> s:vector p -> e:vector p -> vector p ++let compute_As_plus_e #p a s e = vector_add (matrix_vector_mul a s) e ++ ++assume val poly_inv_ntt: #p:params -> polynomial -> polynomial ++assume val vector_ntt: #p:params -> vector p -> vector p ++assume val vector_inv_ntt: #p:params -> vector p -> vector p ++ ++// note we take seed of size 32 not 34 as in hacspec ++assume val sample_matrix_A: #p:params -> seed:t_Array u8 (sz 32) -> matrix p ++// note we take seed of size 32 not 33 as in hacspec ++assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p ++// note we take seed of size 32 not 33 as in hacspec ++ ++assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial ++ ++open Rust_primitives.Integers ++ ++val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial ++let sample_poly_cbd #p seed domain_sep = ++ let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in ++ let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in ++ sample_poly_binomial p.v_ETA2 prf_output ++ ++let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) = ++ vector_ntt (sample_vector_cbd #p seed domain_sep) ++ ++type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} ++ ++let compress_d (d: dT {d <> 12}) (x: field_element): field_element ++ = (pow2 d * x + 1664) / v v_FIELD_MODULUS ++ ++assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit)) ++ : Pure (t_Array u8 bytes) ++ (requires True) ++ (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i)) ++ ++assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) ++ : Pure (i:nat {i < v bytes * 8} -> bit) ++ (requires True) ++ (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) ++ ++let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) ++ = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) ++ ++let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial ++ = admit () ++ ++let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) ++ = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in ++ flatten s ++ ++let vector_decode_12 (#p:params) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p ++ = createi p.v_RANK (fun block -> ++ let block_size = (sz (32 * 12)) in ++ let slice = Seq.slice arr (v block * v block_size) ++ (v block * v block_size + v block_size) in ++ byte_decode 12 slice ++ ) ++ ++let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d)) ++ = let coefs: t_Array nat (sz 256) = map (fun (f: nat {f < v v_FIELD_MODULUS}) -> ++ compress_d d f <: nat ++ ) coefficients ++ in ++ byte_encode d coefficients ++ ++let compress_then_encode_message: polynomial -> t_Array u8 v_SHARED_SECRET_SIZE ++ = byte_encode 1 ++ ++let decode_then_decompress_message: t_Array u8 v_SHARED_SECRET_SIZE -> polynomial ++ = byte_decode 1 ++ ++let compress_then_encode_u (p:params) (vec: vector p): t_Array u8 (v_C1_SIZE p) ++ = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in ++ flatten (map #_ #_ #(fun _ -> True) (byte_encode (v d)) vec) ++ ++let decode_then_decompress_u (p:params) (arr: t_Array u8 (v_C1_SIZE p)): vector p ++ = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in ++ createi p.v_RANK (fun block -> ++ let block_size = v_C1_BLOCK_SIZE p in ++ let slice = Seq.slice arr (v block * v block_size) ++ (v block * v block_size + v block_size) in ++ byte_decode (v d) slice ++ ) ++ ++let compress_then_encode_v (p:params): polynomial -> t_Array u8 (v_C2_SIZE p) ++ = byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR) ++ ++let decode_then_decompress_v (p:params): t_Array u8 (v_C2_SIZE p) -> polynomial ++ = byte_decode (v p.v_VECTOR_V_COMPRESSION_FACTOR) ++ ++(** IND-CPA Functions *) ++ ++/// This function implements most of Algorithm 12 of the ++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. ++/// ++/// We say "most of" since Algorithm 12 samples the required randomness within ++/// the function itself, whereas this implementation expects it to be provided ++/// through the `key_generation_seed` parameter. ++ ++val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : ++ t_KyberCPAKeyPair p ++let ind_cpa_generate_keypair p randomness = ++ let hashed = v_G randomness in ++ let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in ++ let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in ++ let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in ++ let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in ++ let t_as_ntt = compute_As_plus_e #p matrix_A_as_ntt secret_as_ntt error_as_ntt in ++ let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in ++ let secret_key_serialized = vector_encode_12 #p secret_as_ntt in ++ (secret_key_serialized,public_key_serialized) ++ ++/// This function implements Algorithm 13 of the ++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. ++ ++val ind_cpa_encrypt (p:params) (public_key: t_KyberPublicKey p) ++ (message: t_Array u8 v_SHARED_SECRET_SIZE) ++ (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : ++ t_KyberCiphertext p ++ ++let ind_cpa_encrypt p public_key message randomness = ++ let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in ++ let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in ++ let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in ++ let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in ++ let error_1 = sample_vector_cbd #p randomness p.v_RANK in ++ let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in ++ let u = vector_add (vector_inv_ntt (matrix_vector_mul (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in ++ let mu = decode_then_decompress_message message in ++ let v = poly_add (poly_add (vector_dot_product t_as_ntt r_as_ntt) error_2) mu in ++ let c1 = compress_then_encode_u p u in ++ let c2 = compress_then_encode_v p v in ++ concat c1 c2 ++ ++/// This function implements Algorithm 14 of the ++/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. ++ ++val ind_cpa_decrypt (p:params) (secret_key: t_KyberCPAPrivateKey p) ++ (ciphertext: t_KyberCiphertext p): ++ t_KyberSharedSecret ++ ++let ind_cpa_decrypt p secret_key ciphertext = ++ let (c1,c2) = split ciphertext (v_C1_SIZE p) in ++ let u = decode_then_decompress_u p c1 in ++ let v = decode_then_decompress_v p c2 in ++ let secret_as_ntt = vector_decode_12 #p secret_key in ++ let w = poly_sub v (poly_inv_ntt #p (vector_dot_product secret_as_ntt (vector_ntt u))) in ++ compress_then_encode_message w ++ ++(** IND-CCA Functions *) ++ ++ ++/// This function implements most of Algorithm 15 of the ++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM key generation algorithm. ++/// ++/// We say "most of" since Algorithm 15 samples the required randomness within ++/// the function itself, whereas this implementation expects it to be provided ++/// through the `randomness` parameter. ++/// ++/// TODO: input validation ++ ++val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : ++ t_KyberKeyPair p ++let ind_cca_generate_keypair p randomness = ++ let (ind_cpa_keypair_randomness, implicit_rejection_value) = ++ split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in ++ ++ let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in ++ let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( ++ Seq.append ind_cpa_public_key ( ++ Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in ++ (ind_cca_secret_key, ind_cpa_public_key) ++ ++/// This function implements most of Algorithm 16 of the ++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm. ++/// ++/// We say "most of" since Algorithm 16 samples the required randomness within ++/// the function itself, whereas this implementation expects it to be provided ++/// through the `randomness` parameter. ++/// ++/// TODO: input validation ++ ++val ind_cca_encapsulate (p:params) (public_key: t_KyberPublicKey p) ++ (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : ++ (t_KyberCiphertext p & t_KyberSharedSecret) ++let ind_cca_encapsulate p public_key randomness = ++ let to_hash = concat randomness (v_H public_key) in ++ let hashed = v_G to_hash in ++ let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in ++ let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in ++ (ciphertext,shared_secret) ++ ++ ++/// This function implements Algorithm 17 of the ++/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm. ++ ++val ind_cca_decapsulate (p:params) (secret_key: t_KyberPrivateKey p) ++ (ciphertext: t_KyberCiphertext p): ++ t_KyberSharedSecret ++let ind_cca_decapsulate p secret_key ciphertext = ++ let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in ++ let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in ++ let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in ++ ++ let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in ++ let to_hash = concat decrypted ind_cpa_public_key_hash in ++ let hashed = v_G to_hash in ++ let (success_shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in ++ ++ assert (Seq.length implicit_rejection_value = 32); ++ let to_hash = concat implicit_rejection_value ciphertext in ++ let rejection_shared_secret = v_J to_hash in ++ ++ let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in ++ if reencrypted = ciphertext ++ then success_shared_secret ++ else rejection_shared_secret ++ ++ ++(** Kyber-768 Instantiation *) ++ ++let kyber768_params : params = { ++ v_RANK = sz 3; ++ v_ETA1 = sz 2; ++ v_ETA2 = sz 2; ++ v_VECTOR_U_COMPRESSION_FACTOR = sz 10; ++ v_VECTOR_V_COMPRESSION_FACTOR = sz 4; ++} ++ ++let kyber768_generate_keypair (randomness:t_Array u8 (sz 64)): ++ (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = ++ ind_cca_generate_keypair kyber768_params randomness ++ ++let kyber768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): ++ (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = ++ ind_cca_encapsulate kyber768_params public_key randomness ++ ++ ++let kyber768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): ++ t_Array u8 (sz 32) = ++ ind_cca_decapsulate kyber768_params secret_key ciphertext ++ ++(** Kyber-1024 Instantiation *) ++ ++let kyber1024_params : params = { ++ v_RANK = sz 4; ++ v_ETA1 = sz 2; ++ v_ETA2 = sz 2; ++ v_VECTOR_U_COMPRESSION_FACTOR = sz 11; ++ v_VECTOR_V_COMPRESSION_FACTOR = sz 5; ++} ++ ++let kyber1024_generate_keypair (randomness:t_Array u8 (sz 64)): ++ (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = ++ ind_cca_generate_keypair kyber1024_params randomness ++ ++let kyber1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): ++ (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = ++ ind_cca_encapsulate kyber1024_params public_key randomness ++ ++ ++let kyber1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): ++ t_Array u8 (sz 32) = ++ ind_cca_decapsulate kyber1024_params secret_key ciphertext ++ ++(** Kyber-512 Instantiation *) ++ ++let kyber512_params : params = { ++ v_RANK = sz 2; ++ v_ETA1 = sz 3; ++ v_ETA2 = sz 2; ++ v_VECTOR_U_COMPRESSION_FACTOR = sz 10; ++ v_VECTOR_V_COMPRESSION_FACTOR = sz 4; ++} ++ ++let kyber512_generate_keypair (randomness:t_Array u8 (sz 64)): ++ (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = ++ ind_cca_generate_keypair kyber512_params randomness ++ ++let kyber512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): ++ (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = ++ ind_cca_encapsulate kyber512_params public_key randomness ++ ++ ++let kyber512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): ++ t_Array u8 (sz 32) = ++ ind_cca_decapsulate kyber512_params secret_key ciphertext diff --git a/proofs/fstar/extraction-edited/.gitignore b/proofs/fstar/extraction-edited/.gitignore new file mode 100644 index 000000000..4671378ae --- /dev/null +++ b/proofs/fstar/extraction-edited/.gitignore @@ -0,0 +1 @@ +.depend diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch new file mode 100644 index 000000000..c79aa71a3 --- /dev/null +++ b/proofs/fstar/extraction-secret-independent.patch @@ -0,0 +1,9023 @@ +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.514790151 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.554788570 +0100 +@@ -1,356 +1,81 @@ + module Libcrux.Kem.Kyber.Arithmetic +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +- +-let lemma_mul_i32_range (n1 n2: i32) (b1 b2: nat) +- : Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 * b2 < pow2 31)) +- (ensures (range (v n1 * v n2) i32_inttype /\ i32_range (n1 *! n2) (b1 * b2))) = +- if v n1 = 0 || v n2 = 0 +- then () +- else +- let open FStar.Math.Lemmas in +- lemma_abs_bound (v n1) b1; +- lemma_abs_bound (v n2) b2; +- lemma_abs_mul (v n1) (v n2); +- lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2; +- lemma_mult_le_right b2 (abs (v n1)) b1; +- lemma_abs_bound (v n1 * v n2) (b1 * b2) +- +-let lemma_add_i32_range (n1 n2:i32) (b1 b2:nat): +- Lemma (requires (i32_range n1 b1 /\ i32_range n2 b2 /\ b1 + b2 < pow2 31)) +- (ensures (range (v n1 + v n2) i32_inttype /\ +- i32_range (n1 +! n2) (b1 + b2))) +- = () +- +-let mul_i32_b #b1 #b2 x y = +- lemma_mul_i32_range x y b1 b2; +- x *! y +- +-let add_i32_b #b1 #b2 x y = +- lemma_add_i32_range x y b1 b2; +- x +! y +- +-let sub_i32_b #b1 #b2 x y = +- x -! y +- +-let cast_i32_b #b1 #b2 x = +- x <: i32_b b2 +- +-#push-options "--ifuel 0 --z3rlimit 150" +-let shr_i32_b #b #t x y = +- let r = (x <: i32) >>! y in +- assert (v r == v x / pow2 (v y)); +- Math.Lemmas.lemma_div_le (v x) b (pow2 (v y)); +- assert (v x / (pow2 (v y)) <= b / (pow2 (v y))); +- Math.Lemmas.lemma_div_le (-b) (v x) (pow2 (v y)); +- assert (v x / (pow2 (v y)) >= (-b) / (pow2 (v y))); +- if (b % pow2 (v y) = 0) +- then (Math.Lemmas.div_exact_r b (pow2 (v y)); +- assert (b = (b/pow2 (v y)) * pow2 (v y)); +- assert (-b = -((b/pow2 (v y)) * pow2 (v y))); +- Math.Lemmas.neg_mul_left (b/pow2 (v y)) (pow2 (v y)); +- assert (-b = (-(b/pow2 (v y))) * pow2 (v y)); +- assert ((-b)/pow2(v y) = ((-(b/pow2 (v y))) * pow2 (v y)) / pow2 (v y)); +- Math.Lemmas.cancel_mul_div (-(b/pow2 (v y))) (pow2 (v y)); +- assert ((-b)/pow2(v y) = -(b/pow2 (v y))); +- assert (nat_div_ceil b (pow2 (v y)) == b / pow2 (v y)); +- assert (i32_range r (b / pow2 ( v y))); +- r <: i32_b (nat_div_ceil b (pow2 (v y)))) +- else (let rem = b % pow2 (v y) in +- let quo = b / pow2 (v y) in +- Math.Lemmas.lemma_div_mod b (pow2 (v y)); +- assert (b = quo * pow2 (v y) + rem); +- assert (-b = -(quo * pow2 (v y)) - rem); +- Math.Lemmas.neg_mul_left quo (pow2 (v y)); +- assert (-b = (-quo) * pow2 (v y) - rem); +- assert ((-b)/pow2(v y) = (-rem + (-quo) * pow2 (v y))/pow2 (v y)); +- Math.Lemmas.division_addition_lemma (-rem) (pow2 (v y)) (-quo); +- assert ((-b)/pow2(v y) = ((-rem)/pow2 (v y) -quo)); +- Math.Lemmas.division_definition (-rem) (pow2 (v y)) (-1); +- assert ((-rem)/pow2 (v y) == -1); +- assert ((-b)/pow2(v y) = -1 -quo); +- assert ((-b)/pow2(v y) = (-quo - 1)); +- assert ((-b)/pow2(v y) = -(quo + 1)); +- assert (nat_div_ceil b (pow2 (v y)) == quo + 1); +- assert (i32_range r (quo+1)); +- r <: i32_b (nat_div_ceil b (pow2 (v y)))) +-#pop-options +- +-let v_BARRETT_R: i64 = 1L <>! 1l <: i64) + in +- assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329)); +- assert (v t = v x * v v_BARRETT_MULTIPLIER + pow2 25); + let quotient:i32 = cast (t >>! v_BARRETT_SHIFT <: i64) <: i32 in +- assert (v quotient = v t / pow2 26); + let result:i32 = value -! (quotient *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) in +- calc (==) { +- v result % 3329; +- (==) { } +- (v value - (v quotient * 3329)) % 3329; +- (==) {Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329} +- (v value - (v quotient * 3329) % 3329) % 3329; +- (==) {Math.Lemmas.cancel_mul_mod (v quotient) 3329} +- (v value - 0) % 3329; +- (==) {} +- (v value) % 3329; +- }; ++ let _:Prims.unit = () <: Prims.unit in + result +-#pop-options + +-#push-options "--ifuel 0 --z3rlimit 1600" +-let montgomery_reduce #b value = ++let montgomery_reduce (value: i32) = + let _:i32 = v_MONTGOMERY_R in + let _:Prims.unit = () <: Prims.unit in +- let v0 = (cast (value <: i32) <: u32) in +- assert (v v0 == v value % pow2 32); +- let t0 = (get_n_least_significant_bits v_MONTGOMERY_SHIFT v0 <: u32) in +- assert (v t0 = (v value % pow2 32) % pow2 16); +- Math.Lemmas.pow2_modulo_modulo_lemma_1 (v value) 16 32; +- assert (v t0 = v value % pow2 16); + let t:u32 = +- t0 *! ++ (get_n_least_significant_bits v_MONTGOMERY_SHIFT (cast (value <: i32) <: u32) <: u32) *! + v_INVERSE_OF_MODULUS_MOD_R + in +- assert (v t = (v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R); +- let k0 = get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32 in +- let k:i32_b (pow2 15) = cast (cast k0 <: i16) <: i32 in +- calc (==) { +- v k % pow2 16; +- == { } +- v k0 % pow2 16; +- == { } +- v t % pow2 16; +- == { } +- ((v value % pow2 16) * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16; +- == {Math.Lemmas.lemma_mod_mul_distr_l (v value) (v v_INVERSE_OF_MODULUS_MOD_R) (pow2 16)} +- (v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16; +- }; +- assert_norm((62209 * 3329) % pow2 16 == 1); +- assert((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16 == 1); +- calc (==) { +- (v k * 3329) % pow2 16; +- == {Math.Lemmas.lemma_mod_mul_distr_l (v k) 3329 (pow2 16)} +- ((v k % pow2 16) * 3329) % pow2 16; +- == { } +- ((v value * v v_INVERSE_OF_MODULUS_MOD_R) % pow2 16 * 3329) % pow2 16; +- == {Math.Lemmas.lemma_mod_mul_distr_l (v value * v v_INVERSE_OF_MODULUS_MOD_R) (3329) (pow2 16)} +- (v value * v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16; +- == {Math.Lemmas.paren_mul_right (v value) (v v_INVERSE_OF_MODULUS_MOD_R) 3329} +- (v value * (v v_INVERSE_OF_MODULUS_MOD_R * 3329)) % pow2 16; +- == {Math.Lemmas.lemma_mod_mul_distr_r (v value) (v v_INVERSE_OF_MODULUS_MOD_R * 3329) (pow2 16)} +- (v value * ((v v_INVERSE_OF_MODULUS_MOD_R * 3329) % pow2 16)) % pow2 16; +- == {Math.Lemmas.mul_one_right_is_same (v value)} +- (v value) % pow2 16; +- }; +- Math.Lemmas.modulo_add (pow2 16) (- (v k * 3329)) (v value) (v k * 3329); +- assert ((v value - v k * 3329) % pow2 16 == (v k * 3329 - v k * 3329) % pow2 16); +- assert ((v value - v k * 3329) % v v_MONTGOMERY_R == 0); +- let k_times_modulus:i32_b (pow2 15 * 3329) = +- mul_i32_b k Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ let k:i16 = cast (get_n_least_significant_bits v_MONTGOMERY_SHIFT t <: u32) <: i16 in ++ let k_times_modulus:i32 = ++ (cast (k <: i16) <: i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS + in +- let c:i32_b 1665 = shr_i32_b k_times_modulus v_MONTGOMERY_SHIFT in +- let value_high:i32_b (nat_div_ceil b (v v_MONTGOMERY_R)) = shr_i32_b value v_MONTGOMERY_SHIFT in +- assert (v value_high = v value / v v_MONTGOMERY_R); +- let res: i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665) = sub_i32_b value_high c in +- calc (==) { +- v res; +- == { } +- (v value_high - v c); +- == { } +- ((v value / v v_MONTGOMERY_R) - ((v k * 3329) / v v_MONTGOMERY_R)); +- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} +- ((v value - (v k * 3329)) / v v_MONTGOMERY_R); +- }; +- calc (==) { +- v res % 3329; +- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} +- (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * ((v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) % 3329)) % 3329 ; +- == {Math.Lemmas.lemma_mod_mul_distr_r ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV) 3329} +- (((v value - (v k * 3329)) / v v_MONTGOMERY_R) * (v v_MONTGOMERY_R * v v_MONTGOMERY_R_INV)) % 3329 ; +- == {Math.Lemmas.paren_mul_right ((v value - (v k * 3329)) / v v_MONTGOMERY_R) (v v_MONTGOMERY_R) (v v_MONTGOMERY_R_INV)} +- ((((v value - (v k * 3329)) / v v_MONTGOMERY_R) * v v_MONTGOMERY_R) * v v_MONTGOMERY_R_INV) % 3329 ; +- == {Math.Lemmas.lemma_div_exact (v value - v k * 3329) (v v_MONTGOMERY_R)} +- ((v value - (v k * 3329)) * v v_MONTGOMERY_R_INV) % 3329 ; +- == { } +- ((v value * v v_MONTGOMERY_R_INV) - ((v k * 3329) * v v_MONTGOMERY_R_INV)) % 3329 ; +- == {Math.Lemmas.paren_mul_right (v k) 3329 (v v_MONTGOMERY_R_INV)} +- ((v value * v v_MONTGOMERY_R_INV) - (v k * (3329 * v v_MONTGOMERY_R_INV))) % 3329 ; +- == {Math.Lemmas.swap_mul 3329 (v v_MONTGOMERY_R_INV)} +- ((v value * v v_MONTGOMERY_R_INV) - (v k * (v v_MONTGOMERY_R_INV * 3329))) % 3329 ; +- == {Math.Lemmas.paren_mul_right (v k) (v v_MONTGOMERY_R_INV) 3329} +- ((v value * v v_MONTGOMERY_R_INV) - ((v k * v v_MONTGOMERY_R_INV) * 3329)) % 3329 ; +- == {Math.Lemmas.lemma_mod_sub (v value * v v_MONTGOMERY_R_INV) 3329 (v k * v v_MONTGOMERY_R_INV)} +- (v value * v v_MONTGOMERY_R_INV) % 3329 ; +- }; +- res +-#pop-options +- +-let montgomery_multiply_sfe_by_fer fe fer = +- montgomery_reduce (mul_i32_b fe fer) ++ let c:i32 = k_times_modulus >>! v_MONTGOMERY_SHIFT in ++ let value_high:i32 = value >>! v_MONTGOMERY_SHIFT in ++ value_high -! c + ++let montgomery_multiply_sfe_by_fer (fe fer: i32) = montgomery_reduce (fe *! fer <: i32) + +-let to_standard_domain mfe = +- montgomery_reduce (mul_i32_b mfe (v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32_b 1353)) ++let to_standard_domain (mfe: i32) = ++ montgomery_reduce (mfe *! v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS <: i32) + +-let to_unsigned_representative fe = ++let to_unsigned_representative (fe: i32) = + let _:Prims.unit = () <: Prims.unit in +- logand_lemma Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS (fe >>! 31l <: i32); +- let res = +- cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) <: u16 +- in +- assert (v fe < 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 3329l); +- assert (v fe >= 0 ==> (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) == 0l); +- assert (v fe + 3329 < pow2 16); +- assert (v fe >= -3328); +- assert (v fe < 0 ==> v fe + 3329 >= 0); +- assert (v fe < 0 ==> v res == (v fe + 3329) % pow2 16); +- Math.Lemmas.small_mod (v fe + 3329) (pow2 16); +- assert (v fe < 0 ==> v res == v fe + 3329); +- assert (v fe >= 0 ==> v res == v fe); +- res <: int_t_d u16_inttype 12 +- +-let derefine_poly_b #b x = +- let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32)) in +- {f_coefficients = r} +- +-let derefine_vector_b #v_K #b x = +- let r = createi v_K (fun i -> derefine_poly_b #b x.[i]) in +- r +- +-let derefine_matrix_b #v_K #b x = +- let r = createi v_K (fun i -> derefine_vector_b #v_K #b x.[i]) in +- r +- +-let cast_poly_b #b1 #b2 x = +- let r = createi (sz 256) (fun i -> (x.f_coefficients.[i] <: i32_b b2)) in +- let res = {f_coefficients = r} in +- let dx = (derefine_poly_b x).f_coefficients in +- let dr = (derefine_poly_b res).f_coefficients in +- assert (forall (i:usize). v i < 256 ==> +- (dx.[i] <: i32) == +- (dr.[i] <: i32)); +- assert (forall i. Seq.index dx i == (dx.[sz i] <: i32)); +- eq_intro dx dr; +- assert(Seq.equal dx dr); +- res ++ cast (fe +! (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS &. (fe >>! 31l <: i32) <: i32) <: i32) ++ <: ++ u16 + +-let cast_vector_b #v_K #b1 #b2 x = +- let r = createi v_K (fun i -> cast_poly_b #b1 #b2 x.[i]) in +- let dx = derefine_vector_b x in +- let dr = derefine_vector_b r in +- assert (forall (i:usize). v i < v v_K ==> +- dx.[i] == dr.[i]); +- assert (forall i. Seq.index dx i == dx.[sz i]); +- assert (forall i. Seq.index dr i == dr.[sz i]); +- eq_intro dx dr; +- r +- +-let down_cast_poly_b #b1 #b2 x = +- let r = createi (sz 256) +- (fun i -> +- let xi:i32_b b2 = x.f_coefficients.[i] in +- xi) in +- let res = {f_coefficients = r} in +- let dx = (derefine_poly_b x).f_coefficients in +- let dr = (derefine_poly_b res).f_coefficients in +- assert (forall (i:usize). v i < 256 ==> +- (dx.[i] <: i32) == +- (dr.[i] <: i32)); +- assert (forall i. Seq.index dx i == (dx.[sz i] <: i32)); +- eq_intro dx dr; +- assert(Seq.equal dx dr); +- res +- +-let down_cast_vector_b #v_K #b1 #b2 x = +- let r = createi (v_K) +- (fun i -> down_cast_poly_b #b1 #b2 x.[i]) in +- let dx = derefine_vector_b x in +- let dr = derefine_vector_b r in +- assert (forall (i:usize). v i < v v_K ==> +- dx.[i] == dr.[i]); +- assert (forall i. Seq.index dx i == dx.[sz i]); +- assert (forall i. Seq.index dr i == dr.[sz i]); +- eq_intro dx dr; +- assert(Seq.equal dx dr); +- r +- +- +-let add_to_ring_element #b1 #b2 v_K lhs rhs = ++let add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let orig_lhs = lhs in +- [@ inline_let] +- let inv = fun (acc:t_PolynomialRingElement_b (b1+b2)) (i:usize) -> +- (forall j. j <. i ==> acc.f_coefficients.[j] == lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]) /\ +- (forall j. j >=. i ==> acc.f_coefficients.[j] == orig_lhs.f_coefficients.[j]) in +- let lhs:t_PolynomialRingElement_b (b1 + b2) = +- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (b1+b2)) #inv { ++ let lhs:t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = +- Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice (i32_b b1)) ++ Core.Ops.Range.f_end ++ = ++ Core.Slice.impl__len (Rust_primitives.unsize lhs.f_coefficients <: t_Slice i32) ++ <: ++ usize + } +- (cast_poly_b #b1 #(b1+b2) lhs) ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ lhs + (fun lhs i -> +- let lhs:t_PolynomialRingElement_b (b1+b2) = lhs in ++ let lhs:t_PolynomialRingElement = lhs in + let i:usize = i in +- assert (orig_lhs.f_coefficients.[i] == lhs.f_coefficients.[i]); +- let lhsi: i32_b b1 = orig_lhs.f_coefficients.[i] in +- let lhs = + { + lhs with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs.f_coefficients + i +- (add_i32_b #b1 #b2 (lhsi) (rhs.f_coefficients.[ i ])) ++ ((lhs.f_coefficients.[ i ] <: i32) +! (rhs.f_coefficients.[ i ] <: i32) <: i32) + <: +- t_Array (i32_b (b1 + b2)) (sz 256) ++ t_Array i32 (sz 256) + } + <: +- t_PolynomialRingElement_b (b1 + b2) +- in +- assert (forall j. (j >. i /\ j <. sz 256) ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j]); +- lhs +- ) ++ t_PolynomialRingElement) + in + let _:Prims.unit = () <: Prims.unit in +- assert (forall j. j <. sz 256 ==> lhs.f_coefficients.[j] == orig_lhs.f_coefficients.[j] +! rhs.f_coefficients.[j]); + lhs +- +- +- +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.501790664 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.560788333 +0100 +@@ -3,32 +3,10 @@ + open Core + open FStar.Mul + +-let pow2_31 = 2147483648 +-let i32_range (n:i32) (b:nat) = +- b < pow2_31 /\ v n <= b /\ v n >= -b +- +-type i32_b b = x:i32{i32_range x b} +-let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 +- +-val mul_i32_b (#b1:nat) (#b2:nat{b1 * b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 * b2){v r == v x * v y} +-val add_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): +- Pure (i32_b (b1 + b2)) +- (requires True) +- (ensures fun r -> v r == v x + v y) +-val sub_i32_b (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (x:i32_b b1) (y: i32_b b2): r:i32_b (b1 + b2){v r == v x - v y} +-val cast_i32_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) (x:i32_b b1): r:i32_b b2{v r == v x} +-val shr_i32_b (#b:nat) (#t:inttype) (x:i32_b b) (y:int_t t{v y>0 /\ v y<32}): r:i32_b (nat_div_ceil b (pow2 (v y))) +- + unfold + let t_FieldElement = i32 + + unfold +-let t_FieldElement_b b = i32_b b +- +-unfold +-let wfFieldElement = t_FieldElement_b 3328 +- +-unfold + let t_FieldElementTimesMontgomeryR = i32 + + unfold +@@ -36,215 +14,122 @@ + + let v_BARRETT_MULTIPLIER: i64 = 20159L + +-let v_BARRETT_SHIFT: i64 = 26L ++let v_BARRETT_SHIFT: pub_i64 = 26L + +-val v_BARRETT_R: x:i64{v x = pow2 26 /\ x = 67108864L} ++let v_BARRETT_R: i64 = 1L <= 0 /\ v x < 3329 /\ (v x * v v_MONTGOMERY_R) % 3329 == 1 /\ x = 169l} ++let v_MONTGOMERY_R: i32 = 1l < - v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS); +- if m_v < 0 then +- m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- else m_v +- +- +-let to_spec_fe (m:i32) : Spec.Kyber.field_element = +- int_to_spec_fe (v m) +- +-let to_spec_fe_b #b (m:i32_b b) : Spec.Kyber.field_element = to_spec_fe m +- +-let mont_to_spec_fe (m:t_FieldElement) : Spec.Kyber.field_element = +- int_to_spec_fe (v m * v v_MONTGOMERY_R_INV) +- +-val get_n_least_significant_bits (n: u8 {v n > 0 /\ v n < 32}) (value: u32) +- : Prims.Pure (int_t_d u32_inttype (v n)) +- (requires v n < 32) ++val get_n_least_significant_bits (n: u8) (value: u32) ++ : Prims.Pure u32 ++ (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) + (ensures + fun result -> + let result:u32 = result in +- v result = v value % pow2 (v n)) +- ++ v result < v (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32)) + +-//let barrett_pre (value:i32) = +-// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R +-// Appears to work up to +/- 2^28, but not at +/- 2^29 +- +-let barrett_post (value:i32) (result:i32) = +- v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = +- v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- +-val barrett_reduce (value: i32_b (v v_BARRETT_R)) +- : Prims.Pure wfFieldElement +- (requires True) +- (ensures fun r -> barrett_post value r) +- +-let montgomery_post (value:i32) (result:i32) = +- v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = +- (v value * v v_MONTGOMERY_R_INV) % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- +- +-val montgomery_reduce #b (value: i32_b b) +- : Prims.Pure (i32_b (nat_div_ceil b (v v_MONTGOMERY_R) + 1665)) +- (requires True) ++val barrett_reduce (value: i32) ++ : Prims.Pure i32 ++ (requires ++ v (Core.Convert.f_from value <: i64) > v (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i64) && ++ v (Core.Convert.f_from value <: i64) < v v_BARRETT_R) + (ensures + fun result -> + let result:i32 = result in +- montgomery_post value result) +- ++ v result > v (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) && ++ v result < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) + +-val montgomery_multiply_sfe_by_fer #b1 #b2 (fe:i32_b b1) (fer: i32_b b2) +- : Pure (i32_b (nat_div_ceil (b1 * b2) (v v_MONTGOMERY_R) + 1665)) +- (requires (b1 * b2 < pow2_31)) +- (ensures (fun result -> +- montgomery_post (mul_i32_b fe fer) (result))) +- +- +-val to_standard_domain #b (mfe: i32_b b) +- : Pure (i32_b (nat_div_ceil (b * 1353) (v v_MONTGOMERY_R) + 1665)) +- (requires (b * 1353 < pow2_31)) +- (ensures (fun result -> +- montgomery_post (mul_i32_b mfe (1353l <: i32_b 1353)) result)) +- +- +-val to_unsigned_representative (fe: wfFieldElement) +- : Prims.Pure (int_t_d u16_inttype 12) +- (requires True) ++val montgomery_reduce (value: i32) ++ : Prims.Pure i32 ++ (requires ++ v value >= ++ v ((Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) *! ++ v_MONTGOMERY_R ++ <: ++ i32) && ++ v value <= v (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS *! v_MONTGOMERY_R <: i32)) ++ (ensures ++ fun result -> ++ let result:i32 = result in ++ v result >= ++ v ((Core.Ops.Arith.Neg.neg (3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: i32 ++ ) /! ++ 2l ++ <: ++ i32) && ++ v result <= v ((3l *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) /! 2l <: i32)) ++ ++val montgomery_multiply_sfe_by_fer (fe fer: i32) ++ : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) ++ ++val to_standard_domain (mfe: i32) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) ++ ++val to_unsigned_representative (fe: i32) ++ : Prims.Pure u16 ++ (requires ++ v fe >= v (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) && ++ v fe < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) + (ensures + fun result -> + let result:u16 = result in +- v result == to_spec_fe fe /\ +- result >=. 0us && +- result <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) +- +-type t_PolynomialRingElement = { f_coefficients:t_Array (t_FieldElement) (sz 256) } +- +-type t_PolynomialRingElement_b b = { f_coefficients:t_Array (i32_b b) (sz 256) } +- +-type wfPolynomialRingElement = t_PolynomialRingElement_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1) +- +-val derefine_poly_b (#b1:nat) (x:t_PolynomialRingElement_b b1): +- r:t_PolynomialRingElement{ +- forall (i:usize). v i < 256 ==> (r.f_coefficients.[i] <: i32) == (x.f_coefficients.[i] <: i32)} +- +-val derefine_vector_b (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K): +- r:t_Array t_PolynomialRingElement v_K{ +- forall (i:usize). (v i < v v_K) ==> +- (let ri : t_PolynomialRingElement = r.[i] in +- let xi : t_PolynomialRingElement_b b = x.[i] in +- ri == derefine_poly_b xi)} +- +-val derefine_matrix_b (#v_K:usize) (#b:nat) +- (x:t_Array (t_Array (t_PolynomialRingElement_b b) v_K) v_K) : +- r:t_Array (t_Array t_PolynomialRingElement v_K) v_K{ +- forall (i:usize). (v i < v v_K) ==> +- (let ri : t_Array (t_PolynomialRingElement) v_K = r.[i] in +- let xi : t_Array (t_PolynomialRingElement_b b) v_K = x.[i] in +- ri == derefine_vector_b xi)} +- +- +-val cast_poly_b (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) +- (x:t_PolynomialRingElement_b b1) +- : Pure (t_PolynomialRingElement_b b2) +- (requires True) +- (ensures fun r -> derefine_poly_b x == derefine_poly_b r) +- +-val cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b1 <= b2 /\ b2 < pow2_31}) +- (x:t_Array (t_PolynomialRingElement_b b1) v_K) +- : Pure (t_Array (t_PolynomialRingElement_b b2) v_K) +- (requires True) +- (ensures fun r -> derefine_vector_b x == derefine_vector_b r) +- +-let poly_range (#b:nat) (x:t_PolynomialRingElement_b b) (b':nat) = +- (forall (i:usize). v i < 256 ==> i32_range (x.f_coefficients.[i] <: i32) b') +- +-let vector_range (#v_K:usize) (#b:nat) (x:t_Array (t_PolynomialRingElement_b b) v_K) (b':nat) = +- (forall (i:usize). v i < v v_K ==> poly_range #b x.[i] b') +- +-val down_cast_poly_b (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31}) +- (x:t_PolynomialRingElement_b b1): +- Pure (t_PolynomialRingElement_b b2) +- (requires (poly_range x b2)) +- (ensures fun r -> derefine_poly_b x == derefine_poly_b r) +- +-val down_cast_vector_b (#v_K:usize) (#b1:nat) (#b2:nat{b2 <= b1 /\ b1 < pow2_31}) +- (x:t_Array (t_PolynomialRingElement_b b1) v_K): +- Pure (t_Array (t_PolynomialRingElement_b b2) v_K) +- (requires (vector_range x b2)) +- (ensures fun r -> derefine_vector_b x == derefine_vector_b r) +- +-let op_String_Access #t #l (a:t_Array t l) (i:usize{v i < v l}) : t = a.[i] +- +-let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = +- let p = createi #nat (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) in +- assert (forall i. Seq.index p i = to_spec_fe (m.f_coefficients.[sz i])); +- assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); +- p +- +-let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = +- to_spec_poly (derefine_poly_b m) +- +-let mont_to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = +- let p = createi #nat (sz 256) (fun i -> mont_to_spec_fe (m.f_coefficients.[i])) in +- assert (forall i. Seq.index p i = mont_to_spec_fe (m.f_coefficients.[sz i])); +- assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); +- p +- +- +-let to_spec_vector (#p:Spec.Kyber.params) +- (m:t_Array (t_PolynomialRingElement) p.v_RANK) +- : (Spec.Kyber.vector p) = +- createi p.v_RANK (fun i -> to_spec_poly (m.[i])) +- +- +-let to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat) +- (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK) +- : (Spec.Kyber.vector p) = +- to_spec_vector (derefine_vector_b m) +- +-let mont_to_spec_vector (#p:Spec.Kyber.params) +- (m:t_Array (t_PolynomialRingElement) p.v_RANK) +- : (Spec.Kyber.vector p) = +- createi p.v_RANK (fun i -> mont_to_spec_poly (m.[i])) +- +-let mont_to_spec_vector_b (#p:Spec.Kyber.params) (#b:nat) +- (m:t_Array (t_PolynomialRingElement_b b) p.v_RANK) +- : (Spec.Kyber.vector p) = +- mont_to_spec_vector (derefine_vector_b m) +- +-let to_spec_matrix (#p:Spec.Kyber.params) +- (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK)) +- : (Spec.Kyber.matrix p) = +- createi p.v_RANK (fun i -> to_spec_vector (m.[i])) +- +-let to_spec_matrix_b (#p:Spec.Kyber.params) (#b:nat) +- (m:(t_Array (t_Array (t_PolynomialRingElement_b b) p.v_RANK) p.v_RANK)) +- : (Spec.Kyber.matrix p) = +- to_spec_matrix (derefine_matrix_b m) +- +-let mont_to_spec_matrix (#p:Spec.Kyber.params) +- (m:(t_Array (t_Array (t_PolynomialRingElement) p.v_RANK) p.v_RANK)) +- : (Spec.Kyber.matrix p) = +- createi p.v_RANK (fun i -> mont_to_spec_vector (m.[i])) +- +-let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement_b 1 = +- { f_coefficients = Rust_primitives.Hax.repeat (0l <: i32_b 1) (sz 256) } <: t_PolynomialRingElement_b 1 +- +-val add_to_ring_element (#b1:nat) (#b2:nat{b1 + b2 < pow2_31}) (v_K: usize) (lhs: t_PolynomialRingElement_b b1) (rhs: t_PolynomialRingElement_b b2) +- : Prims.Pure (t_PolynomialRingElement_b (b1 + b2)) +- (requires True) +- (ensures fun result -> +- (forall i. v result.f_coefficients.[i] == v lhs.f_coefficients.[i] + v rhs.f_coefficients.[i])) +- ++ v result >= v 0us && ++ v result < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) + ++type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) } + ++let impl__PolynomialRingElement__ZERO: t_PolynomialRingElement = ++ { f_coefficients = Rust_primitives.Hax.repeat 0l (sz 256) } <: t_PolynomialRingElement + ++val add_to_ring_element (v_K: usize) (lhs rhs: t_PolynomialRingElement) ++ : Prims.Pure t_PolynomialRingElement ++ (requires ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ let lhs_i = (lhs.f_coefficients.[ i ] <: i32) in ++ (v (Core.Num.impl__i32__abs lhs_i <: i32) <= ++ v (((cast (v_K <: usize) <: pub_i32) -! 1l <: i32) *! ++ Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ i32) ++ <: ++ bool) && ++ (v (Core.Num.impl__i32__abs (rhs.f_coefficients.[ i ] <: i32) <: i32) <= ++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ bool)) ++ <: ++ bool)) ++ (ensures ++ fun result -> ++ let result:t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v (Core.Num.impl__i32__abs (result.f_coefficients.[ i ] <: i32) <: i32) <= ++ v ((cast (v_K <: usize) <: pub_i32) *! Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ i32) ++ <: ++ bool) ++ <: ++ bool)) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.505790506 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.559788372 +0100 +@@ -1,79 +1,39 @@ + module Libcrux.Kem.Kyber.Compress +-#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +-let compress_message_coefficient fe = +- let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in +- assert (v shifted == 1664 - v fe); +- let mask:i16 = shifted >>! 15l in +- assert (v mask = v shifted / pow2 15); +- assert (if v shifted < 0 then mask = ones else mask = zero); +- let shifted_to_positive:i16 = mask ^. shifted in +- logxor_lemma shifted mask; +- assert (v shifted < 0 ==> v shifted_to_positive = v (lognot shifted)); +- neg_equiv_lemma shifted; +- assert (v (lognot shifted) = -(v shifted) -1); +- assert (v shifted >= 0 ==> v shifted_to_positive = v (mask `logxor` shifted)); +- assert (v shifted >= 0 ==> mask = zero); +- assert (v shifted >= 0 ==> mask ^. shifted = shifted); +- assert (v shifted >= 0 ==> v shifted_to_positive = v shifted); +- assert (shifted_to_positive >=. 0s); +- let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in +- assert (1664 - v fe >= 0 ==> v shifted_positive_in_range == 832 - v fe); +- assert (1664 - v fe < 0 ==> v shifted_positive_in_range == -2497 + v fe); +- let r0 = shifted_positive_in_range >>! 15l in +- let r1 = r0 &. 1s in +- let res = cast (r1) <: u8 in +- assert (v r0 = v shifted_positive_in_range / pow2 15); +- assert (if v shifted_positive_in_range < 0 then r0 = ones else r0 = zero); +- logand_lemma 1s r0; +- assert (if v shifted_positive_in_range < 0 then r1 = 1s else r1 = 0s); +- assert ((v fe >= 833 && v fe <= 2496) ==> r1 = 1s); +- assert (v fe < 833 ==> r1 = 0s); +- assert (v fe > 2496 ==> r1 = 0s); +- assert (v res = v r1); +- res +- +-let compress_ciphertext_coefficient coefficient_bits fe = ++let compress_ciphertext_coefficient (coefficient_bits: pub_u8) (fe: u16) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let compressed:u32 = (cast (fe <: u16) <: u32) <>! 35l in ++ cast (Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits coefficient_bits ++ (cast (compressed <: u64) <: u32) ++ <: ++ u32) + <: + i32 +- in +- res + +-#push-options "--z3rlimit 300" +-let decompress_ciphertext_coefficient coefficient_bits fe = ++let compress_message_coefficient (fe: u16) = ++ let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in ++ let mask:i16 = shifted >>! 15l in ++ let shifted_to_positive:i16 = mask ^. shifted in ++ let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in ++ cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 ++ ++let decompress_ciphertext_coefficient (coefficient_bits: pub_u8) (fe: i32) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- assert (v (1ul <>! (coefficient_bits +! 1uy <: u8) in +- let res = cast (decompressed <: u32) <: i32 in +- let res : Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 = res in +- res ++ let decompressed:u32 = decompressed >>! (coefficient_bits +! 1uy <: pub_u8) in ++ cast (decompressed <: u32) <: i32 + +-let decompress_message_coefficient fe = +- let res = (Core.Ops.Arith.Neg.neg fe <: i32) &. +- ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) in +- assert (v ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) == 1665); +- assert (res == logand #i32_inttype (Core.Ops.Arith.Neg.neg fe) 1665l); +- assert (v fe == 0 ==> Core.Ops.Arith.Neg.neg fe = zero); +- logand_lemma 1665l zero; +- assert (v fe == 0 ==> res == zero); +- res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +-#pop-options ++let decompress_message_coefficient (fe: i32) = ++ (Core.Ops.Arith.Neg.neg fe <: i32) &. ++ ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.508790388 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.543789005 +0100 +@@ -3,42 +3,44 @@ + open Core + open FStar.Mul + ++val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) ++ : Prims.Pure i32 ++ (requires ++ (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || ++ coefficient_bits =. 11uy) && ++ v fe < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) ++ (ensures ++ fun result -> ++ let result:i32 = result in ++ v result >= v 0l && ++ v result < v (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32)) ++ + val compress_message_coefficient (fe: u16) + : Prims.Pure u8 +- (requires v fe < 3329) ++ (requires v fe < v (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) + (ensures + fun result -> + let result:u8 = result in +- if 833 <= v fe && v fe <= 2496 +- then result =. 1uy +- else result =. 0uy) ++ Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v result = v 1uy <: bool) && ++ Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v result = v 0uy <: bool)) + +- +-val compress_ciphertext_coefficient (coefficient_bits: u8 {v coefficient_bits > 0 /\ v coefficient_bits <= 32}) (fe: u16) +- : Prims.Pure (int_t_d i32_inttype (v coefficient_bits)) ++val decompress_ciphertext_coefficient (coefficient_bits: u8) (fe: i32) ++ : Prims.Pure i32 + (requires + (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || + coefficient_bits =. 11uy) && +- fe <. (cast (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) <: u16)) +- (ensures +- fun result -> +- let result:i32 = result in +- result >=. 0l && +- result <. (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32)) +- +-open Rust_primitives.Integers +- +-val decompress_ciphertext_coefficient +- (coefficient_bits: u8 {coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || coefficient_bits =. 11uy}) +- (fe: int_t_d i32_inttype (v coefficient_bits)) +- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) +- (requires True) ++ v fe >= v 0l && ++ v fe < v (Core.Num.impl__i32__pow 2l (cast (coefficient_bits <: u8) <: u32) <: i32)) + (ensures + fun result -> + let result:i32 = result in +- result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) ++ v result < v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) + + val decompress_message_coefficient (fe: i32) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfFieldElement +- (requires fe =. 0l || fe =. 1l) +- (fun result -> v result >= 0 /\ v result < 3329) ++ : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.534789360 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.542789044 +0100 +@@ -15,8 +15,7 @@ + + let v_FIELD_MODULUS: i32 = 3329l + +-let v_H_DIGEST_SIZE: usize = +- Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) ++let v_H_DIGEST_SIZE: usize = sz 32 + + let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 + +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.491791059 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.538789202 +0100 +@@ -4,163 +4,61 @@ + open FStar.Mul + + let is_non_zero (value: u8) = +- let orig_value = value in + let value:u16 = cast (value <: u8) <: u16 in +- let result:u8 = cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) in +- let res:u8 = result &. 1uy in +- if v orig_value = 0 then ( +- assert(value == zero); +- lognot_lemma value; +- assert((~.value +. 1us) == zero); +- assert((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero); +- logor_lemma value zero; +- assert((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == value); +- assert (v result == v ((value >>! 8l))); +- assert ((v value / pow2 8) == 0); +- assert (result == 0uy); +- logand_lemma 1uy result; +- assert (res == 0uy); +- res) +- else ( +- assert (v value <> 0); +- lognot_lemma value; +- assert (v (~.value) = pow2 16 - 1 - v value); +- assert (v (~.value) + 1 = pow2 16 - v value); +- assert (v (value) <= pow2 8 - 1); +- assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); +- assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); +- assert ((v (~.value) + 1)/pow2 8 = (pow2 8 - 1)); +- assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1); +- assert (result = ones); +- logand_lemma 1uy result; +- assert (res = 1uy); +- res +- ) ++ let result:u16 = ++ ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &. ++ 1us ++ in ++ cast (result <: u16) <: u8 + +-let compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE lhs rhs = ++let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + let (r: u8):u8 = 0uy in +- [@ inline_let] +- let inv = fun (acc:u8) (i:usize) -> +- v i <= v v_CIPHERTEXT_SIZE /\ +- (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then +- acc == 0uy +- else ~ (acc == 0uy)) +- in + let r:u8 = +- Rust_primitives.Iterators.foldi_range #_ #u8 #inv { ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE + } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + r + (fun r i -> + let r:u8 = r in + let i:usize = i in +- let nr = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8 in +- if r =. 0uy then ( +- if (Seq.index lhs (v i) = Seq.index rhs (v i)) then ( +- logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); +- assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero); +- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); +- assert (nr = r); +- assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j); +- assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j); +- eq_intro (Seq.slice lhs 0 (v i + 1)) (Seq.slice rhs 0 (v i + 1)); +- nr +- ) +- else ( +- logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); +- assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero); +- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); +- assert (v nr > 0); +- assert (Seq.index (Seq.slice lhs 0 (v i+1)) (v i) <> +- Seq.index (Seq.slice rhs 0 (v i+1)) (v i)); +- assert (Seq.slice lhs 0 (v i+1) <> Seq.slice rhs 0 (v i + 1)); +- nr +- ) +- ) else ( +- logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); +- assert (v nr >= v r); +- assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i)); +- if (Seq.slice lhs 0 (v i+1) = Seq.slice rhs 0 (v i + 1)) then +- (assert (forall j. j < v i + 1 ==> Seq.index (Seq.slice lhs 0 (v i+1)) j == Seq.index (Seq.slice rhs 0 (v i+1)) j); +- eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i)); +- assert(False)) +- else nr +- ) +- ) ++ r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8) + in +- let res = is_non_zero r in +- res ++ is_non_zero r + +-#push-options "--ifuel 0 --z3rlimit 50" + let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in +- assert (if selector = 0uy then mask = ones else mask = zero); +- lognot_lemma mask; +- assert (if selector = 0uy then ~.mask = zero else ~.mask = ones); + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in +- [@ inline_let] +- let inv = fun (acc:t_Array u8 (sz 32)) (i:usize) -> +- v i <= 32 /\ +- (forall j. j < v i ==> (if (selector =. 0uy) then Seq.index acc j == Seq.index lhs j else Seq.index acc j == Seq.index rhs j)) /\ +- (forall j. j >= v i ==> Seq.index acc j == 0uy) +- in + let out:t_Array u8 (sz 32) = +- Rust_primitives.Iterators.foldi_range #_ #(t_Array u8 (sz 32)) #inv { ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + out + (fun out i -> + let out:t_Array u8 (sz 32) = out in +- assert ((out.[ i ] <: u8) = 0uy); +- let outi = ++ let i:usize = i in ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out ++ i + ((out.[ i ] <: u8) |. + (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) + <: +- u8) in +- if (selector = 0uy) then ( +- logand_lemma (lhs.[ i ] <: u8) mask; +- assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8)); +- logand_lemma (rhs.[ i ] <: u8) (~.mask); +- assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero); +- logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8); +- assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8)); +- logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8); +- assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (lhs.[ i ] <: u8)); +- assert (outi = (lhs.[ i ] <: u8)) +- ) +- else ( +- logand_lemma (lhs.[ i ] <: u8) mask; +- assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero); +- logand_lemma (rhs.[ i ] <: u8) (~.mask); +- assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8)); +- logor_lemma (rhs.[ i ] <: u8) zero; +- assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8)); +- assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == (rhs.[ i ] <: u8)); +- logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8); +- assert (((out.[ i ] <: u8) |. (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) <: u8) == (rhs.[ i ] <: u8)); +- assert (outi = (rhs.[ i ] <: u8)) +- ); +- let i:usize = i in +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out +- i +- outi ++ u8) + <: + t_Array u8 (sz 32)) + in +- if (selector =. 0uy) then ( +- eq_intro out lhs; +- out +- ) +- else ( +- eq_intro out rhs; +- out +- ) +-#pop-options ++ out +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.502790625 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.571787898 +0100 +@@ -20,26 +20,30 @@ + + val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) + : Prims.Pure u8 +- (requires (length lhs == v_CIPHERTEXT_SIZE /\ +- length rhs == v_CIPHERTEXT_SIZE)) ++ Prims.l_True + (ensures + fun result -> + let result:u8 = result in +- Hax_lib.implies (lhs =. rhs <: bool) ++ Hax_lib.implies (lhs = rhs) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in +- result =. 0uy <: bool) && +- Hax_lib.implies (lhs <>. rhs <: bool) ++ v result = v 0uy <: bool) && ++ Hax_lib.implies (lhs <> rhs) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in +- result =. 1uy <: bool)) ++ v result = v 1uy <: bool)) + + val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) + : Prims.Pure (t_Array u8 (sz 32)) +- (requires (length lhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE /\ +- length rhs == Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE)) ++ Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in +- Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && +- Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) ++ Hax_lib.implies (selector =. 0uy <: bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ result = lhs <: bool) && ++ Hax_lib.implies (selector <>. 0uy <: bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ result = rhs <: bool)) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst +--- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-30 10:40:46.583787424 +0100 +@@ -0,0 +1,87 @@ ++module Libcrux.Kem.Kyber.Conversions ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++ ++let into_padded_array (#v_LEN: usize) (slice: t_Slice u8) : t_Array u8 v_LEN = ++ let _:Prims.unit = ++ if true ++ then ++ let _:Prims.unit = ++ if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) ++ then ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ in ++ () ++ in ++ let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in ++ let out:t_Array u8 v_LEN = ++ Rust_primitives.Hax.update_at out ++ ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } ++ ) ++ (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out ++ ({ ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize ++ }) ++ <: ++ t_Slice u8) ++ slice ++ <: ++ t_Slice u8) ++ in ++ out ++ ++class t_UpdatingArray (#v_Self: Type) = { f_push:v_Self -> t_Slice u8 -> v_Self } ++ ++type t_UpdatableArray (v_LEN: usize) = { ++ f_value:t_Array u8 v_LEN; ++ f_pointer:usize ++} ++ ++let impl__new (#v_LEN: usize) (value: t_Array u8 v_LEN) : t_UpdatableArray v_LEN = ++ { f_value = value; f_pointer = sz 0 } ++ ++let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : t_Array u8 v_LEN = self.f_value ++ ++let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = ++ { ++ f_push ++ = ++ fun (self: t_UpdatableArray v_LEN) (other: t_Slice u8) -> ++ let self:t_UpdatableArray v_LEN = ++ { ++ self with ++ f_value ++ = ++ Rust_primitives.Hax.update_at (f_value self <: t_UpdatableArray v_LEN) ++ ({ ++ Core.Ops.Range.f_start = self.f_pointer; ++ Core.Ops.Range.f_end ++ = ++ self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize ++ }) ++ (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut self.f_value ++ ({ ++ Core.Ops.Range.f_start = self.f_pointer; ++ Core.Ops.Range.f_end ++ = ++ self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize ++ }) ++ <: ++ t_Slice u8) ++ other ++ <: ++ t_Slice u8) ++ } ++ in ++ let self:t_UpdatableArray v_LEN = ++ { self with f_pointer = self.f_pointer +! (Core.Slice.impl__len other <: usize) } ++ in ++ self ++ } ++ ++let to_unsigned_representative (fe: i32) : u16 = ++ cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 +\ Pas de fin de ligne à la fin du fichier +diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst +--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.527789637 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.577787661 +0100 +@@ -1,29 +1,12 @@ + module Libcrux.Kem.Kyber +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +-let update_at_range_lemma #n +- (s: t_Slice 't) +- (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).in_range s i}) +- (x: t_Slice 't) +- : Lemma +- (requires (Seq.length x == v i.f_end - v i.f_start)) +- (ensures ( +- let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in +- let len = v i.f_start in +- forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i +- )) +- [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)] +- = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in +- let len = v i.f_start in +- introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i +- with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i +- /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) +- +-let serialize_kem_secret_key #p ++let serialize_kem_secret_key + (v_SERIALIZED_KEY_LEN: usize) +- (private_key public_key implicit_rejection_value: t_Slice u8) = ++ (private_key public_key implicit_rejection_value: t_Slice u8) ++ = + let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.repeat 0uy v_SERIALIZED_KEY_LEN in + let pointer:usize = sz 0 in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = +@@ -72,8 +55,6 @@ + t_Slice u8) + in + let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in +- let h_public_key = (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) +- <: t_Slice u8) in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ +@@ -89,7 +70,16 @@ + pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE <: usize + } + <: +- Core.Ops.Range.t_Range usize ]) h_public_key) ++ Core.Ops.Range.t_Range usize ] ++ <: ++ t_Slice u8) ++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Hash_functions.v_H public_key ++ <: ++ t_Array u8 (sz 32)) ++ <: ++ t_Slice u8) ++ <: ++ t_Slice u8) + in + let pointer:usize = pointer +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE in + let out:t_Array u8 v_SERIALIZED_KEY_LEN = +@@ -116,32 +106,14 @@ + <: + t_Slice u8) + in +- assert (Seq.slice out 0 (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) `Seq.equal` private_key); +- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) +- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) `Seq.equal` public_key); +- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! +- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p)) +- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! +- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! +- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)) +- `Seq.equal` Libcrux.Kem.Kyber.Hash_functions.v_H public_key); +- assert (Seq.slice out (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! +- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! +- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)) +- (v #usize_inttype (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p +! +- Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p +! +- Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE +! +- Spec.Kyber.v_SHARED_SECRET_SIZE)) +- == implicit_rejection_value); +- lemma_slice_append_4 out private_key public_key (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value; + out + +-let decapsulate #p ++let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) = +- let orig_secret_key = secret_key.f_value in ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) ++ = + let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = + Libcrux.Kem.Kyber.Types.impl_12__split_at v_SECRET_KEY_SIZE secret_key v_CPA_SECRET_KEY_SIZE + in +@@ -151,12 +123,8 @@ + let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at secret_key Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE + in +- assert (ind_cpa_secret_key == slice orig_secret_key (sz 0) v_CPA_SECRET_KEY_SIZE); +- assert (ind_cpa_public_key == slice orig_secret_key v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE)); +- assert (ind_cpa_public_key_hash == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE)); +- assert (implicit_rejection_value == slice orig_secret_key (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) (length orig_secret_key)); + let decrypted:t_Array u8 (sz 32) = +- Libcrux.Kem.Kyber.Ind_cpa.decrypt #p v_K ++ Libcrux.Kem.Kyber.Ind_cpa.decrypt v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR +@@ -184,9 +152,6 @@ + <: + t_Slice u8) + in +- lemma_slice_append to_hash decrypted ind_cpa_public_key_hash; +- assert (decrypted == Spec.Kyber.ind_cpa_decrypt p ind_cpa_secret_key ciphertext.f_value); +- assert (to_hash == concat decrypted ind_cpa_public_key_hash); + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + in +@@ -194,10 +159,6 @@ + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + in +- assert ((shared_secret,pseudorandomness) == split hashed Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE); +- assert (length implicit_rejection_value = v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE); +- assert (length implicit_rejection_value = Spec.Kyber.v_SHARED_SECRET_SIZE); +- assert (Spec.Kyber.v_SHARED_SECRET_SIZE <=. Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p); + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux.Kem.Kyber.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE +@@ -219,13 +180,11 @@ + <: + t_Slice u8) + in +- lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value; + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux.Kem.Kyber.Hash_functions.v_PRF (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) + in +- assert (implicit_rejection_shared_secret == Spec.Kyber.v_J to_hash); + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = +- Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE ++ Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted + pseudorandomness +@@ -235,18 +194,16 @@ + (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + in +- let res = + Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + selector +- in +- res + +-let encapsulate #p ++let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- (randomness: t_Array u8 (sz 32)) = ++ (randomness: t_Array u8 (sz 32)) ++ = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64) + (Rust_primitives.unsize randomness <: t_Slice u8) +@@ -277,10 +234,6 @@ + <: + t_Slice u8) + in +- assert (Seq.slice to_hash 0 (v Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE) == randomness); +- lemma_slice_append to_hash randomness (Spec.Kyber.v_H public_key.f_value); +- assert (to_hash == concat randomness (Spec.Kyber.v_H public_key.f_value)); +- + let hashed:t_Array u8 (sz 64) = + Libcrux.Kem.Kyber.Hash_functions.v_G (Rust_primitives.unsize to_hash <: t_Slice u8) + in +@@ -289,7 +242,7 @@ + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = +- Libcrux.Kem.Kyber.Ind_cpa.encrypt #p v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE ++ Libcrux.Kem.Kyber.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE +@@ -299,17 +252,23 @@ + <: + t_Slice u8) randomness pseudorandomness + in +- Core.Convert.f_into ciphertext, +- Core.Result.impl__unwrap (Core.Convert.f_try_into shared_secret +- <: +- Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) ++ let shared_secret:t_Array u8 (sz 32) = ++ match Core.Convert.f_try_into shared_secret with ++ | Core.Result.Result_Ok shared_secret -> shared_secret ++ | Core.Result.Result_Err _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" ++ <: ++ Rust_primitives.Hax.t_Never) ++ in ++ Core.Convert.f_into ciphertext, shared_secret + <: + (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +-let generate_keypair #p ++let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) +- (randomness: t_Array u8 (sz 64)) = ++ (randomness: t_Array u8 (sz 64)) ++ = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; +@@ -327,7 +286,7 @@ + in + let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & + t_Array u8 v_PUBLIC_KEY_SIZE) = +- Libcrux.Kem.Kyber.Ind_cpa.generate_keypair #p v_K ++ Libcrux.Kem.Kyber.Ind_cpa.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT +@@ -336,7 +295,7 @@ + ind_cpa_keypair_randomness + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = +- serialize_kem_secret_key #p v_PRIVATE_KEY_SIZE ++ serialize_kem_secret_key v_PRIVATE_KEY_SIZE + (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) + (Rust_primitives.unsize public_key <: t_Slice u8) + implicit_rejection_value +@@ -349,4 +308,3 @@ + v_PUBLIC_KEY_SIZE + private_key + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- +diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti +--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.490791099 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.573787819 +0100 +@@ -10,75 +10,31 @@ + Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE + +-val serialize_kem_secret_key (#p:Spec.Kyber.params) ++val serialize_kem_secret_key + (v_SERIALIZED_KEY_LEN: usize) + (private_key public_key implicit_rejection_value: t_Slice u8) +- : Pure (t_Array u8 v_SERIALIZED_KEY_LEN) +- (requires (length private_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ +- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- length implicit_rejection_value == Spec.Kyber.v_SHARED_SECRET_SIZE /\ +- v_SERIALIZED_KEY_LEN == Spec.Kyber.v_SECRET_KEY_SIZE p)) +- (ensures (fun res -> res == +- Seq.append private_key ( +- Seq.append public_key ( +- Seq.append (Libcrux.Kem.Kyber.Hash_functions.v_H public_key) implicit_rejection_value)))) ++ : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) + +-val decapsulate (#p:Spec.Kyber.params) ++val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) +- : Pure (t_Array u8 (sz 32)) +- (requires ( p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ +- Spec.Kyber.valid_params p /\ +- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ +- v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ +- v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE p /\ +- v_SECRET_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\ +- v_CPA_SECRET_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ +- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ +- v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\ +- v_C1_BLOCK_SIZE == Spec.Kyber.v_C1_BLOCK_SIZE p /\ +- v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\ +- v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p +- )) +- (ensures (fun res -> +- res == Spec.Kyber.ind_cca_decapsulate p secret_key.f_value ciphertext.f_value)) ++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +-val encapsulate (#p:Spec.Kyber.params) ++val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) +- : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +- (requires (p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ +- Spec.Kyber.valid_params p /\ +- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ +- v_ETA2_RANDOMNESS_SIZE == Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ +- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ +- v_C1_SIZE == Spec.Kyber.v_C1_SIZE p /\ +- v_C2_SIZE == Spec.Kyber.v_C2_SIZE p /\ +- v_T_AS_NTT_ENCODED_SIZE = Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\ +- v_VECTOR_U_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p +- )) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +- (ensures (fun (ct,ss) -> +- (ct.f_value,ss) == Spec.Kyber.ind_cca_encapsulate p public_key.f_value randomness)) +- +- +-val generate_keypair (#p:Spec.Kyber.params) ++val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) +- : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) +- (requires (v_K == p.v_RANK /\ v_ETA1 == p.v_ETA1 /\ +- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ +- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- v_CPA_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ +- v_PRIVATE_KEY_SIZE == Spec.Kyber.v_SECRET_KEY_SIZE p /\ +- v_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p +- )) +- (ensures (fun kp -> +- (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ Prims.l_True ++ (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.519789953 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.553788609 +0100 +@@ -3,27 +3,18 @@ + open Core + open FStar.Mul + +-let v_G (input: t_Slice u8) = +- let res = Libcrux.Digest.sha3_512_ input in +- admit(); // We assume that sha3_512 correctly implements G +- res ++let v_G (input: t_Slice u8) = Libcrux.Digest.sha3_512_ input + +-let v_H (input: t_Slice u8) = +- let res = Libcrux.Digest.sha3_256_ input in +- admit(); // We assume that sha3_512 correctly implements H +- res ++let v_H (input: t_Slice u8) = Libcrux.Digest.sha3_256_ input + +-let v_PRF (v_LEN: usize) (input: t_Slice u8) = +- let res = Libcrux.Digest.shake256 v_LEN input in +- admit(); // We assume that sha3_512 correctly implements H +- res ++let v_PRF (v_LEN: usize) (input: t_Slice u8) = Libcrux.Digest.shake256 v_LEN input + + let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) = + let out:t_Array (t_Array u8 (sz 840)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K + in + let out:t_Array (t_Array u8 (sz 840)) v_K = +- if ~.(Libcrux_platform.simd256_support <: bool) || ~.false ++ if ~.(Libcrux_platform.simd256_support () <: bool) || ~.true + then + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +@@ -47,7 +38,7 @@ + t_Array (t_Array u8 (sz 840)) v_K) + else + let out:t_Array (t_Array u8 (sz 840)) v_K = +- match cast (v_K <: usize) <: u8 with ++ match cast (v_K <: usize) <: pub_u8 with + | 2uy -> + let d0, d1, _, _:(t_Array u8 (sz 840) & t_Array u8 (sz 840) & t_Array u8 (sz 840) & + t_Array u8 (sz 840)) = +@@ -109,5 +100,4 @@ + in + out + in +- admit(); //P-F + out +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.512790229 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.568788017 +0100 +@@ -3,24 +3,12 @@ + open Core + open FStar.Mul + +-val v_G (input: t_Slice u8) +- : Pure (t_Array u8 (sz 64)) +- (requires True) +- (ensures (fun res -> res == Spec.Kyber.v_G input)) ++val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) + +-val v_H (input: t_Slice u8) +- : Pure (t_Array u8 (sz 32)) +- (requires True) +- (ensures (fun res -> res == Spec.Kyber.v_H input)) ++val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + + val v_PRF (v_LEN: usize) (input: t_Slice u8) +- : Pure (t_Array u8 v_LEN) +- (requires True) +- (ensures (fun res -> res == Spec.Kyber.v_PRF v_LEN input)) ++ : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +- : Pure (t_Array (t_Array u8 (sz 840)) v_K) +- (requires True) +- (ensures (fun res -> +- (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) +- ++ : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst +--- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-30 10:40:46.578787621 +0100 +@@ -0,0 +1,6 @@ ++module Libcrux.Kem.Kyber.Helper ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++ ++ +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.517790032 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.546788886 +0100 +@@ -1,5 +1,5 @@ + module Libcrux.Kem.Kyber.Ind_cpa +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +@@ -37,37 +37,33 @@ + in + out + +-unfold let acc_t (v_K v_ETA:usize) = (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) v_K) +-unfold let inv_t v_K v_ETA = acc_t v_K v_ETA -> usize -> Type +- +-let wfZero: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) +- +-let etaZero (v_ETA:usize{v v_ETA >= 1 /\ v v_ETA < pow2 31}): Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA) = +- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #(v v_ETA) Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) +- +-let sample_vector_cbd (#p:Spec.Kyber.params) ++let sample_ring_element_cbd + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) +- (prf_input: t_Array u8 (sz 33)) domain_separator = +- let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = +- Rust_primitives.Hax.repeat (etaZero (sz (pow2 (v v_ETA2) - 1))) v_K +- in +- let orig_domain_separator = domain_separator in +- [@ inline_let] +- let inv : inv_t v_K v_ETA2 = fun (acc:acc_t v_K v_ETA2) (i:usize) -> +- let (domain_separator,prf_input,error_1_) = acc in +- if (i >=. sz 0 && i <=. v_K) +- then +- domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i)) +- else true in +- let (domain_separator, prf_input, error_1_):acc_t v_K (v_ETA2) = +- Rust_primitives.Iterators.foldi_range #_ #(acc_t v_K (v_ETA2)) #inv { ++ (prf_input: t_Array u8 (sz 33)) ++ (domain_separator: u8) ++ = ++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let domain_separator, error_1_, prf_input:(u8 & ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & ++ t_Array u8 (sz 33)) = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- (domain_separator, prf_input, error_1_) ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ (domain_separator, error_1_, prf_input ++ <: ++ (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & t_Array u8 (sz 33)) ++ ) + (fun temp_0_ i -> +- let domain_separator, prf_input, error_1_:acc_t v_K (v_ETA2) = ++ let domain_separator, error_1_, prf_input:(u8 & ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & ++ t_Array u8 (sz 33)) = + temp_0_ + in + let i:usize = i in +@@ -81,46 +77,49 @@ + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let error_1_:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = ++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ + i +- (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2 ++ (Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2 + (Rust_primitives.unsize prf_output <: t_Slice u8) + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- domain_separator, prf_input, error_1_) ++ domain_separator, error_1_, prf_input ++ <: ++ (u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & ++ t_Array u8 (sz 33))) + in +- let hax_temp_output:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1)) v_K = error_1_ in +- admit(); //P-F ++ let hax_temp_output:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = error_1_ in + prf_input, domain_separator, hax_temp_output + <: +- (t_Array u8 (sz 33) & u8 & t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_ETA2)) v_K) ++ (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + +-#push-options "--split_queries no --z3rlimit 300" +-let sample_vector_cbd_then_ntt (#p:Spec.Kyber.params) ++let sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) +- (prf_input: t_Array u8 (sz 33)) domain_separator = +- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat (wfZero) v_K +- in +- let orig_domain_separator = domain_separator in +- [@ inline_let] +- let inv: (u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K) -> usize -> Type = fun acc i -> +- let (domain_separator,prf_input,re_as_ntt) = acc in +- if (i >=. sz 0 && i <=. v_K) +- then +- domain_separator = orig_domain_separator +! (mk_int #u8_inttype (v i)) +- else true in +- let (domain_separator, prf_input, re_as_ntt):(u8 & t_Array u8 (sz 33) & t_Array (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) v_K)= +- Rust_primitives.Iterators.foldi_range #_ #_ #inv { ++ (prf_input: t_Array u8 (sz 33)) ++ (domain_separator: u8) ++ = ++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- (domain_separator, prf_input, re_as_ntt) ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ (domain_separator, prf_input, re_as_ntt ++ <: ++ (u8 & t_Array u8 (sz 33) & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ ) + (fun temp_0_ i -> + let domain_separator, prf_input, re_as_ntt:(u8 & t_Array u8 (sz 33) & +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = + temp_0_ + in + let i:usize = i in +@@ -134,74 +133,64 @@ + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1) = +- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA ++ let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA + (Rust_primitives.unsize prf_output <: t_Slice u8) + in +- let r:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b r in +- let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ let re_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt + i + (Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element r + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in + domain_separator, prf_input, re_as_ntt + <: + (u8 & t_Array u8 (sz 33) & +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K)) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) + in +- admit(); //P-F + re_as_ntt, domain_separator + <: +- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) + +- +-let compress_then_serialize_u #p v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN input = ++let compress_then_serialize_u ++ (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) ++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let orig_out = out in +- let acc_t = t_Array u8 v_OUT_LEN in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in + let out:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv +- input ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Iter.Traits.Collect.f_into_iter input ++ <: ++ Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) + out + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in +- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in +- assert (i <. v_K); +- assert (v i + 1 <= v v_K); +- assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN); +- assert (((v i + 1) * (v v_OUT_LEN / v v_K)) <= v v_OUT_LEN); +- assert (v_OUT_LEN /! v_K == Spec.Kyber.v_C1_BLOCK_SIZE p); +- assert (range (v i * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype); +- assert (range ((v i + 1) * v (Spec.Kyber.v_C1_BLOCK_SIZE p)) usize_inttype); +- assert ((Core.Ops.Range.impl_index_range_slice u8 usize_inttype).in_range out +- { +- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; +- Core.Ops.Range.f_end +- = +- (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize +- }); +- assert (((i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p) -! (i *! Spec.Kyber.v_C1_BLOCK_SIZE p) == Spec.Kyber.v_C1_BLOCK_SIZE p); ++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ +- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; +- Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize ++ Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; ++ Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice (out.[ { +- Core.Ops.Range.f_start = i *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize; ++ Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; + Core.Ops.Range.f_end + = +- (i +! sz 1 <: usize) *! Spec.Kyber.v_C1_BLOCK_SIZE p <: usize +- } ] ++ (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize ++ } ++ <: ++ Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) +- (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u #p ++ (Rust_primitives.unsize (Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u + v_COMPRESSION_FACTOR + v_BLOCK_LEN + re +@@ -214,234 +203,201 @@ + <: + t_Array u8 v_OUT_LEN) + in +- admit();//P-F + out + +-#push-options "--split_queries always" +-let deserialize_then_decompress_u (#p:Spec.Kyber.params) +- (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize) +- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat wfZero v_K +- in +- let acc_t1 = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in +- [@ inline_let] +- let inv = fun (acc:acc_t1) (i:usize) -> True in +- let sl : t_Slice u8 = ciphertext.[ +- { Core.Ops.Range.f_end = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in +- assert (length sl == v_VECTOR_U_ENCODED_SIZE); +- let chunk_len = ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! ++let deserialize_then_decompress_u ++ (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) ++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) ++ = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8) ++ ((Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: +- usize) in +- FStar.Math.Lemmas.cancel_mul_mod (v p.v_RANK) (v (Spec.Kyber.v_C1_BLOCK_SIZE p)) ; +- assert (v chunk_len == v (Spec.Kyber.v_C1_BLOCK_SIZE p)); +- assert (Seq.length sl % v (Spec.Kyber.v_C1_BLOCK_SIZE p) = 0); +- assert (Seq.length sl == v (Spec.Kyber.v_C1_SIZE p)); +- assert (Seq.length sl / v (Spec.Kyber.v_C1_BLOCK_SIZE p) == v v_K); +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t1 #inv +- sl +- chunk_len ++ usize) ++ <: ++ Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + u_as_ntt + (fun u_as_ntt temp_1_ -> +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + u_as_ntt + in +- let i, u_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in +- let u:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let i, u_bytes:(usize & t_Slice u8) = temp_1_ in ++ let u:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR + u_bytes + in +- assert (v i < v v_K); +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt + i + (Libcrux.Kem.Kyber.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR u + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in + u_as_ntt) + in +- admit(); //P-F + u_as_ntt +-#pop-options + +-#push-options "--z3rlimit 200" +-let deserialize_public_key (#p:Spec.Kyber.params) +- (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) = +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat wfZero v_K +- in +- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in +- let sl : t_Slice u8 = public_key.[ +- { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] in +- let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv +- sl +- chunk_len ++let deserialize_public_key (v_K: usize) (public_key: t_Slice u8) = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact public_key ++ Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT ++ <: ++ Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + tt_as_ntt + in +- let i, tt_as_ntt_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in ++ let i, tt_as_ntt_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element tt_as_ntt_bytes + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + in +- admit(); //P-F +- tt_as_ntt +-#pop-options +- +-#push-options "--split_queries always" +-let deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) = +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat wfZero v_K +- in +- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in +- let sl : t_Slice u8 = secret_key in +- let chunk_len = Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT in +- assert(v chunk_len == 384); +- assert(Seq.length secret_key == v (Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)); +- assert(Seq.length secret_key == (v v_K * 256 * 12)/8); +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv +- sl +- chunk_len ++ tt_as_ntt ++ ++let deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) = ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact secret_key ++ Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT ++ <: ++ Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + secret_as_ntt + (fun secret_as_ntt temp_1_ -> +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + secret_as_ntt + in +- let i, secret_bytes:(usize & t_Array u8 chunk_len) = temp_1_ in ++ let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt + i + (Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element secret_bytes + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + in +- admit(); //P-F + secret_as_ntt +-#pop-options + +-#push-options "--z3rlimit 400 --split_queries no" +-let decrypt #p ++let decrypt + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (secret_key: t_Slice u8) +- (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = +- let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- deserialize_then_decompress_u #p v_K +- v_CIPHERTEXT_SIZE +- v_VECTOR_U_ENCODED_SIZE +- v_U_COMPRESSION_FACTOR +- ciphertext ++ (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) ++ = ++ let u_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext + in +- let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v #p v_V_COMPRESSION_FACTOR ++ let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR + (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + in +- let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- deserialize_secret_key #p v_K secret_key ++ let secret_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ deserialize_secret_key v_K secret_key + in +- let message:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Matrix.compute_message #p v_K v secret_as_ntt u_as_ntt ++ let message:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Matrix.compute_message v_K v secret_as_ntt u_as_ntt + in +- let res = Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message in +- res +-#pop-options +- +-#push-options "--z3rlimit 200" +-let encrypt #p +- v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message message ++ ++let encrypt ++ (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: ++ usize) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) +- (randomness: t_Slice u8) = +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- deserialize_public_key #p v_K v_T_AS_NTT_ENCODED_SIZE public_key ++ (randomness: t_Slice u8) ++ = ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ deserialize_public_key v_K public_key + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = +- Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K + (into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in +- let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & ++ let r_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & + u8) = +- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy ++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + in +- assert (v domain_separator == v v_K); + let tmp0, tmp1, out:(t_Array u8 (sz 33) & u8 & +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = +- sample_vector_cbd #p v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = ++ sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator + in + let prf_input:t_Array u8 (sz 33) = tmp0 in + let domain_separator:u8 = tmp1 in +- let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = out in ++ let error_1_:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = out in + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + in +- assert (Seq.equal prf_input (Seq.append randomness (Seq.create 1 domain_separator))); +- assert (prf_input == Seq.append randomness (Seq.create 1 domain_separator)); + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux.Kem.Kyber.Hash_functions.v_PRF v_ETA2_RANDOMNESS_SIZE + (Rust_primitives.unsize prf_input <: t_Slice u8) + in +- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA2) - 1) = +- Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution #p v_ETA2 ++ let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution v_ETA2 + (Rust_primitives.unsize prf_output <: t_Slice u8) + in +- let error_2_:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b error_2_ in +- let u:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Libcrux.Kem.Kyber.Matrix.compute_vector_u #p v_K v_A_transpose r_as_ntt error_1_ ++ let u:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Libcrux.Kem.Kyber.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_ + in +- let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let message_as_ring_element:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message message + in +- let v:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Matrix.compute_ring_element_v #p v_K ++ let v:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Matrix.compute_ring_element_v v_K + tt_as_ntt + r_as_ntt + error_2_ + message_as_ring_element + in + let c1:t_Array u8 v_C1_LEN = +- compress_then_serialize_u #p v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u ++ compress_then_serialize_u v_K v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN u + in + let c2:t_Array u8 v_C2_LEN = +- Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v #p v_V_COMPRESSION_FACTOR ++ Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR + v_C2_LEN + v + in +- assert (v_C1_LEN = Spec.Kyber.v_C1_SIZE p); +- assert (v_C2_LEN = Spec.Kyber.v_C2_SIZE p); +- assert (v_CIPHERTEXT_SIZE == v_C1_LEN +! v_C2_LEN); +- assert (v_C1_LEN <=. v_CIPHERTEXT_SIZE); + let (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE):t_Array u8 v_CIPHERTEXT_SIZE = + into_padded_array v_CIPHERTEXT_SIZE (Rust_primitives.unsize c1 <: t_Slice u8) + in +@@ -457,25 +413,28 @@ + <: + t_Slice u8) + in +- lemma_slice_append ciphertext c1 c2; + ciphertext +-#pop-options + +-let serialize_secret_key (#p:Spec.Kyber.params) ++let serialize_secret_key + (v_K v_OUT_LEN: usize) +- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ = + let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let orig_out = out in +- let acc_t = t_Array u8 v_OUT_LEN in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in + let out:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #acc_t #inv +- key ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Iter.Traits.Collect.f_into_iter key ++ <: ++ Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Array.Iter.t_IntoIter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) + out + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in +- let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = temp_1_ in ++ let i, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start +@@ -514,14 +473,13 @@ + <: + t_Array u8 v_OUT_LEN) + in +- admit(); //P-F + out + +- +-let serialize_public_key (#p:Spec.Kyber.params) ++let serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (seed_for_a: t_Slice u8) = ++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ (seed_for_a: t_Slice u8) ++ = + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + in +@@ -538,7 +496,7 @@ + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) +- (Rust_primitives.unsize (serialize_secret_key #p v_K ++ (Rust_primitives.unsize (serialize_secret_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + tt_as_ntt + <: +@@ -564,49 +522,42 @@ + <: + t_Slice u8) + in +- lemma_slice_append public_key_serialized +- (Spec.Kyber.vector_encode_12 (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt)) +- seed_for_a; + public_key_serialized + +- +-let generate_keypair #p ++let generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) +- (key_generation_seed: t_Slice u8) = ++ (key_generation_seed: t_Slice u8) ++ = + let hashed:t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Hash_functions.v_G key_generation_seed in + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = +- Libcrux.Kem.Kyber.Matrix.sample_matrix_A #p v_K ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ Libcrux.Kem.Kyber.Matrix.sample_matrix_A v_K + (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + true + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + into_padded_array (sz 33) seed_for_secret_and_error + in +- let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ let secret_as_ntt, domain_separator:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + v_K & + u8) = +- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy ++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + in +- let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) = +- sample_vector_cbd_then_ntt #p v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator ++ let error_as_ntt, _:(t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) = ++ sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator + in +- let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Libcrux.Kem.Kyber.Matrix.compute_As_plus_e #p v_K v_A_transpose secret_as_ntt error_as_ntt ++ let tt_as_ntt:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Libcrux.Kem.Kyber.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt + in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = +- serialize_public_key #p v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A ++ serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = +- serialize_secret_key #p v_K v_PRIVATE_KEY_SIZE secret_as_ntt ++ serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt + in +- let res = + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) +- in +- res +- +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.532789439 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.580787543 +0100 +@@ -1,152 +1,80 @@ + module Libcrux.Kem.Kyber.Ind_cpa +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +-val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : +- Pure (t_Array u8 v_LEN) +- (requires (length slice <=. v_LEN)) +- (ensures (fun res -> Seq.slice res 0 (Seq.length slice) == slice)) ++val into_padded_array (v_LEN: usize) (slice: t_Slice u8) ++ : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + +-val sample_vector_cbd (#p:Spec.Kyber.params) ++val sample_ring_element_cbd + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) +- : Pure (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires v domain_separator <= v v_K /\ v_K <=. sz 4 /\ +- v_K = p.v_RANK /\ v_ETA2 = p.v_ETA2 /\ +- v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p) +- (ensures (fun (prf,ds,x) -> v ds == v domain_separator + v v_K /\ +- Seq.slice prf 0 32 == Seq.slice prf_input 0 32 /\ +- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x == +- Spec.Kyber.sample_vector_cbd #p (Seq.slice prf_input 0 32) (sz (v domain_separator)))) ++ : Prims.Pure ++ (t_Array u8 (sz 33) & u8 & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +- +-val sample_vector_cbd_then_ntt (#p:Spec.Kyber.params) ++val sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (prf_input: t_Array u8 (sz 33)) +- (domain_separator: u8{v domain_separator <= v v_K /\ v_K <=. sz 4}) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K & u8) +- (requires (v_K == p.v_RANK /\ v_ETA == p.v_ETA1 /\ v_ETA_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p)) +- (ensures (fun (x,ds) -> v ds == v domain_separator + v v_K /\ +- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p x == +- Spec.Kyber.sample_vector_cbd_then_ntt #p (Seq.slice prf_input 0 32) (sz (v domain_separator)))) ++ (domain_separator: u8) ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K & u8) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-val compress_then_serialize_u (#p:Spec.Kyber.params) ++val compress_then_serialize_u + (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) +- (input: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- : Pure (t_Array u8 v_OUT_LEN) +- (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_C1_SIZE p /\ +- v_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ +- v_BLOCK_LEN = Spec.Kyber.v_C1_BLOCK_SIZE p)) +- (ensures (fun res -> +- res == Spec.Kyber.compress_then_encode_u p +- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p input))) ++ (input: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + +-val deserialize_then_decompress_u (#p:Spec.Kyber.params) +- (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR: usize) ++val deserialize_then_decompress_u ++ (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires v_K == p.v_RANK /\ +- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ +- v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\ +- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR) +- (ensures fun res -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res == +- Spec.Kyber.(vector_ntt (decode_then_decompress_u p (Seq.slice ciphertext 0 (v (Spec.Kyber.v_C1_SIZE p)))))) +- +-val deserialize_public_key (#p:Spec.Kyber.params) +- (v_K v_T_AS_NTT_ENCODED_SIZE: usize) (public_key: t_Slice u8) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires v_K == p.v_RANK /\ +- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p) +- (ensures fun res -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b res == +- Spec.Kyber.vector_decode_12 #p (slice public_key (sz 0) v_T_AS_NTT_ENCODED_SIZE)) +- +-val deserialize_secret_key (#p:Spec.Kyber.params) (v_K: usize) (secret_key: t_Slice u8) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires v_K == p.v_RANK /\ +- length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p) +- (ensures fun res -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res == +- Spec.Kyber.vector_decode_12 #p secret_key) +- ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_public_key (v_K: usize) (public_key: t_Slice u8) ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_secret_key (v_K: usize) (secret_key: t_Slice u8) ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-val decrypt (#p:Spec.Kyber.params) ++val decrypt + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (secret_key: t_Slice u8) + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) +- : Pure (t_Array u8 (sz 32)) +- (requires (v_K == p.v_RANK /\ +- length secret_key == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ +- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ +- v_VECTOR_U_ENCODED_SIZE == Spec.Kyber.v_C1_SIZE p /\ +- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ +- v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR)) +- (ensures (fun res -> +- res == Spec.Kyber.ind_cpa_decrypt p secret_key ciphertext)) +- ++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +-val encrypt (#p:Spec.Kyber.params) ++val encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) +- (randomness: t_Slice u8{length randomness <. sz 33}) +- : Pure (t_Array u8 v_CIPHERTEXT_SIZE) +- (requires (v_K == p.v_RANK /\ +- v_ETA1 = p.v_ETA1 /\ +- v_ETA1_RANDOMNESS_SIZE = Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ +- v_ETA2 = p.v_ETA2 /\ +- v_BLOCK_LEN == Spec.Kyber.v_C1_BLOCK_SIZE p /\ +- v_ETA2_RANDOMNESS_SIZE = Spec.Kyber.v_ETA2_RANDOMNESS_SIZE p /\ +- v_U_COMPRESSION_FACTOR == p.v_VECTOR_U_COMPRESSION_FACTOR /\ +- v_V_COMPRESSION_FACTOR == p.v_VECTOR_V_COMPRESSION_FACTOR /\ +- length public_key == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- length randomness == Spec.Kyber.v_SHARED_SECRET_SIZE /\ +- v_CIPHERTEXT_SIZE == Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE p /\ +- v_T_AS_NTT_ENCODED_SIZE == Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE p /\ +- v_C1_LEN == Spec.Kyber.v_C1_SIZE p /\ +- v_C2_LEN == Spec.Kyber.v_C2_SIZE p)) +- (ensures (fun ct -> ct == Spec.Kyber.ind_cpa_encrypt p public_key message randomness)) +- +-val serialize_secret_key (#p:Spec.Kyber.params) ++ (randomness: t_Slice u8) ++ : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) ++ ++val serialize_secret_key + (v_K v_OUT_LEN: usize) +- (key: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- : Pure (t_Array u8 v_OUT_LEN) +- (requires (v_K == p.v_RANK /\ v_OUT_LEN == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p)) +- (ensures (fun res -> +- res == Spec.Kyber.vector_encode_12 #p +- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p key))) +- +-val serialize_public_key (#p:Spec.Kyber.params) ++ (key: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ (tt_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + (seed_for_a: t_Slice u8) +- : Pure (t_Array u8 v_PUBLIC_KEY_SIZE) +- (requires (v_K == p.v_RANK /\ +- v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\ +- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- length seed_for_a == sz 32)) +- (ensures (fun res -> res == Seq.append (Spec.Kyber.vector_encode_12 +- (Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt)) +- seed_for_a)) ++ : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +-val generate_keypair (#p:Spec.Kyber.params) ++val generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (key_generation_seed: t_Slice u8) +- : Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) +- (requires (v_K == p.v_RANK /\ +- v_ETA1 == p.v_ETA1 /\ +- v_ETA1_RANDOMNESS_SIZE == Spec.Kyber.v_ETA1_RANDOMNESS_SIZE p /\ +- v_PUBLIC_KEY_SIZE == Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE p /\ +- v_PRIVATE_KEY_SIZE == Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE p /\ +- v_RANKED_BYTES_PER_RING_ELEMENT == Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT p /\ +- length key_generation_seed == Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE)) +- (ensures (fun (sk,pk) -> (sk,pk) == Spec.Kyber.ind_cpa_generate_keypair p key_generation_seed)) +- +- ++ : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) ++ Prims.l_True ++ (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.495790901 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.566788095 +0100 +@@ -3,23 +3,22 @@ + open Core + open FStar.Mul + +-let decapsulate_1024_ ++let decapsulate_1024_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) = +- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber1024_params +- (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) ++ = ++ Libcrux.Kem.Kyber.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext + + let encapsulate_1024_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) +- (randomness: t_Array u8 (sz 32)) = +- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber1024_params +- (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) ++ (randomness: t_Array u8 (sz 32)) ++ = ++ Libcrux.Kem.Kyber.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) + (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber1024_params +- (sz 4) ++ Libcrux.Kem.Kyber.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.485791296 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.547788847 +0100 +@@ -5,21 +5,20 @@ + + let decapsulate_512_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) = +- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber512_params +- (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) ++ = ++ Libcrux.Kem.Kyber.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext + + let encapsulate_512_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) +- (randomness: t_Array u8 (sz 32)) = +- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber512_params +- (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) ++ (randomness: t_Array u8 (sz 32)) ++ = ++ Libcrux.Kem.Kyber.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) + (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber512_params +- (sz 2) ++ Libcrux.Kem.Kyber.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.487791217 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.550788728 +0100 +@@ -3,24 +3,22 @@ + open Core + open FStar.Mul + +- + let decapsulate_768_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) = +- Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber768_params +- (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) ++ = ++ Libcrux.Kem.Kyber.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext + + let encapsulate_768_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) +- (randomness: t_Array u8 (sz 32)) = +- Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber768_params +- (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) ++ (randomness: t_Array u8 (sz 32)) ++ = ++ Libcrux.Kem.Kyber.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) + (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + + let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) = +- Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber768_params +- (sz 3) ++ Libcrux.Kem.Kyber.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.488791178 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.562788254 +0100 +@@ -74,19 +74,16 @@ + val decapsulate_768_ + (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) +- : Pure (t_Array u8 (sz 32)) +- (requires True) +- (ensures (fun res -> res == Spec.Kyber.kyber768_decapsulate secret_key.f_value ciphertext.f_value)) ++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + + val encapsulate_768_ + (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) +- : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) +- (requires True) +- (ensures (fun (ct,ss)-> (ct.f_value,ss) == Spec.Kyber.kyber768_encapsulate public_key.f_value randomness)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) +- : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) +- (requires (True)) +- (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) +- ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) ++ Prims.l_True ++ (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.498790783 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.584787384 +0100 +@@ -3,418 +3,432 @@ + open Core + open FStar.Mul + +-open Libcrux.Kem.Kyber.Arithmetic +- +-let op_Array_Access (x:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) (i:usize{v i < 256}): i32 = +- x.f_coefficients.[i] +- +- +-#push-options "--ifuel 0 --z3rlimit 700" +-let compute_As_plus_e v_K matrix_A s_as_ntt error_as_ntt = +- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in +- let result:t_Array wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat wfZero v_K +- in +- [@ inline_let] +- let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) -> +- (v i <= v v_K) /\ +- (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero) +- in +- assert (inv0 result (sz 0)); +- let result:t_Array wfPolynomialRingElement v_K = +- Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #(t_Array wfPolynomialRingElement v_K) #inv0 +- matrix_A ++let compute_As_plus_e ++ (v_K: usize) ++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) ++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A ++ <: ++ t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Slice.Iter.t_Iter ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) + result + (fun result temp_1_ -> +- let orig_result = result in +- let orig_result_cast = (cast_vector_b #v_K #3328 #(v v_K * 3328) orig_result) in +- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in ++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = + temp_1_ + in +- [@ inline_let] +- let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) -> +- (v inner <= v v_K) /\ +- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) (v inner * 3328)) +- in +- assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0); +- assert(inv1 orig_result_cast (sz 0)); +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = +- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv1 +- row +- orig_result_cast ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter (Rust_primitives.unsize row ++ <: ++ t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ <: ++ Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) ++ result + (fun result temp_1_ -> ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ result ++ in + let j, matrix_element:(usize & +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + temp_1_ + in +- let resulti = down_cast_poly_b #(v v_K * 3328) #(v j * 3328) result.[i] in +- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply matrix_element +- (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (s_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) = +- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K +- resulti +- product) in +- let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(v v_K * 3328) product_sum in +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- product_sum ++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K ++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ product ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in + result) + in +- let result1 = result in +- [@ inline_let] +- let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) (inner:usize) -> +- (v inner <= 256) /\ +- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)).f_coefficients.[j] 3328)) +- // And all indexes above v inner are unchanged from result1 +- in +- assert (inv2 result1 (sz 0)); +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = +- Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K) #inv2 { +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- } ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end ++ = ++ Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + result +- (fun result j -> +- let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K = result in ++ (fun result j -> ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ result ++ in + let j:usize = j in +- let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) in +- let coefficient_normal_form: i32_b ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) = +- Libcrux.Kem.Kyber.Arithmetic.to_standard_domain #(v v_K * 3328) (resulti +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) ++ let coefficient_normal_form:i32 = ++ Libcrux.Kem.Kyber.Arithmetic.to_standard_domain ((result.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] ++ <: ++ i32) + in +- assert ((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665 <= 1940); +- let coefficient_normal_form: i32_b 1940 = cast_i32_b #((nat_div_ceil (v v_K * 3328 * 1353) (pow2 16)) + 1665) #1940 coefficient_normal_form in +- let x1: i32_b 3328 = (error_as_ntt.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] in +- let x2: i32_b 5268 = add_i32_b coefficient_normal_form x1 in +- assert (5268 <= v v_BARRETT_R /\ v v_BARRETT_R < pow2 31); +- let x3: i32_b (v v_BARRETT_R) = cast_i32_b #5268 #(v v_BARRETT_R) x2 in +- let resultij: i32_b 3328 = Libcrux.Kem.Kyber.Arithmetic.barrett_reduce x3 in +- let resultij: i32_b (v v_K * 3328) = cast_i32_b #3328 #(v v_K * 3328) resultij in +- let resulti_coeffs = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize +- (resulti.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- j resultij in +- let result = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i + ({ +- resulti with ++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = resulti_coeffs ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ j ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +! ++ ((error_as_ntt.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ t_Array i32 (sz 256) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K*3328)) in +- assert ((result.[i]).f_coefficients.[j] == resultij); +- assert(inv2 result (j +! sz 1)); +- let result: x:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) v_K{inv2 x (j +! mk_int 1)} = result in +- result) in +- assert (v i + 1 < v v_K ==> result.[i +! sz 1] == orig_result_cast.[i +! sz 1]); +- let result: t_Array wfPolynomialRingElement v_K = +- down_cast_vector_b #v_K #(v v_K * 3328) #3328 result in +- assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]); +- assume (inv0 result (i +! sz 1)); +- result) +- in +- admit(); //P-F +- result +-#pop-options ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement))) ++ in ++ result + +-#push-options "--ifuel 0 --z3rlimit 100" +-let compute_message #p v_K m_v secret_as_ntt u_as_ntt = +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> +- (v i <= v v_K) /\ +- (poly_range #(v v_K * 3328) acc (v i * 3328)) ++let compute_message ++ (v_K: usize) ++ (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = +- Rust_primitives.Iterators.foldi_range #_ #acc_t #inv { ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } +- result ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ result + (fun result i -> ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in + let i:usize = i in +- let result:t_PolynomialRingElement_b (v i * 3328) = +- down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in +- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply (secret_as_ntt.[ i ] + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (u_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i+1) * 3328) = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product + in +- let result = cast_poly_b #((v i + 1) * 3328) #(v v_K * 3328) result in +- assert(inv result (i +! sz 1)); + result) + in +- let acc_t = t_PolynomialRingElement_b (64*v v_K*3328) in +- let result:acc_t = Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result + in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> +- (v i <= 256) /\ +- (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K*3328) = +- Rust_primitives.Iterators.foldi_range #_ #_ #inv { ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } +- result ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ result + (fun result i -> ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in + let i:usize = i in +- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce +- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 +- result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in +- let resulti : i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((m_v +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- <: +- i32) -! +- coefficient_normal_form +- <: +- i32) ++ let coefficient_normal_form:i32 = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] + <: +- i32) in +- let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in +- let result = ++ i32) *! ++ 1441l ++ <: ++ i32) ++ in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + result with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i resulti ++ i ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((v ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) -! ++ coefficient_normal_form ++ <: ++ i32) ++ <: ++ i32) + } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- assert (inv result (i +! sz 1)); + result) + in +- admit(); //P-F + result +-#pop-options + +-#push-options "--ifuel 0 --z3rlimit 100" +-let compute_ring_element_v v_K tt_as_ntt r_as_ntt error_2_ message = +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- [@ inline_let] +- let inv = fun (acc:t_PolynomialRingElement_b (v v_K * 3328)) (i:usize) -> +- (v i <= 256) /\ +- (poly_range acc (v i * 3328)) in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328) = +- Rust_primitives.Iterators.foldi_range #_ #_ #inv ({ ++let compute_ring_element_v ++ (v_K: usize) ++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K + } ++ <: ++ Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> +- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ let i:usize = i in ++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply (tt_as_ntt.[ i ] + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (r_as_ntt.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- let result:t_PolynomialRingElement_b (v i * 3328) = +- down_cast_poly_b #(v v_K * 3328) #(v i * 3328) result in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v i + 1) * 3328) = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K result product + in +- cast_poly_b result) ++ result) + in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) = ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K result + in +- [@ inline_let] +- let inv = fun (acc:t_PolynomialRingElement_b (64 * v v_K * 3328)) (i:usize) -> +- (v i <= 256) /\ +- (forall (j:usize). (v j < v i) ==> i32_range ((acc <: t_PolynomialRingElement_b (64* v v_K * 3328)).f_coefficients.[j]) 3328) in +- let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) = +- Rust_primitives.Iterators.foldi_range #_ #_ #inv { ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } +- result ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ result + (fun result i -> +- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce +- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 +- result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] +- (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in +- let resulti : i32_b 3328 = +- (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +! +- (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) +- <: +- i32) +! +- (message.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) +- <: +- i32) ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ let i:usize = i in ++ let coefficient_normal_form:i32 = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] + <: +- i32) in +- let resulti = cast_i32_b #3328 #(64*v v_K*3328) resulti in +- let result = ++ i32) *! ++ 1441l ++ <: ++ i32) ++ in ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + result with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i resulti ++ i ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce ((coefficient_normal_form +! ++ (error_2_.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) ++ <: ++ i32) +! ++ (message.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) ++ <: ++ i32) ++ <: ++ i32) + } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + result) + in +- admit(); //P-F + result +-#pop-options + +-#push-options "--ifuel 0 --z3rlimit 300" + let compute_vector_u + (v_K: usize) +- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) +- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = +- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Hax.repeat wfZero v_K +- in +- let acc_t = t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K in +- [@ inline_let] +- let inv0 = fun (acc:t_Array wfPolynomialRingElement v_K) (i:usize) -> +- (v i <= v v_K) /\ +- (forall (j:usize). (v j >= v i /\ v j < v v_K) ==> (acc.[j] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) == wfZero) +- in +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = +- Rust_primitives.Iterators.foldi_slice #(t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) #acc_t #inv0 +- a_as_ntt ++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) ++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO v_K ++ in ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt ++ <: ++ t_Slice (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Slice.Iter.t_Iter ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K))) + result + (fun result temp_1_ -> +- let result:t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K = result in +- let orig_result = result in +- let orig_result_cast = (cast_vector_b #v_K #3328 #(64 * v v_K * 3328) orig_result) in +- let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = result in ++ let i, row:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) = + temp_1_ + in +- [@ inline_let] +- let inv1 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) (inner:usize) -> +- (v inner <= v v_K) /\ +- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (poly_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) (v inner * 3328)) +- in +- assert (forall (k:usize). (v k < 256) ==> v (result.[i] <: wfPolynomialRingElement).f_coefficients.[k] == 0); +- assert(inv1 orig_result_cast (sz 0)); +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K = +- Rust_primitives.Iterators.foldi_slice #Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K) #inv1 +- row +- orig_result_cast ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter (Rust_primitives.unsize row ++ <: ++ t_Slice Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ <: ++ Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate ++ (Core.Slice.Iter.t_Iter Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement)) ++ result + (fun result temp_1_ -> +- let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ result ++ in ++ let j, a_element:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + temp_1_ + in +- let resulti = down_cast_poly_b #(64 * v v_K * 3328) #(v j * 3328) result.[i] in +- let product:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let product:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Ntt.ntt_multiply a_element +- (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) ++ (r_as_ntt.[ j ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- let product_sum:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b ((v j + 1) * 3328) = +- (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element #(v j * 3328) #3328 v_K +- resulti +- product) in +- let product_sum:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) = cast_poly_b #((v j+1)* 3328) #(64 * v v_K * 3328) product_sum in +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328)) v_K = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- product_sum ++ (Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element v_K ++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ product ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in + result) + in +- assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); +- assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); +- let resulti : t_PolynomialRingElement_b (v v_K * 3328) = down_cast_poly_b result.[i] in +- let result = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i +- (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K resulti) +- in +- [@ inline_let] +- let inv2 = fun (acc:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) (inner:usize) -> +- (v inner <= 256) /\ +- (forall (j:usize). (v j < v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j > v i /\ v j < v v_K) ==> acc.[j] == orig_result_cast.[j]) /\ +- (forall (j:usize). (v j < v inner) ==> (i32_range (acc.[i] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] 3328)) +- // And all indexes above v inner are unchanged from result1 +- in +- assert (forall (j:usize). (v j < v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); +- assert (forall (j:usize). (v j > v i /\ v j < v v_K) ==> result.[j] == orig_result_cast.[j]); +- assert (inv2 result (sz 0)); +- let result:t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = +- Rust_primitives.Iterators.foldi_range #_ #(t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K) #inv2 { +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT +- } ++ (Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery v_K ++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end ++ = ++ Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + result + (fun result j -> +- let result: t_Array (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) v_K = result in +- let resulti:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) = result.[ i ] <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*v v_K * 3328)) in +- let coefficient_normal_form: i32_b (nat_div_ceil (306921472*v v_K) 65536 + 1665) = +- Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce +- (Libcrux.Kem.Kyber.Arithmetic.mul_i32_b #(64 * v v_K * 3328) #1441 +- (resulti <: t_PolynomialRingElement_b (64*v v_K * 3328)).f_coefficients.[j] (1441l <: Libcrux.Kem.Kyber.Arithmetic.i32_b 1441)) in +- let resultij: i32_b 3328 = (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce +- (add_i32_b coefficient_normal_form ((error_1_.[ i ] +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]))) in +- let result = ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = ++ result ++ in ++ let j:usize = j in ++ let coefficient_normal_form:i32 = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (((result.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] ++ <: ++ i32) *! ++ 1441l ++ <: ++ i32) ++ in ++ let result:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + i + ({ +- resulti with ++ (result.[ i ] <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients + = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (resulti +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (result.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- (cast_i32_b #3328 #(64 * v v_K * 3328) resultij) +- }) in +- result) +- in +- let result: t_Array wfPolynomialRingElement v_K = +- down_cast_vector_b #v_K #(64 * v v_K * 3328) #3328 result in +- assert (forall (j:usize). (v j >= v i + 1 /\ v j < v v_K) ==> derefine_poly_b result.[j] == derefine_poly_b orig_result.[j]); +- assume (inv0 result (i +! sz 1)); +- result) ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (coefficient_normal_form +! ++ ((error_1_.[ i ] ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ t_Array i32 (sz 256) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ in ++ result)) + in +- admit(); //P-F + result +-#pop-options + + let sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) = +- let wfZero: wfPolynomialRingElement = (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b #1 #3328 Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = +- Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat wfZero v_K) v_K ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = ++ Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ v_K ++ <: ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ v_K + in +- let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ let v_A_transpose:t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = v_K +@@ -426,7 +440,7 @@ + v_A_transpose + (fun v_A_transpose i -> + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = + v_A_transpose + in + let i:usize = i in +@@ -451,7 +465,7 @@ + <: + t_Array u8 (sz 34)) + (sz 32) +- (cast (i <: usize) <: u8) ++ (classify (cast (i <: usize) <: pub_u8)) + <: + t_Array u8 (sz 34)) + in +@@ -462,7 +476,7 @@ + <: + t_Array u8 (sz 34)) + (sz 33) +- (cast (j <: usize) <: u8) ++ (classify (cast (j <: usize) <: pub_u8)) + <: + t_Array u8 (sz 34)) + in +@@ -482,11 +496,11 @@ + v_A_transpose + (fun v_A_transpose j -> + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = + v_A_transpose + in + let j:usize = j in +- let sampled:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution (xof_bytes.[ j ] + <: + t_Array u8 (sz 840)) +@@ -494,34 +508,33 @@ + if transpose + then + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose + j + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ j + ] + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + i + sampled + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + in + v_A_transpose + else + let v_A_transpose:t_Array +- (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K = ++ (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A_transpose + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A_transpose.[ i + ] + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + j + sampled + <: +- t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) ++ t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) + in + v_A_transpose)) + in +- admit(); //P-F + v_A_transpose +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.515790111 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.557788451 +0100 +@@ -3,71 +3,39 @@ + open Core + open FStar.Mul + +- +-val compute_As_plus_e (#p:Spec.Kyber.params) ++val compute_As_plus_e + (v_K: usize) +- (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) +- (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires (v_K == p.v_RANK)) +- (ensures fun res -> +- let open Libcrux.Kem.Kyber.Arithmetic in +- v_K == p.v_RANK /\ +- to_spec_vector_b #p res = +- Spec.Kyber.compute_As_plus_e #p +- (to_spec_matrix_b #p matrix_A) +- (to_spec_vector_b #p s_as_ntt) +- (to_spec_vector_b #p error_as_ntt)) +- ++ (matrix_A: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) ++ (s_as_ntt error_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-val compute_message (#p:Spec.Kyber.params) ++val compute_message + (v_K: usize) +- (poly_v: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires (v_K == p.v_RANK)) +- (ensures (fun res -> +- let secret_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p secret_as_ntt in +- let u_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p u_as_ntt in +- let v_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b poly_v in +- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == +- Spec.Kyber.(poly_sub v_spec (poly_inv_ntt #p (vector_dot_product secret_spec u_spec))))) ++ (v: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (secret_as_ntt u_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-// TODO: error_2_ changed from `t_PolynomialRingElement_b 3` to `t_PolynomialRingElement_b 7` +-val compute_ring_element_v (#p:Spec.Kyber.params) ++val compute_ring_element_v + (v_K: usize) +- (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (error_2_: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7) +- (message: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires (v_K == p.v_RANK)) +- (ensures fun res -> +- let tt_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p tt_as_ntt in +- let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in +- let e2_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b error_2_ in +- let m_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b message in +- let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res in +- res_spec == Spec.Kyber.(poly_add (poly_add (vector_dot_product tt_spec r_spec) e2_spec) m_spec)) ++ (tt_as_ntt r_as_ntt: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ (error_2_ message: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-val compute_vector_u (#p:Spec.Kyber.params) ++val compute_vector_u + (v_K: usize) +- (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) +- (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- : Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) +- (requires (v_K == p.v_RANK)) +- (ensures fun res -> +- let a_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p a_as_ntt in +- let r_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p r_as_ntt in +- let e_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p error_1_ in +- let res_spec = Libcrux.Kem.Kyber.Arithmetic.to_spec_vector_b #p res in +- res_spec == Spec.Kyber.(vector_add (vector_inv_ntt (matrix_vector_mul a_spec r_spec)) e_spec)) +- +- +- +-val sample_matrix_A (#p:Spec.Kyber.params) (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) +- : Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement v_K) v_K) +- (requires (v_K == p.v_RANK)) +- (ensures fun res -> +- let matrix_A = Spec.Kyber.sample_matrix_A #p (Seq.slice seed 0 32) in +- if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A +- else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) ++ (a_as_ntt: t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) ++ (r_as_ntt error_1_: t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ : Prims.Pure (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val sample_matrix_A (v_K: usize) (seed: t_Array u8 (sz 34)) (transpose: bool) ++ : Prims.Pure (t_Array (t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K) v_K) ++ Prims.l_True ++ (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.504790546 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.540789123 +0100 +@@ -1,130 +1,56 @@ + module Libcrux.Kem.Kyber.Ntt +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + +- +-let v_ZETAS_TIMES_MONTGOMERY_R = +- let list : list (i32_b 1664) = +- [ +- (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; +- 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); +- (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; +- (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; +- 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; +- (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; +- 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; +- (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); +- (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; +- (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); +- (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l +- ] +- in +- FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); +- FStar.Pervasives.assert_norm (List.Tot.index list 1 == -758l); +- Seq.of_list list +- +-open Libcrux.Kem.Kyber.Arithmetic +- +-#push-options "--z3rlimit 50" +-let ntt_multiply_binomials (a0,a1) (b0,b1) zeta = +- let r0 = montgomery_reduce (mul_i32_b a1 b1) in +- let res = +- montgomery_reduce (add_i32_b (mul_i32_b a0 b0) (mul_i32_b r0 zeta)), +- montgomery_reduce (add_i32_b (mul_i32_b a0 b1) (mul_i32_b a1 b0)) in +- res +-#pop-options +- +-val mul_zeta_red (#v_K:usize{v v_K >= 1 /\ v v_K <= 4}) +- (#b:nat{b <= v v_K * 3328 * 64}) +- (zeta_i:usize{v zeta_i > 0 /\ v zeta_i <= 128} ) +- (layer:usize{v layer > 0 /\ +- v layer <= 7 /\ +- v zeta_i == pow2 (8 - v layer) /\ +- b == v v_K * 3328 * pow2(v layer - 1)}) +- (x:i32_b (2*b)) +- (i:usize{v i < 128 / pow2 (v layer)}) : +- i32_b (2*b) +-let mul_zeta_red #v_K #b zeta_i layer x i = +- let zeta_i = zeta_i -! sz 1 -! i in +- let zeta:i32_b 1664 = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in +- if layer <=. sz 6 then ( +- assert (b <= 4 * 3328 * 32); +- assert (2*b*1664 < pow2 31); +- let product:i32_b (2 * b * 1664) = mul_i32_b x zeta in +- let res = montgomery_reduce product in +- res +- ) else ( +- assert (v i < 1); +- assert (zeta_i = sz 1); +- assert (zeta = -758l); +- let zeta:i32_b 758 = zeta in +- let product:i32_b (2 * b * 758) = mul_i32_b x zeta in +- let res = montgomery_reduce product in +- res +- ) +- +- +-val lemma_zeta_decr: orig:usize -> fin:usize -> layer:usize{v layer <= 7} -> +- Lemma (v fin == v orig - 128/(pow2 (v layer)) /\ +- v orig == pow2 (8 - v layer) ==> +- v fin == pow2 (7 - v layer)) +-let lemma_zeta_decr orig fin layer = () +- +-#push-options "--ifuel 0 --z3rlimit 1200" +-let invert_ntt_at_layer #v_K #b zeta_i re layer = ++let ntt_multiply_binomials (a0, a1: (i32 & i32)) (b0, b1: (i32 & i32)) (zeta: i32) = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b0 <: i32) +! ++ ((Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a1 *! b1 <: i32) <: i32) *! zeta <: i32) ++ <: ++ i32), ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce ((a0 *! b1 <: i32) +! (a1 *! b0 <: i32) <: i32) ++ <: ++ (i32 & i32) ++ ++let invert_ntt_at_layer ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ = + let step:usize = sz 1 < 0); +- assert (v step == pow2 (v layer)); +- let orig_re = re in +- let orig_zeta_i = zeta_i in +- [@ inline_let] +- let inv = fun (acc:t_PolynomialRingElement_b (2*b) & usize) (i:usize) -> +- let (re,zeta_i) = acc in +- v zeta_i == v orig_zeta_i - v i /\ +- (forall k. (v k >= 2 * v i * v step (* + 2 * v step *)) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]) +- in +- let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = +- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (2*b) & usize) #inv { ++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 128 /! step ++ Core.Ops.Range.f_end = sz 128 >>! layer <: usize + } +- (cast_poly_b #b #(2*b) re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize)) ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + (fun temp_0_ round -> +- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) & usize) = temp_0_ in ++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in + let round:usize = round in +- let orig_re_round = re in + let zeta_i:usize = zeta_i -! sz 1 in +- assert(v round * v step < 128); +- assert(v round * v step + v step <= 128); +- assert(v round * v step * 2 <= 254); +- assert(v round * v step * 2 + 2 * v step <= 256); +- let offset:usize = (round *! step) *! sz 2 in +- assert (v offset + 2 * v step <= 256); +- assert (v offset + v step <= 256); +- assert (forall k. v k >= v offset ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); +- [@ inline_let] +- let inv = fun (acc:t_PolynomialRingElement_b (2 * b)) (i:usize) -> +- (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\ +- (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = +- Rust_primitives.Iterators.foldi_range #_ #_ #inv { ++ let offset:usize = (round *! step <: usize) *! sz 2 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! step <: usize +- } ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = re in +- assert (re.f_coefficients.[j] == orig_re_round.f_coefficients.[j]); +- assert (re.f_coefficients.[j +! step] == orig_re_round.f_coefficients.[j +! step]); +- assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]); +- assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]); +- let re_j:i32_b b = orig_re.f_coefficients.[j] in +- let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let j:usize = j in +- let a_minus_b:i32_b (2*b) = sub_i32_b re_j_step re_j in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) = ++ let a_minus_b:i32 = ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] <: i32) -! ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -132,13 +58,17 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- (add_i32_b re_j re_j_step) ++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] ++ <: ++ i32) ++ <: ++ i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2 * b) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let red = mul_zeta_red #v_K #b orig_zeta_i layer a_minus_b round in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -146,69 +76,74 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! step <: usize) +- red ++ (Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce (a_minus_b *! ++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) ++ <: ++ i32) ++ <: ++ i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in +- re, zeta_i <: t_PolynomialRingElement_b (2*b) & usize) ++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b) = re in +- lemma_zeta_decr orig_zeta_i zeta_i layer; +- zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) +-#pop-options ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + +-#push-options "--z3rlimit 500" +-let invert_ntt_montgomery v_K re = ++let invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + let _:Prims.unit = () <: Prims.unit in +- let b = v v_K * 3328 in +- assert (v v_K <= 4); +- assert (b <= 4 * 3328); + let zeta_i:usize = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in +- assert (v zeta_i == pow2 (8 - 1)); +- let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) = +- invert_ntt_at_layer #v_K #b zeta_i re (sz 1) ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 1) + in + let zeta_i:usize = tmp0 in +- let hoist1 = out in +- let re = hoist1 in +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (4*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 2) ++ let hoist1:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist1 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 2) + in + let zeta_i:usize = tmp0 in +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 3) ++ let hoist2:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist2 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 3) + in + let zeta_i:usize = tmp0 in +- assert (8*b = v v_K * 3328 * pow2 (4 - 1)); +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (16*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 4) ++ let hoist3:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist3 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 4) + in + let zeta_i:usize = tmp0 in +- assert (16*b == v v_K * 3328 * pow2 (5 - 1)); +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (32*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 5) ++ let hoist4:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist4 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 5) + in + let zeta_i:usize = tmp0 in +- assert (32*b = v v_K * 3328 * pow2 (6 - 1)); +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 6) ++ let hoist5:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist5 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 6) + in + let zeta_i:usize = tmp0 in +- assert (64*b = v v_K * 3328 * pow2 (7 - 1)); +- let tmp0, re:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b)) = +- invert_ntt_at_layer #v_K zeta_i re (sz 7) ++ let hoist6:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist6 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ invert_ntt_at_layer zeta_i re (sz 7) + in + let zeta_i:usize = tmp0 in ++ let hoist7:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist7 in + let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- admit(); +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 8 ++ Core.Ops.Range.f_end = sz 2 + } + <: + Core.Ops.Range.t_Range usize) +@@ -216,7 +151,7 @@ + Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (128*b) = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let i:usize = i in + { + re with +@@ -235,84 +170,52 @@ + t_Array i32 (sz 256) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64*b)) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- re +-#pop-options +- +-#push-options "--z3rlimit 500" +-val mul_zeta_red2 (#b:nat{b <= 31175}) +- (zeta_i:usize{v zeta_i >= 0 /\ v zeta_i <= 63} ) +- (layer:usize{v layer > 0 /\ +- v layer <= 7 /\ +- v zeta_i == pow2 (7 - v layer) - 1}) +- (x:i32_b b) +- (i:usize{v i < 128/(pow2 (v layer))}) +- : i32_b 3328 +-let mul_zeta_red2 #b zeta_i layer x i = +- let zeta_i = zeta_i +! sz 1 +! i in +- let zeta = v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] in +- assert (b * 1664 < 65536 * 3328); +- let red = Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer #(3328+b) #1664 x +- (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) in +- red +-#pop-options ++ re + +-#push-options "--ifuel 0 --z3rlimit 5000" +-let ntt_at_layer #b zeta_i re layer initial_coefficient_bound = +- let step = sz 1 < +- let (re,zeta_i) = acc in +- v zeta_i == v orig_zeta_i + v i /\ +- (forall k. v k >= 2 * v i * v step ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]) +- in +- let re, zeta_i: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = +- Rust_primitives.Iterators.foldi_range #_ #(t_PolynomialRingElement_b (3328+b) & usize) #inv { ++let ntt_at_layer ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer initial_coefficient_bound: usize) ++ = ++ let step:usize = sz 1 <>! layer <: usize + } +- (cast_poly_b #b #(3328+b) re, zeta_i) ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ (re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + (fun temp_0_ round -> +- let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize) = temp_0_ in ++ let re, zeta_i:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) = temp_0_ in + let round:usize = round in + let zeta_i:usize = zeta_i +! sz 1 in +- assert(v round * v step < 128); +- assert(v round * v step + v step <= 128); +- assert(v round * v step * 2 <= 254); +- assert(v round * v step * 2 + 2 * v step <= 256); +- let offset:usize = (round *! step) *! sz 2 in +- assert (v offset + 2 * v step <= 256); +- assert (v offset + v step <= 256); +- [@ inline_let] +- let inv: t_PolynomialRingElement_b (3328+b) -> int_t usize_inttype -> Type0 = +- fun (acc:t_PolynomialRingElement_b (3328+b)) (i:usize) -> +- (forall k. (v k >= v i /\ v k < v offset + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) /\ +- (forall k. (v k >= v i + v step) ==> acc.f_coefficients.[k] == orig_re.f_coefficients.[k]) +- in +- assert (forall k. (v k >= v offset /\ v k < v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); +- assert (forall k. (v k >= v offset + v step) ==> re.f_coefficients.[k] == orig_re.f_coefficients.[k]); +- assert (inv re offset); +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+ b) = +- Rust_primitives.Iterators.foldi_range #usize_inttype #(t_PolynomialRingElement_b (3328+b)) #inv { ++ let offset:usize = (round *! step <: usize) *! sz 2 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = offset; + Core.Ops.Range.f_end = offset +! step <: usize +- } ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let j:usize = j in +- assert (re.f_coefficients.[j] == orig_re.f_coefficients.[j]); +- assert (re.f_coefficients.[j +! step] == orig_re.f_coefficients.[j +! step]); +- let re_j:i32_b b = orig_re.f_coefficients.[j] in +- let re_j_step:i32_b b = orig_re.f_coefficients.[j +! step] in +- let t:i32_b 3328 = mul_zeta_red2 #b orig_zeta_i layer +- re_j_step round in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = ++ let t:i32 = ++ Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer (re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! step <: usize ] ++ <: ++ i32) ++ (v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i32) ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -320,12 +223,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! step <: usize) +- (sub_i32_b #b #3328 re_j_step t) ++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -333,70 +236,64 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- (add_i32_b #b #3328 re_j t) ++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in +- re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) & usize)) ++ re, zeta_i <: (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + in + let _:Prims.unit = () <: Prims.unit in +- let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b) = re in +- assert (v zeta_i = v orig_zeta_i + 128/v step); +- assert (v zeta_i = v orig_zeta_i + pow2(7 - v layer)); +- assert (v zeta_i = pow2(8 - v layer) - 1); +- zeta_i, hax_temp_output +-#pop-options ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + +-let ntt_at_layer_3_ #b zeta_i re layer = +- let tmp0, out = +- ntt_at_layer zeta_i re layer (sz 7879) ++let ntt_at_layer_3_ ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ = ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ ntt_at_layer zeta_i re layer (sz 3) + in + let zeta_i:usize = tmp0 in +- let hax_temp_output = out in +- zeta_i, hax_temp_output +- +-let ntt_at_layer_3328_ zeta_i re layer = +- let tmp0, out = ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ ++let ntt_at_layer_3328_ ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ = ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer zeta_i re layer (sz 3328) + in + let zeta_i:usize = tmp0 in +- let hax_temp_output = out in +- zeta_i, hax_temp_output ++ let hax_temp_output:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ zeta_i, hax_temp_output <: (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + +-#push-options "--ifuel 0 --z3rlimit 1500" +-#restart-solver +-let ntt_binomially_sampled_ring_element re = ++let ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + let _:Prims.unit = () <: Prims.unit in + let zeta_i:usize = sz 1 in +- [@ inline_let] +- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207)) (i:usize) -> +- (v i <= 128) /\ +- (forall (j:usize). (v j >= v i /\ v j < 128) ==> +- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) /\ +- (forall (j:usize). (v j >= v i + 128 /\ v j < 256) ==> +- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207).f_coefficients.[j] 7) +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in +- assert (inv re (sz 0)); +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = +- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207) #inv ({ ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 128 + } + <: + Core.Ops.Range.t_Range usize) +- (cast_poly_b re) ++ <: ++ Core.Ops.Range.t_Range usize) ++ re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 11207 = cast_poly_b re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let j:usize = j in +- let t:i32_b (7*1600) = +- mul_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ]) +- (-1600l <: i32_b 1600) ++ let t:i32 = ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j +! sz 128 <: usize ] <: i32) *! ++ (-1600l) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -404,10 +301,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (j +! sz 128 <: usize) +- (sub_i32_b #7 #11200 (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32_b 7) t) ++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) -! t <: i32) + } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (11207) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -415,76 +314,90 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + j +- (add_i32_b (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ]) t) ++ ((re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ j ] <: i32) +! t <: i32) + } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + let _:Prims.unit = () <: Prims.unit in +- assert (v zeta_i = pow2 (7 - 6) - 1); +- let zeta_i, re = ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 6) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist8:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist8 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 5) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist9:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist9 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 4) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist10:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist10 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 3) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist11:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist11 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 2) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist12:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist12 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3_ zeta_i re (sz 1) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in +- [@ inline_let] +- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207))) (i:usize) -> +- (v i <= 256) /\ +- (forall (j:usize). (v j < v i) ==> +- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)).f_coefficients.[j] 3328) +- in +- assert (inv re (sz 0)); +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = +- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207)) #inv ({ ++ let zeta_i:usize = tmp0 in ++ let hoist13:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist13 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } + <: + Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (6*3328+11207) = re in +- let rei:i32_b (v v_BARRETT_R) = cast_i32_b #(6*3328+11207) #(v v_BARRETT_R) (re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ]) in +- let rei: i32_b (6*3328+11207) = cast_i32_b #3328 #(6*3328+11207) ( +- Libcrux.Kem.Kyber.Arithmetic.barrett_reduce rei) in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let i:usize = i in +- let re_coeffs:t_Array (i32_b (6*3328+11207)) (sz 256) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- i rei in + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = re_coeffs +- }) ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ i ++ (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ t_Array i32 (sz 256) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = down_cast_poly_b #(6*3328+11207) #3328 re in +- re +-#pop-options +- ++ re + +-#push-options "--z3rlimit 100" +-let ntt_multiply lhs rhs = ++let ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + let _:Prims.unit = () <: Prims.unit in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 1 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end +@@ -495,31 +408,34 @@ + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) +- (cast_poly_b out) ++ out + (fun out i -> +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = out in ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in + let i:usize = i in +- assert (v i * 4 + 4 <= 256); +- let product = ++ let product:(i32 & i32) = + ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i + <: + usize ] + <: +- i32_b 3328), ++ i32), + (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1 + <: + usize ] + <: +- i32_b 3328)) +- ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32_b 3328), ++ i32) ++ <: ++ (i32 & i32)) ++ ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ sz 4 *! i <: usize ] <: i32), + (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 1 + <: + usize ] + <: +- i32_b 3328)) +- (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32_b 1664) ++ i32) ++ <: ++ (i32 & i32)) ++ (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32) + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -530,9 +446,9 @@ + product._1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -543,29 +459,41 @@ + product._2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let product = ++ let product:(i32 & i32) = + ntt_multiply_binomials ((lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i + <: + usize) +! + sz 2 + <: +- usize ]), ++ usize ] ++ <: ++ i32), + (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3 + <: +- usize ])) +- ++ usize ] ++ <: ++ i32) ++ <: ++ (i32 & i32)) + ((rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 2 + <: +- usize ]), ++ usize ] ++ <: ++ i32), + (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ (sz 4 *! i <: usize) +! sz 3 + <: +- usize ])) +- (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ]) <: i32_b 1664) +- ++ usize ] ++ <: ++ i32) ++ <: ++ (i32 & i32)) ++ (Core.Ops.Arith.Neg.neg (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! i <: usize ] <: i32) ++ <: ++ i32) + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -576,9 +504,9 @@ + product._1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in +- let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -589,55 +517,72 @@ + product._2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + out) + in + out +-#pop-options + +-#push-options "--ifuel 0 --z3rlimit 200" +-let ntt_vector_u v_VECTOR_U_COMPRESSION_FACTOR re = ++let ntt_vector_u ++ (v_VECTOR_U_COMPRESSION_FACTOR: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = + let _:Prims.unit = () <: Prims.unit in + let zeta_i:usize = sz 0 in +- let zeta_i, re = ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 7) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist14:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist14 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 6) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist15:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist15 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 5) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist16:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist16 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 4) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist17:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist17 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 3) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist18:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist18 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 2) + in +- let zeta_i, re = ++ let zeta_i:usize = tmp0 in ++ let hoist19:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist19 in ++ let tmp0, out:(usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + ntt_at_layer_3328_ zeta_i re (sz 1) + in +- [@ inline_let] +- let inv = fun (acc:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328))) (i:usize) -> +- (v i <= 256) /\ +- (forall (j:usize). (v j < v i) ==> +- i32_range (acc <: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)).f_coefficients.[j] 3328) +- in +- assert (inv re (sz 0)); +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = +- Rust_primitives.Iterators.foldi_range #_ #(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) #inv ({ ++ let zeta_i:usize = tmp0 in ++ let hoist20:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = out in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = hoist20 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + } + <: + Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) + re + (fun re i -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328) = re in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let i:usize = i in + { + re with +@@ -647,10 +592,15 @@ + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + i + (Libcrux.Kem.Kyber.Arithmetic.barrett_reduce (re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ])) ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) ++ <: ++ i32) ++ <: ++ t_Array i32 (sz 256) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (8*3328)) ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in +- down_cast_poly_b #(8*3328) #3328 re +-#pop-options ++ re +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.497790822 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.574787780 +0100 +@@ -2,80 +2,224 @@ + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul +-open Libcrux.Kem.Kyber.Arithmetic + +-val v_ZETAS_TIMES_MONTGOMERY_R: x:t_Array (i32_b 1664) (sz 128){v (x.[sz 1] <: i32) == -758} ++let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i32 (sz 128) = ++ let list = ++ [ ++ (-1044l); (-758l); (-359l); (-1517l); 1493l; 1422l; 287l; 202l; (-171l); 622l; 1577l; 182l; ++ 962l; (-1202l); (-1474l); 1468l; 573l; (-1325l); 264l; 383l; (-829l); 1458l; (-1602l); (-130l); ++ (-681l); 1017l; 732l; 608l; (-1542l); 411l; (-205l); (-1571l); 1223l; 652l; (-552l); 1015l; ++ (-1293l); 1491l; (-282l); (-1544l); 516l; (-8l); (-320l); (-666l); (-1618l); (-1162l); 126l; ++ 1469l; (-853l); (-90l); (-271l); 830l; 107l; (-1421l); (-247l); (-951l); (-398l); 961l; ++ (-1508l); (-725l); 448l; (-1065l); 677l; (-1275l); (-1103l); 430l; 555l; 843l; (-1251l); 871l; ++ 1550l; 105l; 422l; 587l; 177l; (-235l); (-291l); (-460l); 1574l; 1653l; (-246l); 778l; 1159l; ++ (-147l); (-777l); 1483l; (-602l); 1119l; (-1590l); 644l; (-872l); 349l; 418l; 329l; (-156l); ++ (-75l); 817l; 1097l; 603l; 610l; 1322l; (-1285l); (-1465l); 384l; (-1215l); (-136l); 1218l; ++ (-1335l); (-874l); 220l; (-1187l); (-1659l); (-1185l); (-1530l); (-1278l); 794l; (-1510l); ++ (-854l); (-870l); 478l; (-108l); (-308l); 996l; 991l; 958l; (-1460l); 1522l; 1628l ++ ] ++ in ++ FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); ++ Rust_primitives.Hax.array_of_list list ++ ++val ntt_multiply_binomials: (i32 & i32) -> (i32 & i32) -> zeta: i32 ++ -> Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) ++ ++val invert_ntt_at_layer ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val invert_ntt_montgomery (v_K: usize) (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + +-val ntt_multiply_binomials (a:wfFieldElement&wfFieldElement) (b: wfFieldElement&wfFieldElement) (zeta: i32_b 1664) : +- Pure (wfFieldElement & wfFieldElement) +- (requires True) +- (ensures (fun _ -> True)) +- +-val invert_ntt_at_layer (#v_K:usize{v v_K >= 1 /\ v v_K <= 4}) +- (#b:nat{b <= v v_K * 3328 * 64}) +- (zeta_i: usize{v zeta_i >= 1 /\ v zeta_i <= 128}) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) +- (layer: usize{v layer > 0 /\ +- v layer <= 7 /\ +- v zeta_i == pow2 (8 - v layer) /\ +- b == v v_K * 3328 * pow2(v layer - 1)}) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (2*b)) ++val ntt_at_layer ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer initial_coefficient_bound: usize) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + Prims.l_True +- (fun x -> let (zeta_fin,re) = x in v zeta_fin == pow2 (7 - v layer)) ++ (fun _ -> Prims.l_True) + +-val invert_ntt_montgomery (v_K: usize{v v_K >= 1 /\ v v_K <= 4}) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (v v_K * 3328)) +- : Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (64 * v v_K * 3328) +- +-val ntt_at_layer +- (#b:nat{b <= 31175}) +- (zeta_i: usize{v zeta_i < 128}) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) +- (layer: usize{v layer > 0 /\ +- v layer <= 7 /\ +- v zeta_i == pow2 (7 - v layer) - 1}) +- (initial_coefficient_bound: usize{b == (7 - v layer) * 3328 + v initial_coefficient_bound}) +- : Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) +- (requires True) +- (ensures fun (zeta_i, result) -> v zeta_i == pow2 (8 - v layer) - 1) +- +-val ntt_at_layer_3_ (#b:nat) +- (zeta_i: usize{v zeta_i < 128}) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) +- (layer: usize{v layer > 0 /\ +- v layer <= 6 /\ +- v zeta_i == pow2 (7 - v layer) - 1 /\ +- b == (6 - v layer) * 3328 + 11207}) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) ++val ntt_at_layer_3_ ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + Prims.l_True +- (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1) ++ (fun _ -> Prims.l_True) + +-val ntt_at_layer_3328_ (#b:nat{b <= 7*3328}) +- (zeta_i: usize{v zeta_i < 128}) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b b) +- (layer: usize{v layer > 0 /\ +- v layer <= 7 /\ +- v zeta_i == pow2 (7 - v layer) - 1 /\ +- b == (7 - v layer) * 3328 + 3328}) +- : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (3328+b)) ++val ntt_at_layer_3328_ ++ (zeta_i: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ (layer: usize) ++ : Prims.Pure (usize & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + Prims.l_True +- (ensures fun (zeta_i,result) -> v zeta_i == pow2 (8 - v layer) - 1) ++ (fun _ -> Prims.l_True) ++ ++val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ (requires ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) ++ <: ++ i32) <=. ++ 3l ++ <: ++ bool) ++ <: ++ bool)) ++ (ensures ++ fun result -> ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ ++ i ] ++ <: ++ i32) ++ <: ++ i32) < ++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ bool) ++ <: ++ bool)) ++ ++val ntt_multiply (lhs rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ (requires ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ let lhs_i = (lhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] <: i32) in ++ (lhs_i >=. 0l <: bool) && ++ (lhs_i <. 4096l <: bool ++ ) && ++ (v (Core.Num.impl__i32__abs (rhs.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) ++ <: ++ i32) <= ++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ bool)) ++ <: ++ bool)) ++ (ensures ++ fun result -> ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ ++ i ] ++ <: ++ i32) ++ <: ++ i32) <= ++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ bool) ++ <: ++ bool)) + +-val ntt_binomially_sampled_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7) +- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires True) +- (ensures (fun _ -> True)) +- +-val ntt_multiply (lhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) +- (rhs: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) +- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) +- (requires True) +- (ensures (fun _ -> True)) +- + val ntt_vector_u + (v_VECTOR_U_COMPRESSION_FACTOR: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3328) +- : Prims.Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires True) +- (ensures fun _ -> True) +- ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ (requires ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ (Core.Num.impl__i32__abs (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ i ] ++ <: ++ i32) ++ <: ++ i32) <=. ++ 3328l ++ <: ++ bool) ++ <: ++ bool)) ++ (ensures ++ fun result -> ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ v (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ ++ i ] ++ <: ++ i32) ++ <: ++ i32) < ++ v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ <: ++ bool) ++ <: ++ bool)) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.525789716 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.581787503 +0100 +@@ -3,34 +3,27 @@ + open Core + open FStar.Mul + +-let rejection_sampling_panic_with_diagnostic () : Prims.unit = +- admit(); // This should never be reachable ++let rejection_sampling_panic_with_diagnostic (_: Prims.unit) = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" + <: + Rust_primitives.Hax.t_Never) + +-#push-options "--ifuel 0 --z3rlimit 100" + let sample_from_binomial_distribution_2_ (randomness: t_Slice u8) = +- let sampled: t_PolynomialRingElement_b 3 = +- cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- +- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in +- let sl : t_Slice u8 = randomness in +- let chunk_len = sz 4 in +- assert (v (length sl) == 128); +- assert (Seq.length sl == 128); +- assert_norm (128 % 4 == 0); +- let sampled = +- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv +- sl +- chunk_len ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + sampled + (fun sampled temp_1_ -> +- let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in +- assert(chunk_number <. sz 32); ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in ++ let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in + let (random_bits_as_u32: u32):u32 = + (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. + ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in +- logand_lemma (random_bits_as_u32 >>! 1l <: u32) 1431655765ul; +- assert(odd_bits <=. 1431655765ul); + let coin_toss_outcomes:u32 = even_bits +! odd_bits in +- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 in +- [@ inline_let] +- let inv : acc_t -> u32 -> Type = fun acc i -> True in +- Rust_primitives.Iterators.foldi_range_step_by #u32_inttype #(acc_t) #inv ({ ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ++ ({ + Core.Ops.Range.f_start = 0ul; + Core.Ops.Range.f_end = Core.Num.impl__u32__BITS +- } +- <: +- Core.Ops.Range.t_Range u32) +- (sz 4) ++ } ++ <: ++ Core.Ops.Range.t_Range pub_u32) ++ (sz 4) ++ <: ++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_u32)) ++ <: ++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_u32)) + sampled + (fun sampled outcome_set -> +- let outcome_set:u32 = outcome_set in +- assert (v outcome_set + 4 <= 32); +- let out_1 = ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in ++ let outcome_set:pub_u32 = outcome_set in + let outcome_1_:i32 = +- cast out_1 <: i32 ++ cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i32 + in +- let out_2 = ((coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) &. 3ul <: u32) in + let outcome_2_:i32 = +- cast out_2 <: i32 ++ cast ((coin_toss_outcomes >>! (outcome_set +! 2ul <: pub_u32) <: u32) &. 3ul <: u32) ++ <: ++ i32 + in +- logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; +- assert (v out_1 >= 0); +- assert (v out_1 <= 3); +- assert (v outcome_1_ == v out_1 @% pow2 32); +- Math.Lemmas.small_modulo_lemma_1 (v out_1) (pow2 32); +- assert (v outcome_1_ == v out_1); +- assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); +- logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; +- assert (v out_2 >= 0); +- assert (v out_2 <= 3); +- assert (v outcome_2_ == v out_2 @% pow2 32); +- Math.Lemmas.small_modulo_lemma_1 (v out_2) (pow2 32); +- assert (v outcome_2_ == v out_2); +- assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); +- let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in +- assert (outcome_set <. 32ul); +- assert (v (outcome_set >>! 2l <: u32) = v outcome_set / 4); +- assert (v (outcome_set >>! 2l <: u32) < 8); +- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 32); +- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set >>! 2l <: u32)) (pow2 64); +- assert (v offset < 8); +- assert (8 * v chunk_number + 8 <= 256); +- assert (8 * v chunk_number + v offset < 256); +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 = ++ let offset:usize = cast (outcome_set >>! 2l <: pub_u32) <: usize in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + sampled with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -104,36 +73,29 @@ + (outcome_1_ -! outcome_2_ <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 3 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + sampled)) +- in +- let _:Prims.unit = () <: Prims.unit in +- admit(); // P-F +- sampled +-#pop-options ++ in ++ let _:Prims.unit = () <: Prims.unit in ++ sampled + +-#push-options "--ifuel 0 --z3rlimit 200" + let sample_from_binomial_distribution_3_ (randomness: t_Slice u8) = +- let sampled:t_PolynomialRingElement_b 7 = +- (Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO) ++ let (sampled: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in +- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in +- [@ inline_let] +- let inv = fun (acc:acc_t) (i:usize) -> True in +- let sl : t_Slice u8 = randomness in +- let chunk_len = sz 3 in +- assert (v (length sl) == 192); +- assert (Seq.length sl == 192); +- assert_norm (192 % 3 == 0); +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = +- Rust_primitives.Iterators.foldi_chunks_exact #u8 #acc_t #inv +- sl +- chunk_len ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + sampled + (fun sampled temp_1_ -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in +- let chunk_number, byte_chunk:(usize & t_Array u8 chunk_len) = temp_1_ in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in ++ let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in + let (random_bits_as_u24: u32):u32 = + ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. + ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in +- logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; +- assert (second_bits <=. 2396745ul); + let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in +- logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul; +- assert (third_bits <=. 2396745ul); + let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in +- let acc_t = Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 in +- [@ inline_let] +- let inv : acc_t -> i32 -> Type = fun acc i -> True in +- Rust_primitives.Iterators.foldi_range_step_by #i32_inttype #(acc_t) #inv ({ +- Core.Ops.Range.f_start = 0l; +- Core.Ops.Range.f_end = 24l +- } +- <: +- Core.Ops.Range.t_Range i32) +- (sz 6) ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by ++ ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } ++ <: ++ Core.Ops.Range.t_Range pub_i32) ++ (sz 6) ++ <: ++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_i32)) ++ <: ++ Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range pub_i32)) + sampled + (fun sampled outcome_set -> +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = sampled in +- let outcome_set:i32 = outcome_set in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = sampled in ++ let outcome_set:pub_i32 = outcome_set in + let outcome_1_:i32 = +- cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i32 ++ cast ((coin_toss_outcomes >>! outcome_set <: pub_u32) &. 7ul <: u32) <: i32 + in + let outcome_2_:i32 = +- cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32) ++ cast ((coin_toss_outcomes >>! (outcome_set +! 3l <: pub_i32) <: u32) &. 7ul <: u32) + <: + i32 + in +- logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; +- Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32)) (pow2 32); +- assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); +- logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; +- Math.Lemmas.small_modulo_lemma_1 (v ((coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) &. 7ul <: u32)) (pow2 32); +- assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); +- let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in +- assert (outcome_set <. 24l); +- assert (v (outcome_set /! 6l <: i32) = v outcome_set / 6); +- assert (v (outcome_set /! 6l <: i32) < 4); +- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 32); +- Math.Lemmas.small_modulo_lemma_1 (v (outcome_set /! 6l <: i32)) (pow2 64); +- assert (v offset < 4); +- assert (4 * v chunk_number + 4 <= 256); +- assert (4 * v chunk_number + v offset < 256); +- let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 = ++ let offset:usize = cast (outcome_set /! 6l <: pub_i32) <: usize in ++ let sampled:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + sampled with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -199,19 +140,16 @@ + (outcome_1_ -! outcome_2_ <: i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b 7 ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + sampled)) + in + let _:Prims.unit = () <: Prims.unit in +- admit(); + sampled +-#pop-options + + let sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in +- Rust_primitives.Integers.mk_int_equiv_lemma #u32_inttype (v v_ETA); +- match cast (v_ETA <: usize) <: u32 with ++ match cast (v_ETA <: usize) <: pub_u32 with + | 2ul -> sample_from_binomial_distribution_2_ randomness + | 3ul -> sample_from_binomial_distribution_3_ randomness + | _ -> +@@ -220,62 +158,52 @@ + <: + Rust_primitives.Hax.t_Never) + +-#push-options "--z3rlimit 50" + let sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) = + let (sampled_coefficients: usize):usize = sz 0 in +- let (out: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ let (out: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement):Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in + let done:bool = false in +- let acc_t = (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) in +- [@ inline_let] +- let inv = fun (acc:acc_t) -> True in +- let sl : t_Slice u8 = randomness in +- let chunk_len = sz 3 in +- let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & ++ let done, out, sampled_coefficients:(bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & + usize) = +- Rust_primitives.Iterators.fold_chunks_exact #u8 #acc_t #inv +- sl +- chunk_len ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Slice.impl__chunks ( ++ Rust_primitives.unsize randomness <: t_Slice u8) ++ (sz 3) ++ <: ++ Core.Slice.Iter.t_Chunks u8) ++ <: ++ Core.Slice.Iter.t_Chunks u8) + (done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + (fun temp_0_ bytes -> + let done, out, sampled_coefficients:(bool & +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & + usize) = + temp_0_ + in +- let bytes:t_Array u8 chunk_len = bytes in ++ let bytes:t_Slice u8 = bytes in + if ~.done <: bool + then + let b1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in + let b2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in + let b3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- assert(v b1 >= 0 /\ v b1 < pow2 8); +- assert(v b2 >= 0 /\ v b2 < pow2 8); +- assert(v b3 >= 0 /\ v b3 < pow2 8); + let d1:i32 = ((b2 &. 15l <: i32) <= v b1); +- assert (v d1 >= 0); + let d2:i32 = (b3 <>! 4l <: i32) in +- logor_lemma (b3 <>! 4l <: i32); +- assert (v d2 >= v b3 * pow2 4); +- assert (v d2 >= 0); +- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & ++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & + usize) = + if +- d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && ++ // NOTE: We declassify d1 here, and this should be carefully reviewed. ++ // We believe this is safe because d1 is derived from b1 and b2, ++ // both of which are fresh random inputs, not used anywhere else. ++ // The comparison between d1 and 3329 tells the adversary whether d1 ++ // is in the field. This is not secret information, since the ++ // failure of this comparison leads to d1 being discarded, ++ declassify d1 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then +- let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -286,23 +214,29 @@ + d1 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + out, sampled_coefficients +! sz 1 + <: +- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + else + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + in +- let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & ++ let out, sampled_coefficients:(Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & + usize) = + if +- d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && ++ // NOTE: We declassify d2 here, and this should be carefully reviewed. ++ // We believe this is safe because d2 is derived from b2 and b3, ++ // both of which are fresh random inputs, not used anywhere else. ++ // The comparison between d2 and 3329 tells the adversary whether d2 ++ // is in the field. This is not secret information, since the ++ // failure of this comparison leads to d2 being discarded, ++ declassify d2 <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS && + sampled_coefficients <. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then +- let out:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ let out:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + out with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -313,31 +247,31 @@ + d2 + } + <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + let sampled_coefficients:usize = sampled_coefficients +! sz 1 in + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + else + out, sampled_coefficients + <: +- (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + in + if sampled_coefficients =. Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT + then + let done:bool = true in + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + else + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize) + else + done, out, sampled_coefficients + <: +- (bool & Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement & usize)) ++ (bool & Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement & usize)) + in + let _:Prims.unit = + if ~.done +@@ -346,5 +280,4 @@ + () + in + let _:Prims.unit = () <: Prims.unit in +- out +-#pop-options ++ out +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.523789795 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.556788491 +0100 +@@ -3,37 +3,77 @@ + open Core + open FStar.Mul + +-open Libcrux.Kem.Kyber.Arithmetic ++val rejection_sampling_panic_with_diagnostic: Prims.unit ++ -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) + + val sample_from_binomial_distribution_2_ (randomness: t_Slice u8) +- : Prims.Pure (t_PolynomialRingElement_b 3) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (ensures + fun result -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == +- Spec.Kyber.sample_poly_binomial (sz 2) randomness) ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ ++ i ] ++ <: ++ i32) ++ <: ++ i32) <=. ++ 2l ++ <: ++ bool) ++ <: ++ bool)) + + val sample_from_binomial_distribution_3_ (randomness: t_Slice u8) +- : Prims.Pure (t_PolynomialRingElement_b 7) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize)) + (ensures + fun result -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == +- Spec.Kyber.sample_poly_binomial (sz 3) randomness) ++ let result:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = result in ++ Hax_lib.v_forall (fun i -> ++ let i:usize = i in ++ Hax_lib.implies (i <. ++ (Core.Slice.impl__len (Rust_primitives.unsize result ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ <: ++ usize) ++ <: ++ bool) ++ (fun temp_0_ -> ++ let _:Prims.unit = temp_0_ in ++ (Core.Num.impl__i32__abs (result.Libcrux.Kem.Kyber.Arithmetic.f_coefficients.[ ++ i ] ++ <: ++ i32) ++ <: ++ i32) <=. ++ 3l ++ <: ++ bool) ++ <: ++ bool)) + +-val sample_from_binomial_distribution (#p:Spec.Kyber.params) +- (v_ETA: usize) (randomness: t_Slice u8) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b (pow2 (v v_ETA) - 1)) +- (requires (v_ETA = p.v_ETA1 \/ v_ETA = p.v_ETA2) /\ +- (Core.Slice.impl__len randomness <: usize) =. (v_ETA *! sz 64 <: usize)) +- (ensures +- fun result -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b result == +- Spec.Kyber.sample_poly_binomial v_ETA randomness) ++val sample_from_binomial_distribution (v_ETA: usize) (randomness: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val sample_from_uniform_distribution (randomness: t_Array u8 (sz 840)) +- : Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- (requires True) +- (ensures fun _ -> True) +-// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) +- ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.484791336 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.564788175 +0100 +@@ -1,4 +1,1301 @@ + module Libcrux.Kem.Kyber.Serialize ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul + +-include Libcrux.Kem.Kyber.Serialize.PartA +-include Libcrux.Kem.Kyber.Serialize.PartB ++let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = ++ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in ++ let coef2:u8 = ++ ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) ++ in ++ let coef3:u8 = ++ ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) ++ in ++ let coef4:u8 = ++ ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) ++ in ++ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in ++ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++ ++let compress_coefficients_11_ ++ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: ++ i32) ++ = ++ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in ++ let coef2:u8 = ++ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) ++ in ++ let coef3:u8 = ++ ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) ++ in ++ let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in ++ let coef5:u8 = ++ ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) ++ in ++ let coef6:u8 = ++ ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) ++ in ++ let coef7:u8 = ++ ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) ++ in ++ let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in ++ let coef9:u8 = ++ ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) ++ in ++ let coef10:u8 = ++ ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) ++ in ++ let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in ++ coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 ++ <: ++ (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) ++ ++let compress_coefficients_3_ (coefficient1 coefficient2: u16) = ++ let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in ++ let coef2:u8 = ++ cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in ++ coef1, coef2, coef3 <: (u8 & u8 & u8) ++ ++let compress_coefficients_5_ ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: ++ u8) ++ = ++ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) ++ in ++ let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in ++ let coef4:u8 = ++ (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) ++ in ++ let coef5:u8 = (coefficient8 <>! 2l <: u8) in ++ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++ ++let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = ++ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in ++ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in ++ let coefficient4:i32 = (byte5 <>! 6l <: i32) in ++ coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32) ++ ++let decompress_coefficients_11_ ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) ++ = ++ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in ++ let coefficient3:i32 = ++ (((byte5 &. 1l <: i32) <>! 6l <: i32) ++ in ++ let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in ++ let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in ++ let coefficient6:i32 = ++ (((byte9 &. 3l <: i32) <>! 7l <: i32) ++ in ++ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in ++ let coefficient8:i32 = (byte11 <>! 5l <: i32) in ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 ++ <: ++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ ++let decompress_coefficients_4_ (byte: u8) = ++ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in ++ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in ++ coefficient1, coefficient2 <: (i32 & i32) ++ ++let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = ++ let coefficient1:i32 = byte1 &. 31l in ++ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in ++ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in ++ let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in ++ let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in ++ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in ++ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in ++ let coefficient8:i32 = byte5 >>! 3l in ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8 ++ <: ++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ ++let compress_then_serialize_10_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 4) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient2:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient3:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient4:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = ++ compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 5 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ serialized) ++ in ++ serialized ++ ++let compress_then_serialize_11_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 8) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient2:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient3:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient4:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient5:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient6:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient7:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coefficient8:i32 = ++ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 ++ ) ++ <: ++ u16) ++ in ++ let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8 & ++ u8) = ++ compress_coefficients_11_ coefficient1 ++ coefficient2 ++ coefficient3 ++ coefficient4 ++ coefficient5 ++ coefficient6 ++ coefficient7 ++ coefficient8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 11 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 5 <: usize) ++ coef6 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 6 <: usize) ++ coef7 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 7 <: usize) ++ coef8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 8 <: usize) ++ coef9 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 9 <: usize) ++ coef10 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 11 *! i <: usize) +! sz 10 <: usize) ++ coef11 ++ in ++ serialized) ++ in ++ serialized ++ ++let compress_then_serialize_4_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = ++ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 2) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient2:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ i ++ ((coefficient2 < ++ let serialized:t_Array u8 v_OUT_LEN = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient2:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient3:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient4:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient5:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient6:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient7:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coefficient8:u8 = ++ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32) ++ <: ++ u8 ++ in ++ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = ++ compress_coefficients_5_ coefficient2 ++ coefficient1 ++ coefficient4 ++ coefficient3 ++ coefficient5 ++ coefficient7 ++ coefficient6 ++ coefficient8 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 5 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 3 <: usize) ++ coef4 ++ in ++ let serialized:t_Array u8 v_OUT_LEN = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 5 *! i <: usize) +! sz 4 <: usize) ++ coef5 ++ in ++ serialized) ++ in ++ serialized ++ ++let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in ++ let serialized:t_Array u8 (sz 32) = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 8) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 32) = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 32) = serialized in ++ let j, coefficient:(usize & i32) = temp_1_ in ++ let coefficient:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient ++ in ++ let coefficient_compressed:u8 = ++ Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient ++ in ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ i ++ ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re ++ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let compress_then_serialize_ring_element_v ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = ++ let _:Prims.unit = () <: Prims.unit in ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with ++ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re ++ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let deserialize_then_decompress_10_ (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) = ++ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 4 *! i <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 1 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 2 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 4 *! i <: usize) +! sz 3 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ in ++ re ++ ++let deserialize_then_decompress_11_ (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in ++ let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in ++ let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in ++ let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in ++ let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in ++ let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in ++ let ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = ++ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 ++ byte11 ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 8 *! i <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ in ++ re ++ ++let deserialize_then_decompress_4_ (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, byte:(usize & u8) = temp_1_ in ++ let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 2 *! i <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 2 *! i <: usize) +! sz 1 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ in ++ re ++ ++let deserialize_then_decompress_5_ (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let ++ coefficient1, ++ coefficient2, ++ coefficient3, ++ coefficient4, ++ coefficient5, ++ coefficient6, ++ coefficient7, ++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = ++ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 8 *! i <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ in ++ re ++ ++let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Iter.Traits.Collect.f_into_iter serialized ++ <: ++ Core.Array.Iter.t_IntoIter u8 (sz 32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, byte:(usize & u8) = temp_1_ in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ ++ Core.Ops.Range.f_start = sz 0; ++ Core.Ops.Range.f_end = sz 8 ++ } ++ <: ++ Core.Ops.Range.t_Range usize) ++ <: ++ Core.Ops.Range.t_Range usize) ++ re ++ (fun re j -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let j:usize = j in ++ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ ((sz 8 *! i <: usize) +! j <: usize) ++ (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed ++ ++ <: ++ i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ in ++ re ++ ++let deserialize_then_decompress_ring_element_u ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ = ++ let _:Prims.unit = () <: Prims.unit in ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with ++ | 10ul -> deserialize_then_decompress_10_ serialized ++ | 11ul -> deserialize_then_decompress_11_ serialized ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let deserialize_then_decompress_ring_element_v ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ = ++ let _:Prims.unit = () <: Prims.unit in ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with ++ | 4ul -> deserialize_then_decompress_4_ serialized ++ | 5ul -> deserialize_then_decompress_5_ serialized ++ | _ -> ++ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ ++ <: ++ Rust_primitives.Hax.t_Never) ++ ++let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = ++ let _:Prims.unit = () <: Prims.unit in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO ++ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ re ++ (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ { ++ re with ++ Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ (sz 2 *! i <: usize) ++ (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) ++ } ++ <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ in ++ re) ++ in ++ re ++ ++let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in ++ let serialized:t_Array u8 (sz 384) = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 2) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized ++ (fun serialized temp_1_ -> ++ let serialized:t_Array u8 (sz 384) = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) ++ in ++ let coefficient2:u16 = ++ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) ++ in ++ let coef1, coef2, coef3:(u8 & u8 & u8) = ++ compress_coefficients_3_ coefficient1 coefficient2 ++ in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ (sz 3 *! i <: usize) ++ coef1 ++ in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 3 *! i <: usize) +! sz 1 <: usize) ++ coef2 ++ in ++ let serialized:t_Array u8 (sz 384) = ++ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized ++ ((sz 3 *! i <: usize) +! sz 2 <: usize) ++ coef3 ++ in ++ serialized) ++ in ++ serialized +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-30 10:40:46.563788214 +0100 +@@ -0,0 +1,119 @@ ++module Libcrux.Kem.Kyber.Serialize ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++ ++val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_coefficients_11_ ++ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: ++ i32) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val compress_coefficients_3_ (coefficient1 coefficient2: u16) ++ : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_coefficients_5_ ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: ++ u8) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_11_ ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_4_ (byte: u8) ++ : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_10_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_11_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_4_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_5_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_ring_element_u ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_ring_element_v ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_10_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_11_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_4_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_5_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_ring_element_u ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_then_decompress_ring_element_v ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-30 10:40:46.511790269 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,182 +0,0 @@ +-module Libcrux.Kem.Kyber.Serialize.PartA +-#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" +-open Core +-open FStar.Mul +- +-open Libcrux.Kem.Kyber.Arithmetic +- +-open MkSeq +- +-#push-options "--z3rlimit 50" +-let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = +- let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in +- let coef2:u8 = +- ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) +- in +- let coef3:u8 = +- ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) +- in +- let coef4:u8 = +- ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) +- in +- let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in +- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) +-#pop-options +- +-#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" +-let compress_coefficients_11_ +- coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = +- let coef1:u8 = cast (coefficient1 <: i32) <: u8 in +- let coef2:u8 = +- ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) +- in +- let coef3:u8 = +- ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) +- in +- let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in +- let coef5:u8 = +- ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) +- in +- let coef6:u8 = +- ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) +- in +- let coef7:u8 = +- ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) +- in +- let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in +- let coef9:u8 = +- ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) +- in +- let coef10:u8 = +- ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) +- in +- let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in +- coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 +- <: +- (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +-#pop-options +- +-#push-options "--z3rlimit 20" +-let compress_coefficients_3_ coefficient1 coefficient2 = +- let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in +- get_bit_pow2_minus_one_u16 255 (sz 0); +- let coef2:u8 = +- cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in +- coef1, coef2, coef3 <: (u8 & u8 & u8) +-#pop-options +- +-#push-options "--z3rlimit 60 --split_queries always" +-let compress_coefficients_5_ +- coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 +- = +- let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) +- in +- let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in +- let coef4:u8 = +- (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) +- in +- let coef5:u8 = (coefficient8 <>! 2l <: u8) in +- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) +-#pop-options +- +-#push-options "--z3rlimit 500" +-let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = +- let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in +- let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in +- let coefficient4:i32 = (byte5 <>! 6l <: i32) in +- lemma_get_bit_bounded' coefficient1 10; +- lemma_get_bit_bounded' coefficient2 10; +- lemma_get_bit_bounded' coefficient3 10; +- lemma_get_bit_bounded' coefficient4 10; +- coefficient1, coefficient2, coefficient3, coefficient4 +-#pop-options +- +-#push-options "--z3rlimit 300" +-let decompress_coefficients_11_ +- byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = +- let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in +- let coefficient3:i32 = +- (((byte5 &. 1l <: i32) <>! 6l <: i32) +- in +- let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in +- let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in +- let coefficient6:i32 = +- (((byte9 &. 3l <: i32) <>! 7l <: i32) +- in +- let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in +- let coefficient8:i32 = (byte11 <>! 5l <: i32) in +- lemma_get_bit_bounded' coefficient1 11; +- lemma_get_bit_bounded' coefficient2 11; +- lemma_get_bit_bounded' coefficient3 11; +- lemma_get_bit_bounded' coefficient4 11; +- lemma_get_bit_bounded' coefficient5 11; +- lemma_get_bit_bounded' coefficient6 11; +- lemma_get_bit_bounded' coefficient7 11; +- lemma_get_bit_bounded' coefficient8 11; +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 +-#pop-options +- +-#push-options "--z3rlimit 50" +-let decompress_coefficients_4_ byte = +- let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in +- let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in +- lemma_get_bit_bounded' coefficient1 4; +- lemma_get_bit_bounded' coefficient2 4; +- coefficient1, coefficient2 +-#pop-options +- +-#push-options "--z3rlimit 400" +-let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = +- let coefficient1:i32 = byte1 &. 31l in +- let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in +- let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in +- let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in +- let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in +- let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in +- let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in +- let coefficient8:i32 = byte5 >>! 3l in +- lemma_get_bit_bounded' coefficient1 5; +- lemma_get_bit_bounded' coefficient2 5; +- lemma_get_bit_bounded' coefficient3 5; +- lemma_get_bit_bounded' coefficient4 5; +- lemma_get_bit_bounded' coefficient5 5; +- lemma_get_bit_bounded' coefficient6 5; +- lemma_get_bit_bounded' coefficient7 5; +- lemma_get_bit_bounded' coefficient8 5; +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 +-#pop-options +- +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-30 10:40:46.510790309 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 +@@ -1,91 +0,0 @@ +-module Libcrux.Kem.Kyber.Serialize.PartA +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +-open MkSeq +- +-let int_arr_bitwise_eq +- #t1 #t2 #n1 #n2 +- (arr1: t_Array (int_t t1) n1) +- (d1: bit_num t1) +- (arr2: t_Array (x: int_t t2) n2) +- (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) +- = forall i. i < v n1 * d1 +- ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i +- +-val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 +- (create5 tuple) 8 +- ) +- +-val compress_coefficients_11_ +- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +- int_t_d i32_inttype 11) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +- (create11 tuple) 8 +- ) +- +-val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) +- : Prims.Pure (u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create2 (coefficient1, coefficient2)) 12 +- (create3 tuple) 8 +- ) +- +-val compress_coefficients_5_ +- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 +- (create5 tuple) 8 +- ) +- +-private unfold type i32_d = int_t_d i32_inttype +-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) +- (requires True) +- (ensures fun (r1, r2, r3, r4) -> +- int_arr_bitwise_eq +- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 +- (create4 #i32 (r1, r2, r3, r4)) 10 +- ) +- +-val decompress_coefficients_11_ +- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) +- (requires True) +- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> +- int_arr_bitwise_eq +- (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 +- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 +- ) +- +-val decompress_coefficients_4_ (byte: u8) +- : Prims.Pure (i32_d 4 & i32_d 4) +- (requires True) +- (ensures fun (r1, r2) -> +- int_arr_bitwise_eq +- (create1 byte) 8 +- (create2 (r1, r2)) 4 +- ) +- +-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) +- (requires True) +- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> +- int_arr_bitwise_eq +- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 +- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 +- ) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-30 10:40:46.507790427 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,1192 +0,0 @@ +-module Libcrux.Kem.Kyber.Serialize.PartB +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +-open MkSeq +-open Libcrux.Kem.Kyber.Serialize.PartA +- +-let cast_bound_lemma +- #t #u +- (n: int_t t) +- (d: bit_num t) +- : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) +- (ensures bounded (cast #(int_t t) #(int_t u) n) d) +- [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] +- = () +- +-#push-options "--z3rlimit 60" +-let int_t_d_cast_lemma #t #u d (n: int_t_d t d) +- : Lemma (requires bits t < bits u /\ v n >= 0) +- (ensures bounded (cast #(int_t t) #(int_t u) n) d) +- [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)] +- = Math.Lemmas.pow2_double_mult (bits u - 1); +- Math.Lemmas.small_mod (v n) (modulus u) +-let mul_in_range (n m: nat) +- : Lemma +- (requires n <= 256 /\ m <= 256) +- (ensures range (n * m) usize_inttype) +- = Math.Lemmas.pow2_plus 8 8; +- Math.Lemmas.pow2_le_compat 32 16 +-#pop-options +- +-#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" +-let compress_then_serialize_10_ +- v_OUT_LEN +- re +- = +- let accT = t_Array u8 v_OUT_LEN in +- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> +- True +- in +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 4) +- (serialized) +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & _) = temp_1_ in +- let coefficient1:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient2:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient3:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient4:i32 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 +- ) +- <: +- u16) +- in +- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = +- compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 5 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- serialized) +- in +- serialized +-#pop-options +- +-#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" +-let update5 +- #n +- (s: t_Array 't n) +- (offset: usize {v offset + 5 <= v n}) +- (i0 i1 i2 i3 i4: 't) +- : s': t_Array 't n { +- Seq.index s' (v offset + 0) == i0 /\ +- Seq.index s' (v offset + 1) == i1 /\ +- Seq.index s' (v offset + 2) == i2 /\ +- Seq.index s' (v offset + 3) == i3 /\ +- Seq.index s' (v offset + 4) == i4 /\ +- (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i) +- } +- = let open Rust_primitives.Hax.Monomorphized_update_at in +- let s = update_at_usize s offset i0 in +- let s = update_at_usize s (offset +! sz 1) i1 in +- let s = update_at_usize s (offset +! sz 2) i2 in +- let s = update_at_usize s (offset +! sz 3) i3 in +- let s = update_at_usize s (offset +! sz 4) i4 in +- s +-#pop-options +- +-#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" +-let compress_then_serialize_11_ +- v_OUT_LEN re +- = +- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv +- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 8) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in +- let coefficient1 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient2 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient3 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient4 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient5 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient6 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient7 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 +- ) +- <: +- u16) +- in +- let coefficient8 = +- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 +- ) +- <: +- u16) +- in +- let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8 & +- u8) = +- compress_coefficients_11_ coefficient1 +- coefficient2 +- coefficient3 +- coefficient4 +- coefficient5 +- coefficient6 +- coefficient7 +- coefficient8 +- in +- assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11); +- assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype); +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 11 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 5 <: usize) +- coef6 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 6 <: usize) +- coef7 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 7 <: usize) +- coef8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 8 <: usize) +- coef9 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 9 <: usize) +- coef10 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 11 *! i <: usize) +! sz 10 <: usize) +- coef11 +- in +- serialized) +- in +- serialized +-#pop-options +- +-let compress_then_serialize_4_ v_OUT_LEN re = +- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in +- let accT = t_Array u8 v_OUT_LEN in +- let inv (acc: accT) (i: usize) = True in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv +- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 2) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in +- let coefficient1:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient2:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- i +- ((coefficient2 < +- let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in +- let coefficient1:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient2:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient3:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient4:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient5:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient6:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient7:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] +- <: +- i32) +- <: +- u16) +- <: +- i32 in +- let coefficient8:u8 = +- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy +- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] +- <: +- i32) +- <: +- u16) +- <: +- i32) +- <: +- u8 +- in +- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = +- compress_coefficients_5_ coefficient2 +- coefficient1 +- coefficient4 +- coefficient3 +- coefficient5 +- coefficient7 +- coefficient6 +- coefficient8 +- in +- assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5); +- assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype); +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 5 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 3 <: usize) +- coef4 +- in +- let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 5 *! i <: usize) +! sz 4 <: usize) +- coef5 +- in +- serialized) +- in +- serialized +- +-let compress_then_serialize_message re = +- let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in +- let accT = t_Array u8 (sz 32) in +- let inv (acc: accT) (i: usize) = True in +- let serialized:t_Array u8 (sz 32) = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 8) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 32) = serialized in +- let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in +- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) +- coefficients +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 32) = serialized in +- let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in +- let coefficient:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient +- in +- let coefficient_compressed:u8 = +- Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient +- in +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- i +- ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re +- | 11ul -> compress_then_serialize_11_ v_OUT_LEN re +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- <: +- Rust_primitives.Hax.t_Never) +- +-let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re = +- let _:Prims.unit = () <: Prims.unit in +- Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); +- let res = +- assert ( +- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/ +- (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5) +- ); +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 4ul -> compress_then_serialize_4_ v_OUT_LEN re +- | 5ul -> compress_then_serialize_5_ v_OUT_LEN re +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- in +- admit (); // P-F +- res +- +-#push-options "--z3rlimit 160" +-let deserialize_then_decompress_10_ serialized = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in +- let inv (acc: accT) (i: usize) = True in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv +- serialized +- (sz 5) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in +- let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let coefficient1, coefficient2, coefficient3, coefficient4 = +- decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 +- in +- let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 +- <: +- i32) in +- let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 +- <: +- i32) in +- let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 +- <: +- i32) in +- let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 +- <: +- i32) in +- assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256); +- assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype); +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 4 *! i <: usize) +- coefficient1 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 1 <: usize) +- coefficient2 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 2 <: usize) +- coefficient3 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 4 *! i <: usize) +! sz 3 <: usize) +- coefficient4 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- in +- re +-#pop-options +- +-#push-options "--z3rlimit 100 --ifuel 0" +-let deserialize_then_decompress_11_ serialized +- : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) +- serialized +- (sz 11) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in +- assert (v i < 32); +- let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in +- let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in +- let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in +- let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in +- let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in +- let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in +- let +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 = +- decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 +- byte11 +- in +- let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in +- let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in +- let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in +- let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in +- let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in +- let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in +- let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in +- let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in +- assert_spinoff (8 * v i + 8 <= 256); +- assert_spinoff (range (v (sz 8) * v i) usize_inttype); +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 8 *! i <: usize) +- coefficient1 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 1 <: usize) +- coefficient2 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 2 <: usize) +- coefficient3 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 3 <: usize) +- coefficient4 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 4 <: usize) +- coefficient5 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 5 <: usize) +- coefficient6 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 6 <: usize) +- coefficient7 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 7 <: usize) +- coefficient8 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- in +- re +-#pop-options +- +-#push-options "--z3rlimit 100" +-let deserialize_then_decompress_4_ serialized = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) +- serialized +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, byte:(usize & u8) = temp_1_ in +- let coefficient1, coefficient2 = decompress_coefficients_4_ byte in +- assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256); +- assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype); +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 2 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 2 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- in +- re +-#pop-options +- +-#push-options "--z3rlimit 150" +-let deserialize_then_decompress_5_ serialized = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) +- serialized (sz 5) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in +- assert (v i < 32); +- let byte1 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in +- let +- coefficient1, +- coefficient2, +- coefficient3, +- coefficient4, +- coefficient5, +- coefficient6, +- coefficient7, +- coefficient8 = +- decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 +- in +- let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in +- let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in +- let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in +- let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 in +- let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 in +- let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 in +- let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 in +- let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 in +- // assert (Seq.length serialized == 160); +- // // assert_norm (160 / 5 == 32); +- // assert_spinoff (v i < Seq.length serialized); +- // assert (v i < 32); +- assert_spinoff (v i < 32 ==> 8 * v i + 8 <= 256); +- mul_in_range 8 (v i); +- assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype); +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 8 *! i <: usize) +- coefficient1 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 1 <: usize) +- coefficient2 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 2 <: usize) +- coefficient3 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 3 <: usize) +- coefficient4 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 4 <: usize) +- coefficient5 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 5 <: usize) +- coefficient6 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 6 <: usize) +- coefficient7 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! sz 7 <: usize) +- coefficient8 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- in +- re +-#pop-options +- +-#push-options "--z3rlimit 60" +-let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) +- serialized +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, byte:(usize & u8) = temp_1_ in +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ +- Core.Ops.Range.f_start = sz 0; +- Core.Ops.Range.f_end = sz 8 +- } +- <: +- Core.Ops.Range.t_Range usize) +- <: +- Core.Ops.Range.t_Range usize) +- re +- (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let j:usize = j in +- let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in +- lemma_get_bit_bounded' coefficient_compressed 1; +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 8 *! i <: usize) +! j <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed +- +- <: +- i32) +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- in +- admit(); //P-F +- re +-#pop-options +- +-let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized = +- let _:Prims.unit = () <: Prims.unit in +- mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); +- assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11); +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 10ul -> deserialize_then_decompress_10_ serialized +- | 11ul -> deserialize_then_decompress_11_ serialized +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- +-let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = +- let _:Prims.unit = () <: Prims.unit in +- mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR); +- assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5); +- let res = +- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with +- | 4ul -> deserialize_then_decompress_4_ serialized +- | 5ul -> deserialize_then_decompress_5_ serialized +- | _ -> +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" +- +- <: +- Rust_primitives.Hax.t_Never) +- in +- admit(); //P-F +- res +- +-#push-options "--z3rlimit 100" +-let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = +- let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) +- serialized +- (sz 3) +- re +- (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in +- let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in +- let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let coef1 = (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) in +- lemma_get_bit_bounded' coef1 11; +- lemma_get_bit_bounded' coef2 11; +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- (sz 2 *! i <: usize) +- coef1 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = +- { +- re with +- Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- ((sz 2 *! i <: usize) +! sz 1 <: usize) +- coef2 +- } +- <: +- Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- in +- re) +- in +- re +-#pop-options +- +-#push-options "--z3rlimit 100" +-let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = +- let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) +- (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 2) +- serialized +- (fun serialized temp_1_ -> +- let serialized:t_Array u8 (sz 384) = serialized in +- let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in +- assert (v i < 128); +- let coefficient1:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) +- in +- let coefficient2:u16 = +- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) +- in +- let coef1, coef2, coef3:(u8 & u8 & u8) = +- compress_coefficients_3_ coefficient1 coefficient2 +- in +- assert_spinoff (3 * v i + 3 <= 384); +- assert_spinoff (range (v (sz 3) * v i) usize_inttype); +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- (sz 3 *! i <: usize) +- coef1 +- in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 3 *! i <: usize) +! sz 1 <: usize) +- coef2 +- in +- let serialized:t_Array u8 (sz 384) = +- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized +- ((sz 3 *! i <: usize) +! sz 2 <: usize) +- coef3 +- in +- serialized) +- in +- serialized +-#pop-options +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-30 10:40:46.494790941 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 +@@ -1,108 +0,0 @@ +-module Libcrux.Kem.Kyber.Serialize.PartB +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +-open MkSeq +- +-val compress_then_serialize_10_ +- (v_OUT_LEN: usize {v v_OUT_LEN >= 320}) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_11_ +- (v_OUT_LEN: usize {v v_OUT_LEN >= 352}) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_4_ +- (v_OUT_LEN: usize {v v_OUT_LEN >= 128}) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_5_ +- (v_OUT_LEN: usize {v v_OUT_LEN >= 160}) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Pure (t_Array u8 (sz 32)) +- (requires True) +- (ensures (fun res -> +- res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) +- +-val compress_then_serialize_ring_element_u +- (#p:Spec.Kyber.params) +- (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11}) +- (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR }) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : t_Array u8 v_OUT_LEN +- +-val compress_then_serialize_ring_element_v (#p:Spec.Kyber.params) +- (v_COMPRESSION_FACTOR: usize {v_COMPRESSION_FACTOR = sz 4 || v_COMPRESSION_FACTOR = sz 5}) +- (v_OUT_LEN: usize {v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR}) +- (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Pure (t_Array u8 v_OUT_LEN) +- (requires True) +- (ensures (fun res -> +- res == +- Spec.Kyber.compress_then_encode_v p +- (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) +- +-val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320}) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352}) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128}) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_5_ +- (serialized: t_Slice u8 {Seq.length serialized == 160}) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires True) +- (ensures fun res -> +- Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == +- Spec.Kyber.decode_then_decompress_message serialized) +- +-val deserialize_then_decompress_ring_element_u +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8 { +- match v v_COMPRESSION_FACTOR with +- | 10 -> Seq.length serialized == 320 +- | 11 -> Seq.length serialized == 352 +- | _ -> False +- }) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11) +- (ensures fun _ -> True) +- +-val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params) +- (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5}) +- (serialized: t_Slice u8) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\ +- length serialized == Spec.Kyber.v_C2_SIZE p)) +- (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res +- == Spec.Kyber.decode_then_decompress_v p serialized) +- +-val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) +- : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) +- (ensures fun _ -> True) +- +-val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) +- : Pure (t_Array u8 (sz 384)) +- (requires True) +- (ensures (fun res -> True)) +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.500790704 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.549788767 +0100 +@@ -3,8 +3,6 @@ + open Core + open FStar.Mul + +-type t_Error = | Error_RejectionSampling : t_Error +- + type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +@@ -52,9 +50,7 @@ + let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE + + let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) +- : Pure (t_Slice u8 & t_Slice u8) +- (requires (mid <=. v_SIZE)) +- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = ++ : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } +@@ -103,11 +99,8 @@ + + let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE + +-val impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) +- : Pure (t_Slice u8 & t_Slice u8) +- (requires (mid <=. v_SIZE)) +- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) +-let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) = ++let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) ++ : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } +@@ -157,9 +150,7 @@ + let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE + + let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) +- : Pure (t_Slice u8 & t_Slice u8) +- (requires (mid <=. v_SIZE)) +- (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = ++ : (t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid + + type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { +diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti +--- extraction-edited/Libcrux_platform.fsti 2024-01-30 10:40:46.530789518 +0100 ++++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-30 10:40:46.576787701 +0100 +@@ -1,4 +1,4 @@ + module Libcrux_platform + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + +-val simd256_support: bool ++val simd256_support : unit -> bool +diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst +--- extraction-edited/MkSeq.fst 2024-01-30 10:40:46.518789992 +0100 ++++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,91 +0,0 @@ +-module MkSeq +-open Core +- +-open FStar.Tactics.V2 +- +-private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a) +- = let rec h (i: nat {i <= len}): Tac (list 'a) +- = if i = len then [] else f i :: h (i + 1) +- in h 0 +- +-private let tuple_proj (n: nat) (i: nat): Tac term +- = if n = 1 then `(id) else +- let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in +- Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) +- +-private let tuple_type (n: nat): Tac term +- = if n = 1 then `(id) else +- let name = "tuple" ^ string_of_int n in +- Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) +- +-open Rust_primitives.Integers +-open Libcrux.Kem.Kyber.Arithmetic +- +-// let create4 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10: 'a) +-// : Pure +-// (t_Array 'a (sz 11)) +-// (requires True) +-// (ensures fun (r: t_Array 'a (sz 11)) -> +-// r.[sz 0] == x0 /\ +-// r.[sz 1] == x1 /\ +-// r.[sz 2] == x2 /\ +-// r.[sz 3] == x3 /\ +-// r.[sz 4] == x4 /\ +-// r.[sz 5] == x5 /\ +-// r.[sz 6] == x6 /\ +-// r.[sz 7] == x7 /\ +-// True +-// ) +-// = Libcrux.Kem.Kyber.Arithmetic.createi +-// (sz 11) +-// (fun x -> match v x with +-// | 0 -> x0 +-// | 1 -> x1 +-// | 2 -> x2 +-// | 3 -> x3 +-// | 4 -> x4 +-// | 5 -> x5 +-// | 6 -> x6 +-// | 7 -> x7 +-// | 8 -> x8 +-// | 9 -> x9 +-// | 10 -> x10 +-// ) +- +-private let create_gen_tac (n: nat): Tac sigelt +- = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in +- let typ = binder_to_term typ_bd in +- let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in +- let input_bd = fresh_binder_named "tup" input_typ in +- let output_type = `t_Array (`#typ) (sz (`@n)) in +- let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in +- let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in +- let post = +- let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in +- let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in +- let bd = fresh_binder_named "s" output_type in +- mk_abs [bd] (invs bd) +- in +- let comp = C_Eff [] ["Prims"; "Pure"] +- (`t_Array (`#typ) (sz (`@n))) +- [ (`(requires True), Q_Explicit); (post, Q_Explicit)] [] +- in +- let args = [typ_bd; input_bd] in +- let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in +- let indexes = +- let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in +- Tactics.fold_left mk_and (`True) (init n f) +- in +- let lb_def = mk_abs args (`( +- let l = `#l in +- let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in +- FStar.Classical.forall_intro (Seq.lemma_index_is_nth s); +- assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]); +- s +- )) in +- let lb_typ = mk_arr args (pack_comp comp) in +- let open FStar.List.Tot in +- let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in +- Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] } +- +-%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) +diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst +--- extraction-edited/Spec.Kyber.fst 2024-01-30 10:40:46.528789597 +0100 ++++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,426 +0,0 @@ +-module Spec.Kyber +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +-open Core +-open FStar.Mul +- +-(** Utils *) +-let map' #a #b +- (f:(x:a -> b)) +- (s: t_Slice a): t_Slice b +- = createi (length s) (fun i -> f (Seq.index s (v i))) +- +-let flatten #t #n +- (#m: usize {range (v n * v m) usize_inttype}) +- (x: t_Array (t_Array t m) n) +- : t_Array t (m *! n) +- = createi (m *! n) (fun i -> Seq.index (Seq.index x (v i / v m)) (v i % v m)) +- +-(** Constants *) +-let v_BITS_PER_COEFFICIENT: usize = sz 12 +- +-let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +- +-let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 +- +-let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 +- +-let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +- +-let v_FIELD_MODULUS: i32 = 3329l +- +-let v_H_DIGEST_SIZE: usize = sz 32 +-// Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) +- +-let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 +- +-let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE +- +-type params_ = { +- v_RANK: usize; +- v_ETA1: usize; +- v_ETA2: usize; +- v_VECTOR_U_COMPRESSION_FACTOR: usize; +- v_VECTOR_V_COMPRESSION_FACTOR: usize; +-} +- +-let valid_params p = +- (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) && +- (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) && +- p.v_ETA2 =. sz 2 && +- (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) && +- (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5) +- +-let params = p:params_{valid_params p} +- +-val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192} +-let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64 +- +-val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128} +-let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64 +- +-val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} +-let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT +- +-val v_T_AS_NTT_ENCODED_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} +-let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +- +-val v_CPA_PKE_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} +-let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +- +-val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} +-let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32 +- +-val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} +-let v_SECRET_KEY_SIZE (p:params) = +- (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) +- +-val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR} +-let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR +- +-val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 \/ u <=. sz 1448) /\ +- v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK} +-let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK +- +-val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR } +-let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR +- +-val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)} +-let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p +- +-val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE + +- v (v_CPA_PKE_CIPHERTEXT_SIZE p)} +-let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) = +- v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p +- +-val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64} +-let v_KEY_GENERATION_SEED_SIZE: usize = +- v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! +- v_SHARED_SECRET_SIZE +- +-(** Types *) +- +-type t_Error = | Error_RejectionSampling : t_Error +- +-type t_Result a b = +- | Ok: a -> t_Result a b +- | Err: b -> t_Result a b +- +-type t_KyberPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p) +-type t_KyberPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p) +-type t_KyberKeyPair (p:params) = t_KyberPrivateKey p & t_KyberPublicKey p +- +-type t_KyberCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p) +-type t_KyberCPAKeyPair (p:params) = t_KyberCPAPrivateKey p & t_KyberPublicKey p +- +-type t_KyberCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p) +-type t_KyberSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) +- +-(** Utility and Hash Function *) +-assume val v_G (input: t_Slice u8) : t_Array u8 (sz 64) +-assume val v_H (input: t_Slice u8) : t_Array u8 (sz 32) +-assume val v_PRF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN +-let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input +-assume val v_XOF (v_LEN: usize) (input: t_Slice u8) : t_Array u8 v_LEN +- +-(** Kyber Math and Sampling *) +- +-type field_element = n:nat{n < v v_FIELD_MODULUS} +-type polynomial = arr: t_Array nat (sz 256) {forall i. Seq.index arr i < v v_FIELD_MODULUS} +-type vector (p:params) = t_Array polynomial p.v_RANK +-type matrix (p:params) = t_Array (vector p) p.v_RANK +- +-assume val poly_add: polynomial -> polynomial -> polynomial +-assume val poly_sub: polynomial -> polynomial -> polynomial +-assume val vector_add: #p:params -> vector p -> vector p -> vector p +-assume val vector_dot_product: #p:params -> vector p -> vector p -> polynomial +- +-assume val matrix_transpose: #p:params -> matrix p -> matrix p +-assume val matrix_vector_mul: #p:params -> matrix p -> vector p -> vector p +-val compute_As_plus_e: #p:params -> a:matrix p -> s:vector p -> e:vector p -> vector p +-let compute_As_plus_e #p a s e = vector_add (matrix_vector_mul a s) e +- +-assume val poly_inv_ntt: #p:params -> polynomial -> polynomial +-assume val vector_ntt: #p:params -> vector p -> vector p +-assume val vector_inv_ntt: #p:params -> vector p -> vector p +- +-// note we take seed of size 32 not 34 as in hacspec +-assume val sample_matrix_A: #p:params -> seed:t_Array u8 (sz 32) -> matrix p +-// note we take seed of size 32 not 33 as in hacspec +-assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p +-// note we take seed of size 32 not 33 as in hacspec +- +-assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial +- +-open Rust_primitives.Integers +- +-val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial +-let sample_poly_cbd #p seed domain_sep = +- let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in +- let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in +- sample_poly_binomial p.v_ETA2 prf_output +- +-let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) = +- vector_ntt (sample_vector_cbd #p seed domain_sep) +- +-type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} +- +-let compress_d (d: dT {d <> 12}) (x: field_element): field_element +- = (pow2 d * x + 1664) / v v_FIELD_MODULUS +- +-assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit)) +- : Pure (t_Array u8 bytes) +- (requires True) +- (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i)) +- +-assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) +- : Pure (i:nat {i < v bytes * 8} -> bit) +- (requires True) +- (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) +- +-let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) +- = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) +- +-let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial +- = admit () +- +-let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) +- = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in +- flatten s +- +-let vector_decode_12 (#p:params) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p +- = createi p.v_RANK (fun block -> +- let block_size = (sz (32 * 12)) in +- let slice = Seq.slice arr (v block * v block_size) +- (v block * v block_size + v block_size) in +- byte_decode 12 slice +- ) +- +-let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d)) +- = let coefs: t_Array nat (sz 256) = map (fun (f: nat {f < v v_FIELD_MODULUS}) -> +- compress_d d f <: nat +- ) coefficients +- in +- byte_encode d coefficients +- +-let compress_then_encode_message: polynomial -> t_Array u8 v_SHARED_SECRET_SIZE +- = byte_encode 1 +- +-let decode_then_decompress_message: t_Array u8 v_SHARED_SECRET_SIZE -> polynomial +- = byte_decode 1 +- +-let compress_then_encode_u (p:params) (vec: vector p): t_Array u8 (v_C1_SIZE p) +- = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in +- flatten (map #_ #_ #(fun _ -> True) (byte_encode (v d)) vec) +- +-let decode_then_decompress_u (p:params) (arr: t_Array u8 (v_C1_SIZE p)): vector p +- = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in +- createi p.v_RANK (fun block -> +- let block_size = v_C1_BLOCK_SIZE p in +- let slice = Seq.slice arr (v block * v block_size) +- (v block * v block_size + v block_size) in +- byte_decode (v d) slice +- ) +- +-let compress_then_encode_v (p:params): polynomial -> t_Array u8 (v_C2_SIZE p) +- = byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR) +- +-let decode_then_decompress_v (p:params): t_Array u8 (v_C2_SIZE p) -> polynomial +- = byte_decode (v p.v_VECTOR_V_COMPRESSION_FACTOR) +- +-(** IND-CPA Functions *) +- +-/// This function implements most of Algorithm 12 of the +-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. +-/// +-/// We say "most of" since Algorithm 12 samples the required randomness within +-/// the function itself, whereas this implementation expects it to be provided +-/// through the `key_generation_seed` parameter. +- +-val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : +- t_KyberCPAKeyPair p +-let ind_cpa_generate_keypair p randomness = +- let hashed = v_G randomness in +- let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in +- let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in +- let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in +- let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in +- let t_as_ntt = compute_As_plus_e #p matrix_A_as_ntt secret_as_ntt error_as_ntt in +- let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in +- let secret_key_serialized = vector_encode_12 #p secret_as_ntt in +- (secret_key_serialized,public_key_serialized) +- +-/// This function implements Algorithm 13 of the +-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. +- +-val ind_cpa_encrypt (p:params) (public_key: t_KyberPublicKey p) +- (message: t_Array u8 v_SHARED_SECRET_SIZE) +- (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : +- t_KyberCiphertext p +- +-let ind_cpa_encrypt p public_key message randomness = +- let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in +- let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in +- let matrix_A_as_ntt = sample_matrix_A #p seed_for_A in +- let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in +- let error_1 = sample_vector_cbd #p randomness p.v_RANK in +- let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in +- let u = vector_add (vector_inv_ntt (matrix_vector_mul (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in +- let mu = decode_then_decompress_message message in +- let v = poly_add (poly_add (vector_dot_product t_as_ntt r_as_ntt) error_2) mu in +- let c1 = compress_then_encode_u p u in +- let c2 = compress_then_encode_v p v in +- concat c1 c2 +- +-/// This function implements Algorithm 14 of the +-/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. +- +-val ind_cpa_decrypt (p:params) (secret_key: t_KyberCPAPrivateKey p) +- (ciphertext: t_KyberCiphertext p): +- t_KyberSharedSecret +- +-let ind_cpa_decrypt p secret_key ciphertext = +- let (c1,c2) = split ciphertext (v_C1_SIZE p) in +- let u = decode_then_decompress_u p c1 in +- let v = decode_then_decompress_v p c2 in +- let secret_as_ntt = vector_decode_12 #p secret_key in +- let w = poly_sub v (poly_inv_ntt #p (vector_dot_product secret_as_ntt (vector_ntt u))) in +- compress_then_encode_message w +- +-(** IND-CCA Functions *) +- +- +-/// This function implements most of Algorithm 15 of the +-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM key generation algorithm. +-/// +-/// We say "most of" since Algorithm 15 samples the required randomness within +-/// the function itself, whereas this implementation expects it to be provided +-/// through the `randomness` parameter. +-/// +-/// TODO: input validation +- +-val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : +- t_KyberKeyPair p +-let ind_cca_generate_keypair p randomness = +- let (ind_cpa_keypair_randomness, implicit_rejection_value) = +- split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in +- +- let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in +- let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( +- Seq.append ind_cpa_public_key ( +- Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in +- (ind_cca_secret_key, ind_cpa_public_key) +- +-/// This function implements most of Algorithm 16 of the +-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm. +-/// +-/// We say "most of" since Algorithm 16 samples the required randomness within +-/// the function itself, whereas this implementation expects it to be provided +-/// through the `randomness` parameter. +-/// +-/// TODO: input validation +- +-val ind_cca_encapsulate (p:params) (public_key: t_KyberPublicKey p) +- (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : +- (t_KyberCiphertext p & t_KyberSharedSecret) +-let ind_cca_encapsulate p public_key randomness = +- let to_hash = concat randomness (v_H public_key) in +- let hashed = v_G to_hash in +- let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in +- let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in +- (ciphertext,shared_secret) +- +- +-/// This function implements Algorithm 17 of the +-/// NIST FIPS 203 specification; this is the Kyber CCA-KEM encapsulation algorithm. +- +-val ind_cca_decapsulate (p:params) (secret_key: t_KyberPrivateKey p) +- (ciphertext: t_KyberCiphertext p): +- t_KyberSharedSecret +-let ind_cca_decapsulate p secret_key ciphertext = +- let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in +- let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in +- let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in +- +- let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in +- let to_hash = concat decrypted ind_cpa_public_key_hash in +- let hashed = v_G to_hash in +- let (success_shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in +- +- assert (Seq.length implicit_rejection_value = 32); +- let to_hash = concat implicit_rejection_value ciphertext in +- let rejection_shared_secret = v_J to_hash in +- +- let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in +- if reencrypted = ciphertext +- then success_shared_secret +- else rejection_shared_secret +- +- +-(** Kyber-768 Instantiation *) +- +-let kyber768_params : params = { +- v_RANK = sz 3; +- v_ETA1 = sz 2; +- v_ETA2 = sz 2; +- v_VECTOR_U_COMPRESSION_FACTOR = sz 10; +- v_VECTOR_V_COMPRESSION_FACTOR = sz 4; +-} +- +-let kyber768_generate_keypair (randomness:t_Array u8 (sz 64)): +- (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = +- ind_cca_generate_keypair kyber768_params randomness +- +-let kyber768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): +- (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = +- ind_cca_encapsulate kyber768_params public_key randomness +- +- +-let kyber768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): +- t_Array u8 (sz 32) = +- ind_cca_decapsulate kyber768_params secret_key ciphertext +- +-(** Kyber-1024 Instantiation *) +- +-let kyber1024_params : params = { +- v_RANK = sz 4; +- v_ETA1 = sz 2; +- v_ETA2 = sz 2; +- v_VECTOR_U_COMPRESSION_FACTOR = sz 11; +- v_VECTOR_V_COMPRESSION_FACTOR = sz 5; +-} +- +-let kyber1024_generate_keypair (randomness:t_Array u8 (sz 64)): +- (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = +- ind_cca_generate_keypair kyber1024_params randomness +- +-let kyber1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): +- (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = +- ind_cca_encapsulate kyber1024_params public_key randomness +- +- +-let kyber1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): +- t_Array u8 (sz 32) = +- ind_cca_decapsulate kyber1024_params secret_key ciphertext +- +-(** Kyber-512 Instantiation *) +- +-let kyber512_params : params = { +- v_RANK = sz 2; +- v_ETA1 = sz 3; +- v_ETA2 = sz 2; +- v_VECTOR_U_COMPRESSION_FACTOR = sz 10; +- v_VECTOR_V_COMPRESSION_FACTOR = sz 4; +-} +- +-let kyber512_generate_keypair (randomness:t_Array u8 (sz 64)): +- (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = +- ind_cca_generate_keypair kyber512_params randomness +- +-let kyber512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): +- (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = +- ind_cca_encapsulate kyber512_params public_key randomness +- +- +-let kyber512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): +- t_Array u8 (sz 32) = +- ind_cca_decapsulate kyber512_params secret_key ciphertext diff --git a/proofs/fstar/extraction-secret-independent/.gitignore b/proofs/fstar/extraction-secret-independent/.gitignore new file mode 100644 index 000000000..4671378ae --- /dev/null +++ b/proofs/fstar/extraction-secret-independent/.gitignore @@ -0,0 +1 @@ +.depend diff --git a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst index 7eab70b00..019708119 100644 --- a/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst +++ b/proofs/fstar/extraction/Libcrux.Kem.Kyber.Hash_functions.fst @@ -14,7 +14,7 @@ let v_XOFx4 (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 840) <: t_Array u8 (sz 840)) v_K in let out:t_Array (t_Array u8 (sz 840)) v_K = - if ~.(Libcrux_platform.simd256_support () <: bool) || ~.false + if ~.(Libcrux_platform.simd256_support () <: bool) || ~.true then Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; diff --git a/proofs/fstar/patches.sh b/proofs/fstar/patches.sh new file mode 100755 index 000000000..2228333f5 --- /dev/null +++ b/proofs/fstar/patches.sh @@ -0,0 +1,76 @@ +#!/usr/bin/env bash + +set -e + +SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" +cd "$SCRIPTPATH" + +DENYLIST="Makefile Kyber.fst.config.json PROOFS.md" + +# `prepare_folder SRC DEST` copies F* files from SRC to DEST/ +prepare_folder() { + original="$1" + workdir="$2" + find "$original" \( -name '*.fst' -o -name '*.fsti' \) -exec cp --parents \{\} "$workdir" \; +} + +# `patch_folder ORIGINAL DESTINATION PATCH` creates the folder +# `DESTINATION` out of the folder `ORIGINAL` given the patch `PATCH` +patch_folder() { + original="$1" + destination="$2" + patch="$3" + TEMPDIR=$(mktemp -d) + + prepare_folder $original "$TEMPDIR" + + original_basename=$(basename "$original") + patch --directory="$TEMPDIR/$original_basename" -s -p1 < "$patch" + + DIR="$TEMPDIR/$original_basename" + cp -rfT "$DIR" "$destination" + + rm -rf "$TEMPDIR" +} + +case $1 in + apply) + for target in extraction-edited extraction-secret-independent; do + find "$target" \ + \( -name '*.fst' -o -name '*.fsti' \) \ + -type f \ + -exec rm -f {} + + done + + patch_folder extraction extraction-edited \ + extraction-edited.patch + patch_folder extraction-edited extraction-secret-independent \ + extraction-secret-independent.patch + ;; + + create) + TEMPDIR=$(mktemp -d) + + for i in extraction extraction-edited extraction-secret-independent; do + prepare_folder "$i" "$TEMPDIR" + done + + ( + cd "$TEMPDIR" + diff -ruN extraction extraction-edited > extraction-edited.patch || true + diff -ruN extraction-edited extraction-secret-independent > extraction-secret-independent.patch || true + + + ) + mv "$TEMPDIR/extraction-edited.patch" extraction-edited.patch + mv "$TEMPDIR/extraction-secret-independent.patch" extraction-secret-independent.patch + + rm -rf "$TEMPDIR" + ;; + + *) + echo 'Usage: `'"$0"' COMMAND`' + echo ' - `'"$0"' apply`: recreate `extraction-*` folders from the `*.patch` files' + echo ' - `'"$0"' create`: recreate `*.patch` files from the `extraction-*` folders' + ;; +esac From 2029e8b57e0abecd4d7a8446e56d71172a2e2c94 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 30 Jan 2024 11:07:52 +0100 Subject: [PATCH 02/19] enforce up-to-date snaphots --- .github/workflows/hax.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 072219daa..290876949 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -62,10 +62,14 @@ jobs: sudo apt-get install --yes nodejs ./setup.sh - - name: 🏃 Extract and verify the Kyber reference code + - name: 🏃 Make sure the extracted Kyber snapshot is up-to-date run: | eval $(opam env) ./hax-driver.py --kyber-reference + git diff --exit-code + + - name: 🏃 Extract and verify the Kyber reference code + run: | env FSTAR_HOME=${{ github.workspace }}/fstar \ HACL_HOME=${{ github.workspace }}/hacl-star \ HAX_HOME=${{ github.workspace }}/hax \ From 05d24da735c0782114a6f2ea9f11f8ca356bdd7b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 10:40:39 +0100 Subject: [PATCH 03/19] chore(kyber/fstar): refresh diffs --- proofs/fstar/extraction-edited.patch | 901 +++++++++++++----- .../fstar/extraction-secret-independent.patch | 122 +-- 2 files changed, 735 insertions(+), 288 deletions(-) diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch index d5930e88a..e1d574acd 100644 --- a/proofs/fstar/extraction-edited.patch +++ b/proofs/fstar/extraction-edited.patch @@ -1,6 +1,88 @@ +diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti +--- extraction/Libcrux.Digest.fsti 2024-01-31 10:39:21.501355607 +0100 ++++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 10:39:21.594354719 +0100 +@@ -1,31 +1,41 @@ + module Libcrux.Digest + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Rust_primitives + open Core +-open FStar.Mul + +-val shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val sha3_256_ (payload: t_Slice u8) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +- +-val sha3_512_ (payload: t_Slice u8) +- : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +- +-val shake128 (v_LEN: usize) (data: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val shake256 (v_LEN: usize) (data: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) +- : Prims.Pure (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) +- Prims.l_True +- (fun _ -> Prims.l_True) ++type t_Algorithm = ++ | Algorithm_Sha1 : t_Algorithm ++ | Algorithm_Sha224 : t_Algorithm ++ | Algorithm_Sha256 : t_Algorithm ++ | Algorithm_Sha384 : t_Algorithm ++ | Algorithm_Sha512 : t_Algorithm ++ | Algorithm_Blake2s : t_Algorithm ++ | Algorithm_Blake2b : t_Algorithm ++ | Algorithm_Sha3_224_ : t_Algorithm ++ | Algorithm_Sha3_256_ : t_Algorithm ++ | Algorithm_Sha3_384_ : t_Algorithm ++ | Algorithm_Sha3_512_ : t_Algorithm ++ ++let digest_size (mode: t_Algorithm) : usize = ++ match mode with ++ | Algorithm_Sha1 -> sz 20 ++ | Algorithm_Sha224 -> sz 28 ++ | Algorithm_Sha256 -> sz 32 ++ | Algorithm_Sha384 -> sz 48 ++ | Algorithm_Sha512 -> sz 64 ++ | Algorithm_Blake2s -> sz 32 ++ | Algorithm_Blake2b -> sz 64 ++ | Algorithm_Sha3_224_ -> sz 28 ++ | Algorithm_Sha3_256_ -> sz 32 ++ | Algorithm_Sha3_384_ -> sz 48 ++ | Algorithm_Sha3_512_ -> sz 64 ++ ++val sha3_256_ (payload: t_Slice u8) : t_Array u8 (sz 32) ++ ++val sha3_512_ (payload: t_Slice u8) : t_Array u8 (sz 64) ++ ++val shake128 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN ++ ++val shake128x4 (v_LEN: usize) (data0: t_Slice u8) (data1: t_Slice u8) (data2: t_Slice u8) (data3: t_Slice u8): (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) ++ ++val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN +diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst +--- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 ++++ extraction-edited/Libcrux.Kem.fst 2024-01-31 10:39:21.603354633 +0100 +@@ -0,0 +1,6 @@ ++module Libcrux.Kem ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" ++open Core ++open FStar.Mul ++ ++ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.467792008 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.514790151 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.528355349 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.582354833 +0100 @@ -1,81 +1,356 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -398,8 +480,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux. + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.437793193 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.501790664 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.495355665 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.567354977 +0100 @@ -3,10 +3,32 @@ open Core open FStar.Mul @@ -741,8 +823,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - bool)) diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst ---- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.449792719 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.505790506 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.511355512 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.572354929 +0100 @@ -1,39 +1,79 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -846,8 +928,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Ke + res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti ---- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.446792838 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.508790388 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.507355550 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.575354900 +0100 @@ -3,8 +3,19 @@ open Core open FStar.Mul @@ -913,8 +995,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.K + (requires fe =. 0l || fe =. 1l) + (fun result -> v result >= 0 /\ v result < 3329) diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti ---- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.455792482 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.534789360 +0100 +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.518355445 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.607354594 +0100 @@ -15,7 +15,8 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -926,8 +1008,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux. let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.462792205 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.491791059 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.524355387 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.555355091 +0100 @@ -4,56 +4,163 @@ open FStar.Mul @@ -1113,8 +1195,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/L + ) +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.444792916 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.502790625 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.505355569 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.569354958 +0100 @@ -20,7 +20,8 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1145,101 +1227,9 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/ - result =. rhs <: bool)) + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) -diff -ruN extraction/Libcrux.Kem.Kyber.Conversions.fst extraction-edited/Libcrux.Kem.Kyber.Conversions.fst ---- extraction/Libcrux.Kem.Kyber.Conversions.fst 2024-01-30 10:40:46.465792087 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -@@ -1,87 +0,0 @@ --module Libcrux.Kem.Kyber.Conversions --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core -- --let into_padded_array (#v_LEN: usize) (slice: t_Slice u8) : t_Array u8 v_LEN = -- let _:Prims.unit = -- if true -- then -- let _:Prims.unit = -- if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) -- then -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" -- -- <: -- Rust_primitives.Hax.t_Never) -- in -- () -- in -- let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in -- let out:t_Array u8 v_LEN = -- Rust_primitives.Hax.update_at out -- ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } -- ) -- (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut out -- ({ -- Core.Ops.Range.f_start = sz 0; -- Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize -- }) -- <: -- t_Slice u8) -- slice -- <: -- t_Slice u8) -- in -- out -- --class t_UpdatingArray (#v_Self: Type) = { f_push:v_Self -> t_Slice u8 -> v_Self } -- --type t_UpdatableArray (v_LEN: usize) = { -- f_value:t_Array u8 v_LEN; -- f_pointer:usize --} -- --let impl__new (#v_LEN: usize) (value: t_Array u8 v_LEN) : t_UpdatableArray v_LEN = -- { f_value = value; f_pointer = sz 0 } -- --let impl__array (#v_LEN: usize) (self: t_UpdatableArray v_LEN) : t_Array u8 v_LEN = self.f_value -- --let impl_1 (#v_LEN: usize) : t_UpdatingArray (t_UpdatableArray v_LEN) = -- { -- f_push -- = -- fun (self: t_UpdatableArray v_LEN) (other: t_Slice u8) -> -- let self:t_UpdatableArray v_LEN = -- { -- self with -- f_value -- = -- Rust_primitives.Hax.update_at (f_value self <: t_UpdatableArray v_LEN) -- ({ -- Core.Ops.Range.f_start = self.f_pointer; -- Core.Ops.Range.f_end -- = -- self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize -- }) -- (Core.Slice.impl__copy_from_slice (Core.Ops.Index.IndexMut.index_mut self.f_value -- ({ -- Core.Ops.Range.f_start = self.f_pointer; -- Core.Ops.Range.f_end -- = -- self.f_pointer +! (Core.Slice.impl__len other <: usize) <: usize -- }) -- <: -- t_Slice u8) -- other -- <: -- t_Slice u8) -- } -- in -- let self:t_UpdatableArray v_LEN = -- { self with f_pointer = self.f_pointer +! (Core.Slice.impl__len other <: usize) } -- in -- self -- } -- --let to_unsigned_representative (fe: i32) : u16 = -- cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 -\ Pas de fin de ligne à la fin du fichier diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst ---- extraction/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.460792284 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.527789637 +0100 +--- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.523355397 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.598354680 +0100 @@ -1,12 +1,29 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1329,9 +1319,10 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f +let decapsulate #p (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) -- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) = + let orig_secret_key = secret_key.f_value in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = @@ -1402,9 +1393,10 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f +let encapsulate #p (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux.Kem.Kyber.Ind_cpa.into_padded_array (sz 64) @@ -1429,7 +1421,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE (Rust_primitives.unsize (Libcrux.Kem.Kyber.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE -@@ -252,23 +299,17 @@ +@@ -252,44 +299,17 @@ <: t_Slice u8) randomness pseudorandomness in @@ -1447,8 +1439,30 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) <: - (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +- (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) ++ (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +-let validate_public_key +- (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) +- = +- let pk:t_Array Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement v_K = +- Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key v_K +- (Rust_primitives.unsize public_key <: t_Slice u8) +- in +- let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = +- Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key v_K +- v_RANKED_BYTES_PER_RING_ELEMENT +- v_PUBLIC_KEY_SIZE +- pk +- (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } +- <: +- Core.Ops.Range.t_RangeFrom usize ] +- <: +- t_Slice u8) +- in +- public_key =. public_key_serialized +- -let generate_keypair +let generate_keypair #p (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -1459,7 +1473,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { Core.Ops.Range.f_start = sz 0; -@@ -286,7 +327,7 @@ +@@ -307,7 +327,7 @@ in let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = @@ -1468,7 +1482,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f v_CPA_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT -@@ -295,7 +336,7 @@ +@@ -316,16 +336,17 @@ ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -1477,15 +1491,29 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) (Rust_primitives.unsize public_key <: t_Slice u8) implicit_rejection_value -@@ -308,3 +349,4 @@ + in +- let (private_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey ++ let (private_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_PRIVATE_KEY_SIZE):Libcrux.Kem.Kyber.Types.t_KyberPrivateKey + v_PRIVATE_KEY_SIZE = + Core.Convert.f_from secret_key_serialized + in + Libcrux.Kem.Kyber.Types.impl__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key - (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) ++ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti ---- extraction/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.469791929 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.490791099 +0100 -@@ -10,31 +10,75 @@ +--- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.531355321 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.553355110 +0100 +@@ -4,42 +4,81 @@ + open FStar.Mul + + unfold +-let t_MlKemSharedSecret = t_Array u8 (sz 32) ++let t_KyberSharedSecret = t_Array u8 (sz 32) + + let v_KEY_GENERATION_SEED_SIZE: usize = Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -1508,9 +1536,11 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. +val decapsulate (#p:Spec.Kyber.params) (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey v_SECRET_KEY_SIZE) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE) + : Pure (t_Array u8 (sz 32)) + (requires ( p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ + Spec.Kyber.valid_params p /\ @@ -1533,11 +1563,17 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. +val encapsulate (#p:Spec.Kyber.params) (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) -- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +- +-val validate_public_key +- (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) +- (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) +- : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + (requires (p == (let open Spec.Kyber in {v_RANK = v_K; v_ETA1; v_ETA2; v_VECTOR_U_COMPRESSION_FACTOR; v_VECTOR_V_COMPRESSION_FACTOR}) /\ + Spec.Kyber.valid_params p /\ @@ -1560,7 +1596,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) -- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) @@ -1574,8 +1610,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + (ensures (fun kp -> + (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.458792363 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.519789953 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.521355416 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.589354766 +0100 @@ -3,18 +3,27 @@ open Core open FStar.Mul @@ -1615,8 +1651,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libc + admit(); //P-F out diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.480791494 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.512790229 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.542355215 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.580354852 +0100 @@ -3,12 +3,24 @@ open Core open FStar.Mul @@ -1646,19 +1682,9 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Lib + (ensures (fun res -> + (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) + -diff -ruN extraction/Libcrux.Kem.Kyber.Helper.fst extraction-edited/Libcrux.Kem.Kyber.Helper.fst ---- extraction/Libcrux.Kem.Kyber.Helper.fst 2024-01-30 10:40:46.461792245 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -@@ -1,6 +0,0 @@ --module Libcrux.Kem.Kyber.Helper --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul -- -- diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.443792956 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.517790032 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.503355588 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.585354805 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2369,8 +2395,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem + res + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.478791573 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.532789439 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.540355235 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.605354613 +0100 @@ -1,80 +1,152 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2573,140 +2599,321 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Ke + + diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.477791613 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.495790901 +0100 -@@ -3,22 +3,23 @@ +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.538355254 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.560355043 +0100 +@@ -3,37 +3,23 @@ open Core open FStar.Mul --let decapsulate_1024_ -+let decapsulate_1024_ - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) -- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) +-let decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux.Kem.Kyber.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) ++let decapsulate_1024_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) = + Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber1024_params + (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) secret_key ciphertext - let encapsulate_1024_ - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) +-let encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux.Kem.Kyber.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) ++let encapsulate_1024_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) = + Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber1024_params + (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) = +-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) = +- if +- Libcrux.Kem.Kyber.validate_public_key (sz 4) +- (sz 1536) +- (sz 1568) +- public_key.Libcrux.Kem.Kyber.Types.f_value +- then +- Core.Option.Option_Some public_key +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) +- else +- Core.Option.Option_None +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) +- +-let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux.Kem.Kyber.generate_keypair (sz 4) ++let generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) = + Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber1024_params + (sz 4) (sz 1536) (sz 3168) (sz 1568) +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 10:39:21.526355368 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 10:39:21.590354757 +0100 +@@ -63,32 +63,27 @@ + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ + + unfold +-let t_MlKem1024Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568) ++let t_Kyber1024Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) + + unfold +-let t_MlKem1024PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168) ++let t_Kyber1024PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168) + + unfold +-let t_MlKem1024PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568) ++let t_Kyber1024PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568) + +-val decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 3168)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568)) ++val decapsulate_1024_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 3168)) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +-val encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) ++val encapsulate_1024_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568)) +- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1568))) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val generate_key_pair (randomness: t_Array u8 (sz 64)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) ++val generate_key_pair_1024_ (randomness: t_Array u8 (sz 64)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.439793114 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.485791296 +0100 -@@ -5,20 +5,21 @@ +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.496355655 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.548355158 +0100 +@@ -3,37 +3,23 @@ + open Core + open FStar.Mul - let decapsulate_512_ - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) -- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) +-let decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux.Kem.Kyber.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) ++let decapsulate_512_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) = + Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber512_params + (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) secret_key ciphertext - let encapsulate_512_ - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) +-let encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux.Kem.Kyber.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) ++let encapsulate_512_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) = + Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber512_params + (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) = +-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) = +- if +- Libcrux.Kem.Kyber.validate_public_key (sz 2) +- (sz 768) +- (sz 800) +- public_key.Libcrux.Kem.Kyber.Types.f_value +- then +- Core.Option.Option_Some public_key +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) +- else +- Core.Option.Option_None +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) +- +-let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux.Kem.Kyber.generate_keypair (sz 2) ++let generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) = + Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber512_params + (sz 2) (sz 768) (sz 1632) (sz 800) +diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti +--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 10:39:21.535355282 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 10:39:21.556355082 +0100 +@@ -63,32 +63,27 @@ + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ + + unfold +-let t_MlKem512Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768) ++let t_Kyber512Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) + + unfold +-let t_MlKem512PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632) ++let t_Kyber512PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632) + + unfold +-let t_MlKem512PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800) ++let t_Kyber512PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800) + +-val decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 1632)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768)) ++val decapsulate_512_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 1632)) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +-val encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) ++val encapsulate_512_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800)) +- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 800))) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val generate_key_pair (randomness: t_Array u8 (sz 64)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 1632) (sz 800)) ++val generate_key_pair_512_ (randomness: t_Array u8 (sz 64)) ++ : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.434793312 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.487791217 +0100 -@@ -3,22 +3,24 @@ +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.491355703 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.550355139 +0100 +@@ -3,37 +3,24 @@ open Core open FStar.Mul -+ - let decapsulate_768_ - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) -- (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) +-let decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux.Kem.Kyber.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) ++ ++let decapsulate_768_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) + (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) = + Libcrux.Kem.Kyber.decapsulate #Spec.Kyber.kyber768_params + (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) secret_key ciphertext - let encapsulate_768_ - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) +-let encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux.Kem.Kyber.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) ++let encapsulate_768_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) = + Libcrux.Kem.Kyber.encapsulate #Spec.Kyber.kyber768_params + (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) = +-let validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) = +- if +- Libcrux.Kem.Kyber.validate_public_key (sz 3) +- (sz 1152) +- (sz 1184) +- public_key.Libcrux.Kem.Kyber.Types.f_value +- then +- Core.Option.Option_Some public_key +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) +- else +- Core.Option.Option_None +- <: +- Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) +- +-let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux.Kem.Kyber.generate_keypair (sz 3) ++let generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) = + Libcrux.Kem.Kyber.generate_keypair #Spec.Kyber.kyber768_params + (sz 3) (sz 1152) (sz 2400) (sz 1184) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.468791968 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.488791178 +0100 -@@ -74,16 +74,19 @@ - val decapsulate_768_ - (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) - (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.529355340 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.551355129 +0100 +@@ -63,32 +63,30 @@ + Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ + + unfold +-let t_MlKem768Ciphertext = Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088) ++let t_Kyber768Ciphertext = Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) + + unfold +-let t_MlKem768PrivateKey = Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400) ++let t_Kyber768PrivateKey = Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400) + + unfold +-let t_MlKem768PublicKey = Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184) ++let t_Kyber768PublicKey = Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184) + +-val decapsulate +- (secret_key: Libcrux.Kem.Kyber.Types.t_MlKemPrivateKey (sz 2400)) +- (ciphertext: Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) ++val decapsulate_768_ ++ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) ++ (ciphertext: Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088)) + : Pure (t_Array u8 (sz 32)) + (requires True) + (ensures (fun res -> res == Spec.Kyber.kyber768_decapsulate secret_key.f_value ciphertext.f_value)) - val encapsulate_768_ - (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) +-val encapsulate +- (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) ++val encapsulate_768_ ++ (public_key: Libcrux.Kem.Kyber.Types.t_KyberPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) -- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val validate_public_key (public_key: Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184)) +- : Prims.Pure (Core.Option.t_Option (Libcrux.Kem.Kyber.Types.t_MlKemPublicKey (sz 1184))) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val generate_key_pair (randomness: t_Array u8 (sz 64)) +- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Types.t_KyberCiphertext (sz 1088) & t_Array u8 (sz 32)) + (requires True) + (ensures (fun (ct,ss)-> (ct.f_value,ss) == Spec.Kyber.kyber768_encapsulate public_key.f_value randomness)) - - val generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) -- : Prims.Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) -- Prims.l_True -- (fun _ -> Prims.l_True) ++ ++val generate_key_pair_768_ (randomness: t_Array u8 (sz 64)) + : Pure (Libcrux.Kem.Kyber.Types.t_KyberKeyPair (sz 2400) (sz 1184)) + (requires (True)) + (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) + diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst ---- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.453792561 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.498790783 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.516355464 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.563355015 +0100 @@ -3,192 +3,188 @@ open Core open FStar.Mul @@ -3497,8 +3704,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem. + admit(); //P-F v_A_transpose diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.440793075 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.515790111 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.498355636 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.583354824 +0100 @@ -3,39 +3,71 @@ open Core open FStar.Mul @@ -3601,8 +3808,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem + if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A + else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst ---- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.447792798 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.504790546 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.509355531 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.570354948 +0100 @@ -1,56 +1,130 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -4533,8 +4740,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyb + down_cast_poly_b #(8*3328) #3328 re +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.451792640 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.497790822 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.514355483 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.562355024 +0100 @@ -2,223 +2,80 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -4827,8 +5034,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Ky + (ensures fun _ -> True) + diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst ---- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.475791692 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.525789716 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.537355263 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.596354699 +0100 @@ -3,27 +3,34 @@ open Core open FStar.Mul @@ -5241,8 +5448,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Ke + out +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.432793391 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.523789795 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.490355712 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.592354738 +0100 @@ -3,77 +3,37 @@ open Core open FStar.Mul @@ -5343,8 +5550,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.K +// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.473791771 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.484791336 +0100 +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.533355301 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.546355177 +0100 @@ -1,1301 +1,4 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -6650,7 +6857,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K +include Libcrux.Kem.Kyber.Serialize.PartA +include Libcrux.Kem.Kyber.Serialize.PartB diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-30 10:40:46.436793233 +0100 +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 10:39:21.493355684 +0100 +++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,119 +0,0 @@ -module Libcrux.Kem.Kyber.Serialize @@ -6774,7 +6981,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux. - : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst --- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-30 10:40:46.511790269 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-31 10:39:21.579354862 +0100 @@ -0,0 +1,182 @@ +module Libcrux.Kem.Kyber.Serialize.PartA +#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" @@ -6960,7 +7167,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-edited/Lib + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti --- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-30 10:40:46.510790309 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-31 10:39:21.577354881 +0100 @@ -0,0 +1,91 @@ +module Libcrux.Kem.Kyber.Serialize.PartA +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -7055,7 +7262,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-edited/Li + ) diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst --- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-30 10:40:46.507790427 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-31 10:39:21.574354910 +0100 @@ -0,0 +1,1192 @@ +module Libcrux.Kem.Kyber.Serialize.PartB +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -8251,7 +8458,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Lib +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti --- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-30 10:40:46.494790941 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-31 10:39:21.558355063 +0100 @@ -0,0 +1,108 @@ +module Libcrux.Kem.Kyber.Serialize.PartB +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -8362,33 +8569,145 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Li + (requires True) + (ensures (fun res -> True)) diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst ---- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.450792679 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.500790704 +0100 -@@ -3,6 +3,8 @@ +--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.512355502 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.565354996 +0100 +@@ -3,31 +3,33 @@ open Core open FStar.Mul +-type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } +type t_Error = | Error_RejectionSampling : t_Error + - type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } ++type t_KyberCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +- { f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value } ++let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberCiphertext v_SIZE) (t_Slice u8) = ++ { f_as_ref = fun (self: t_KyberCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemCiphertext v_SIZE } ++let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (t_Array u8 v_SIZE) = ++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberCiphertext v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -@@ -50,7 +52,9 @@ - let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE +-let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = ++let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_KyberCiphertext v_SIZE) (t_Array u8 v_SIZE) = + { + f_from + = + fun (value: t_Array u8 v_SIZE) -> +- { f_value = Core.Clone.f_clone value } <: t_MlKemCiphertext v_SIZE ++ { f_value = Core.Clone.f_clone value } <: t_KyberCiphertext v_SIZE + } - let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +- { f_from = fun (value: t_MlKemCiphertext v_SIZE) -> value.f_value } ++let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberCiphertext v_SIZE) = ++ { f_from = fun (value: t_KyberCiphertext v_SIZE) -> value.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = ++let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberCiphertext v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from +@@ -35,49 +37,51 @@ + fun (value: t_Slice u8) -> + match Core.Convert.f_try_into value with + | Core.Result.Result_Ok value -> +- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE) ++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberCiphertext v_SIZE) + <: +- Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError + | Core.Result.Result_Err e -> + Core.Result.Result_Err e + <: +- Core.Result.t_Result (t_MlKemCiphertext v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberCiphertext v_SIZE) Core.Array.t_TryFromSliceError + } + +-let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : t_Array u8 v_SIZE = ++let impl_6__as_slice (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +-let impl_6__len (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : usize = v_SIZE ++let impl_6__len (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) : usize = v_SIZE + +-let impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) - : (t_Slice u8 & t_Slice u8) = ++let impl_6__split_at (v_SIZE: usize) (self: t_KyberCiphertext v_SIZE) (mid: usize) + : Pure (t_Slice u8 & t_Slice u8) + (requires (mid <=. v_SIZE)) + (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } -@@ -99,8 +103,11 @@ +-type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } ++type t_KyberPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +- { f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value } ++let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPrivateKey v_SIZE) (t_Slice u8) = ++ { f_as_ref = fun (self: t_KyberPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPrivateKey v_SIZE } ++let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (t_Array u8 v_SIZE) = ++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberPrivateKey v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = ++let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPrivateKey v_SIZE) (t_Array u8 v_SIZE) = + { + f_from + = + fun (value: t_Array u8 v_SIZE) -> +- { f_value = Core.Clone.f_clone value } <: t_MlKemPrivateKey v_SIZE ++ { f_value = Core.Clone.f_clone value } <: t_KyberPrivateKey v_SIZE + } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +- { f_from = fun (value: t_MlKemPrivateKey v_SIZE) -> value.f_value } ++let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPrivateKey v_SIZE) = ++ { f_from = fun (value: t_KyberPrivateKey v_SIZE) -> value.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = ++let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPrivateKey v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from +@@ -85,49 +89,52 @@ + fun (value: t_Slice u8) -> + match Core.Convert.f_try_into value with + | Core.Result.Result_Ok value -> +- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE) ++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberPrivateKey v_SIZE) + <: +- Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError + | Core.Result.Result_Err e -> + Core.Result.Result_Err e + <: +- Core.Result.t_Result (t_MlKemPrivateKey v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberPrivateKey v_SIZE) Core.Array.t_TryFromSliceError + } + +-let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : t_Array u8 v_SIZE = ++let impl_12__as_slice (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : t_Array u8 v_SIZE = + self.f_value - let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE +-let impl_12__len (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : usize = v_SIZE ++let impl_12__len (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) : usize = v_SIZE --let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) +-let impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) - : (t_Slice u8 & t_Slice u8) = +val impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) + : Pure (t_Slice u8 & t_Slice u8) @@ -8397,30 +8716,158 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.K +let impl_12__split_at (v_SIZE: usize) (self: t_KyberPrivateKey v_SIZE) (mid: usize) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } -@@ -150,7 +157,9 @@ - let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE +-type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } ++type t_KyberPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +- { f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value } ++let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_KyberPublicKey v_SIZE) (t_Slice u8) = ++ { f_as_ref = fun (self: t_KyberPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +- { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_MlKemPublicKey v_SIZE } ++let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (t_Array u8 v_SIZE) = ++ { f_from = fun (value: t_Array u8 v_SIZE) -> { f_value = value } <: t_KyberPublicKey v_SIZE } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = ++let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_KyberPublicKey v_SIZE) (t_Array u8 v_SIZE) = + { + f_from + = + fun (value: t_Array u8 v_SIZE) -> +- { f_value = Core.Clone.f_clone value } <: t_MlKemPublicKey v_SIZE ++ { f_value = Core.Clone.f_clone value } <: t_KyberPublicKey v_SIZE + } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +- { f_from = fun (value: t_MlKemPublicKey v_SIZE) -> value.f_value } ++let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_KyberPublicKey v_SIZE) = ++ { f_from = fun (value: t_KyberPublicKey v_SIZE) -> value.f_value } + + [@@ FStar.Tactics.Typeclasses.tcinstance] +-let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = ++let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_KyberPublicKey v_SIZE) (t_Slice u8) = + { + f_Error = Core.Array.t_TryFromSliceError; + f_try_from +@@ -135,61 +142,63 @@ + fun (value: t_Slice u8) -> + match Core.Convert.f_try_into value with + | Core.Result.Result_Ok value -> +- Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE) ++ Core.Result.Result_Ok ({ f_value = value } <: t_KyberPublicKey v_SIZE) + <: +- Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError + | Core.Result.Result_Err e -> + Core.Result.Result_Err e + <: +- Core.Result.t_Result (t_MlKemPublicKey v_SIZE) Core.Array.t_TryFromSliceError ++ Core.Result.t_Result (t_KyberPublicKey v_SIZE) Core.Array.t_TryFromSliceError + } + +-let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : t_Array u8 v_SIZE = ++let impl_18__as_slice (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : t_Array u8 v_SIZE = + self.f_value + +-let impl_18__len (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : usize = v_SIZE ++let impl_18__len (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) : usize = v_SIZE - let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) +-let impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) - : (t_Slice u8 & t_Slice u8) = ++let impl_18__split_at (v_SIZE: usize) (self: t_KyberPublicKey v_SIZE) (mid: usize) + : Pure (t_Slice u8 & t_Slice u8) + (requires (mid <=. v_SIZE)) + (ensures (fun (x,y) -> Seq.length x == v mid /\ Seq.length y == v (v_SIZE -! mid))) = Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { +-type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { +- f_sk:t_MlKemPrivateKey v_PRIVATE_KEY_SIZE; +- f_pk:t_MlKemPublicKey v_PUBLIC_KEY_SIZE ++type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { ++ f_sk:t_KyberPrivateKey v_PRIVATE_KEY_SIZE; ++ f_pk:t_KyberPublicKey v_PUBLIC_KEY_SIZE + } + + let impl__from + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +- (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) +- (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) +- : t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = +- { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE ++ (sk: t_KyberPrivateKey v_PRIVATE_KEY_SIZE) ++ (pk: t_KyberPublicKey v_PUBLIC_KEY_SIZE) ++ : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = ++ { f_sk = sk; f_pk = pk } <: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE + + let impl__new + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) + (sk: t_Array u8 v_PRIVATE_KEY_SIZE) + (pk: t_Array u8 v_PUBLIC_KEY_SIZE) +- : t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = ++ : t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = + { f_sk = Core.Convert.f_into sk; f_pk = Core.Convert.f_into pk } + <: +- t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE ++ t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE + + let impl__pk + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_Array u8 v_PUBLIC_KEY_SIZE = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk + + let impl__private_key + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) +- : t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk ++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ : t_KyberPrivateKey v_PRIVATE_KEY_SIZE = self.f_sk + + let impl__public_key + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) +- : t_MlKemPublicKey v_PUBLIC_KEY_SIZE = self.f_pk ++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ : t_KyberPublicKey v_PUBLIC_KEY_SIZE = self.f_pk + + let impl__sk + (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) +- (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) ++ (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti ---- extraction/Libcrux_platform.fsti 2024-01-30 10:40:46.456792442 +0100 -+++ extraction-edited/Libcrux_platform.fsti 2024-01-30 10:40:46.530789518 +0100 -@@ -1,4 +1,4 @@ +--- extraction/Libcrux_platform.fsti 2024-01-31 10:39:21.520355426 +0100 ++++ extraction-edited/Libcrux_platform.fsti 2024-01-31 10:39:21.601354652 +0100 +@@ -1,20 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul --val simd256_support : unit -> bool +-val bmi2_adx_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val simd256_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val x25519_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val adv_simd_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val aes_ni_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val pmull_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val sha256_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +- +-val simd128_support: Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +val simd256_support: bool diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst --- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/MkSeq.fst 2024-01-30 10:40:46.518789992 +0100 ++++ extraction-edited/MkSeq.fst 2024-01-31 10:39:21.587354785 +0100 @@ -0,0 +1,91 @@ +module MkSeq +open Core @@ -8515,7 +8962,7 @@ diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst --- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Spec.Kyber.fst 2024-01-30 10:40:46.528789597 +0100 ++++ extraction-edited/Spec.Kyber.fst 2024-01-31 10:39:21.599354671 +0100 @@ -0,0 +1,426 @@ +module Spec.Kyber +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch index c79aa71a3..354e3d955 100644 --- a/proofs/fstar/extraction-secret-independent.patch +++ b/proofs/fstar/extraction-secret-independent.patch @@ -1,6 +1,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.514790151 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-30 10:40:46.554788570 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.582354833 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.630354375 +0100 @@ -1,356 +1,81 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -397,8 +397,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-i - - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.501790664 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-30 10:40:46.560788333 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.567354977 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.637354308 +0100 @@ -3,32 +3,10 @@ open Core open FStar.Mul @@ -746,8 +746,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.505790506 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-30 10:40:46.559788372 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.572354929 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.635354327 +0100 @@ -1,79 +1,39 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" @@ -852,8 +852,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-ind + (Core.Ops.Arith.Neg.neg fe <: i32) &. + ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.508790388 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-30 10:40:46.543789005 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.575354900 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.616354508 +0100 @@ -3,42 +3,44 @@ open Core open FStar.Mul @@ -925,8 +925,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-in - (fun result -> v result >= 0 /\ v result < 3329) + : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.534789360 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-30 10:40:46.542789044 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.607354594 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.615354518 +0100 @@ -15,8 +15,7 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -938,8 +938,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-i let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.491791059 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-30 10:40:46.538789202 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.555355091 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.611354556 +0100 @@ -4,163 +4,61 @@ open FStar.Mul @@ -1128,8 +1128,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-s -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.502790625 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-30 10:40:46.571787898 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.569354958 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.650354183 +0100 @@ -20,26 +20,30 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1173,7 +1173,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction- + result = rhs <: bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst --- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-30 10:40:46.583787424 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 10:39:21.663354059 +0100 @@ -0,0 +1,87 @@ +module Libcrux.Kem.Kyber.Conversions +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1264,8 +1264,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret- + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ Pas de fin de ligne à la fin du fichier diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst ---- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.527789637 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-30 10:40:46.577787661 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.598354680 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.657354117 +0100 @@ -1,29 +1,12 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -1509,8 +1509,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) - diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti ---- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.490791099 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-30 10:40:46.573787819 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.553355110 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.652354165 +0100 @@ -10,75 +10,31 @@ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -1600,8 +1600,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.519789953 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-30 10:40:46.553788609 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.589354766 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.629354384 +0100 @@ -3,27 +3,18 @@ open Core open FStar.Mul @@ -1650,8 +1650,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secr - admit(); //P-F out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.512790229 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-30 10:40:46.568788017 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.580354852 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.647354212 +0100 @@ -3,24 +3,12 @@ open Core open FStar.Mul @@ -1683,7 +1683,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-sec + : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst --- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-30 10:40:46.578787621 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 10:39:21.658354107 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem.Kyber.Helper +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1692,8 +1692,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-indep + + diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.517790032 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-30 10:40:46.546788886 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.585354805 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.620354470 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2404,8 +2404,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-inde - res - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.532789439 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-30 10:40:46.580787543 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.605354613 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.660354088 +0100 @@ -1,152 +1,80 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2608,8 +2608,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-ind + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.495790901 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-30 10:40:46.566788095 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.560355043 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.644354241 +0100 @@ -3,23 +3,22 @@ open Core open FStar.Mul @@ -2643,8 +2643,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-in (sz 3168) (sz 1568) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.485791296 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-30 10:40:46.547788847 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.548355158 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.622354451 +0100 @@ -5,21 +5,20 @@ let decapsulate_512_ @@ -2675,8 +2675,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-ind (sz 1632) (sz 800) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.487791217 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-30 10:40:46.550788728 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.550355139 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.625354422 +0100 @@ -3,24 +3,22 @@ open Core open FStar.Mul @@ -2710,8 +2710,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-ind (sz 2400) (sz 1184) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.488791178 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-30 10:40:46.562788254 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.551355129 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.639354289 +0100 @@ -74,19 +74,16 @@ val decapsulate_768_ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) @@ -2740,8 +2740,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.498790783 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-30 10:40:46.584787384 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.563355015 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.665354040 +0100 @@ -3,418 +3,432 @@ open Core open FStar.Mul @@ -3550,8 +3550,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-indep - admit(); //P-F v_A_transpose diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.515790111 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-30 10:40:46.557788451 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.583354824 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.634354336 +0100 @@ -3,71 +3,39 @@ open Core open FStar.Mul @@ -3654,8 +3654,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-inde + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.504790546 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-30 10:40:46.540789123 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.570354948 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.613354537 +0100 @@ -1,130 +1,56 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -4586,8 +4586,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independ -#pop-options + re diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.497790822 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-30 10:40:46.574787780 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.562355024 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.653354155 +0100 @@ -2,80 +2,224 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -4881,8 +4881,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-indepen + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.525789716 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-30 10:40:46.581787503 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.596354699 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.662354069 +0100 @@ -3,34 +3,27 @@ open Core open FStar.Mul @@ -5319,8 +5319,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-ind -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.523789795 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-30 10:40:46.556788491 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.592354738 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.632354356 +0100 @@ -3,37 +3,77 @@ open Core open FStar.Mul @@ -5421,8 +5421,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.484791336 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-30 10:40:46.564788175 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.546355177 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.643354250 +0100 @@ -1,4 +1,1301 @@ module Libcrux.Kem.Kyber.Serialize +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -6729,7 +6729,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in + serialized diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti --- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-30 10:40:46.563788214 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 10:39:21.641354270 +0100 @@ -0,0 +1,119 @@ +module Libcrux.Kem.Kyber.Serialize +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -6851,7 +6851,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-30 10:40:46.511790269 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-31 10:39:21.579354862 +0100 +++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,182 +0,0 @@ -module Libcrux.Kem.Kyber.Serialize.PartA @@ -7037,7 +7037,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-sec -#pop-options - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-30 10:40:46.510790309 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-31 10:39:21.577354881 +0100 +++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module Libcrux.Kem.Kyber.Serialize.PartA @@ -7132,7 +7132,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-se - (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 - ) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-30 10:40:46.507790427 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-31 10:39:21.574354910 +0100 +++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,1192 +0,0 @@ -module Libcrux.Kem.Kyber.Serialize.PartB @@ -8328,7 +8328,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - serialized -#pop-options diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-30 10:40:46.494790941 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-31 10:39:21.558355063 +0100 +++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 @@ -1,108 +0,0 @@ -module Libcrux.Kem.Kyber.Serialize.PartB @@ -8440,8 +8440,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-se - (requires True) - (ensures (fun res -> True)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst ---- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.500790704 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-30 10:40:46.549788767 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.565354996 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.623354442 +0100 @@ -3,8 +3,6 @@ open Core open FStar.Mul @@ -8488,8 +8488,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-indepe type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti ---- extraction-edited/Libcrux_platform.fsti 2024-01-30 10:40:46.530789518 +0100 -+++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-30 10:40:46.576787701 +0100 +--- extraction-edited/Libcrux_platform.fsti 2024-01-31 10:39:21.601354652 +0100 ++++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 10:39:21.655354136 +0100 @@ -1,4 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -8497,7 +8497,7 @@ diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/ -val simd256_support: bool +val simd256_support : unit -> bool diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst ---- extraction-edited/MkSeq.fst 2024-01-30 10:40:46.518789992 +0100 +--- extraction-edited/MkSeq.fst 2024-01-31 10:39:21.587354785 +0100 +++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module MkSeq @@ -8592,7 +8592,7 @@ diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst - -%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst ---- extraction-edited/Spec.Kyber.fst 2024-01-30 10:40:46.528789597 +0100 +--- extraction-edited/Spec.Kyber.fst 2024-01-31 10:39:21.599354671 +0100 +++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,426 +0,0 @@ -module Spec.Kyber From cba178661e959b60bf710e3f77a6205fce9c0f98 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 30 Jan 2024 16:16:26 +0100 Subject: [PATCH 04/19] 'fix(kyber/fstar): drop `assume` on `bytes_to_bits` and `bits_to_bytes`' This PR has a companion Hax PR: https://github.com/hacspec/hax/pull/479 --- proofs/fstar/extraction-edited/Spec.Kyber.fst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/proofs/fstar/extraction-edited/Spec.Kyber.fst b/proofs/fstar/extraction-edited/Spec.Kyber.fst index 9b486e615..6d7eec5fa 100644 --- a/proofs/fstar/extraction-edited/Spec.Kyber.fst +++ b/proofs/fstar/extraction-edited/Spec.Kyber.fst @@ -167,15 +167,17 @@ type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} let compress_d (d: dT {d <> 12}) (x: field_element): field_element = (pow2 d * x + 1664) / v v_FIELD_MODULUS -assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit)) +let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) : Pure (t_Array u8 bytes) (requires True) - (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i)) + (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == bv i)) + = bit_vec_to_int_arr 8 bv -assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) - : Pure (i:nat {i < v bytes * 8} -> bit) +let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) + : Pure (i: bit_vec (v bytes * 8)) (requires True) (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) + = bit_vec_of_int_arr r 8 let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) From 5fc87b92965933ca536ff924976c161a5a878c53 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 09:11:28 +0100 Subject: [PATCH 05/19] chore(kyber/fstar): hints --- .../.hints/Spec.Kyber.fst.hints | 1726 +++++++++++++++-- 1 file changed, 1544 insertions(+), 182 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Spec.Kyber.fst.hints b/proofs/fstar/extraction-edited/.hints/Spec.Kyber.fst.hints index 270ecb1d6..a1608ae39 100644 --- a/proofs/fstar/extraction-edited/.hints/Spec.Kyber.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Spec.Kyber.fst.hints @@ -1,6 +1,104 @@ [ - "j@K\u0000nGę", + "N\u001c\u0017\u00187b\u001aC\u001b", [ + [ + "Spec.Kyber.map'", + 1, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_inversion", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_FStar.Seq.Base.length", + "typing_Rust_primitives.Arrays.length", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v" + ], + 0, + "4cee50fccd8e3af076158cf1ec335a79" + ], + [ + "Spec.Kyber.flatten", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5ea3e8723d30319eef6f4c2706107a9a", + "refinement_interpretation_Tm_refine_777aab82f2970a9aaa25e7f1aa9ce592", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "b29e890e5f2c2b54b24a18ff67867784" + ], [ "Spec.Kyber.v_BITS_PER_COEFFICIENT", 1, @@ -37,7 +135,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "55f2de7988ca9d3764bfa0372bc403c2" + "4f4aff214d19fa288de88e967c0cb3c6" ], [ "Spec.Kyber.v_COEFFICIENTS_IN_RING_ELEMENT", @@ -75,7 +173,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0a6330064318b60857c66f11bbe0f825" + "0680ca26c1eb53aab12fc10703933847" ], [ "Spec.Kyber.v_BITS_PER_RING_ELEMENT", @@ -113,7 +211,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f9da4a7e0c84e8e0b5234e171ae92f7a" + "e5fb5193775ec6df6283b7aec2f667e6" ], [ "Spec.Kyber.v_BYTES_PER_RING_ELEMENT", @@ -151,7 +249,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7a4a5a972256da24e60a2146b5969744" + "cec2a41902a5c7ec114c3977e07d7023" ], [ "Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE", @@ -189,7 +287,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d218c154b110f7bad112a4878ffcd58e" + "1bf3e5aedabff883e8320ad9cc0decc5" ], [ "Spec.Kyber.v_H_DIGEST_SIZE", @@ -227,7 +325,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ad2865f3b00d68cefa61ede6f7fce977" + "78500eb23d61b006bfe0243557a18f5b" ], [ "Spec.Kyber.v_REJECTION_SAMPLING_SEED_SIZE", @@ -265,7 +363,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "30cbe21723e9c132467a5ba6f5e49a41" + "bd1b3553bca4611aa801e0e5c4a5ecc0" ], [ "Spec.Kyber.params_", @@ -289,7 +387,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "69ddff9e7967e5219c44b8e0e381b789" + "78d434254f73721596cb434679b7385a" ], [ "Spec.Kyber.valid_params", @@ -337,7 +435,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "580639be542eb34a2109799e5e4f1dc0" + "c2fb801d1727bb9231a1694b1d865dc5" ], [ "Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", @@ -375,7 +473,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c90d85e1d5cd3c65c558347ed65ef1e7" + "430c0e3b62e831ef1bf2361b6958cb08" ], [ "Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", @@ -428,7 +526,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9b907f59510f01bb563ea43eab4db871" + "0d1b3cb455866c9cc4479b318e7b3579" ], [ "Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", @@ -466,7 +564,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9d29ac08e78cc34349e068fffd2aa693" + "c77ff3ca2fbcec3415c089fdbf901c55" ], [ "Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", @@ -518,7 +616,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e802ec2dbf8a2f07c127bc601986b137" + "04e5b3ccc0ec6487e1756400cf6f952f" ], [ "Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", @@ -568,7 +666,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9ee8cf37cf29dc5474fc1fb9d659e27d" + "79ee3bb6d37a1c1a737a7331b91c5081" ], [ "Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", @@ -624,7 +722,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "55aeca7cfd42189e89124346ec3b0391" + "730f21aed94970a3fc66aa324f19b06a" ], [ "Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", @@ -674,7 +772,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "81427ee96b93961ba5c1d0395f1f33fa" + "0e167279b7945d79c5f518d83b83932c" ], [ "Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", @@ -724,7 +822,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d9490426bfea52421f330c04eee5ae39" + "6bb1a26713cd5343661c65a5ffc70b39" ], [ "Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", @@ -774,7 +872,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bff6d1fc6fd661e4fecde07cb646524b" + "67af3bfe235d2c679382652ce9c9a97a" ], [ "Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", @@ -833,7 +931,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "349a13a43b2ebfe9a6040654cdb187b1" + "b67797665099d15684c8102f27e44a17" ], [ "Spec.Kyber.v_SECRET_KEY_SIZE", @@ -883,7 +981,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "6f4513b0f308f87c056075026804d6b8" + "58063d8216978ba530d8b5125613c3bb" ], [ "Spec.Kyber.v_SECRET_KEY_SIZE", @@ -951,7 +1049,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0c7b656fd1c7a7c391ffdf27b596a610" + "d3b9683e13736502f64ec310ce7748a2" ], [ "Spec.Kyber.v_C1_BLOCK_SIZE", @@ -997,7 +1095,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1d3025d2e0b24511c821320ce036ed76" + "e2b555254072e8f907decf98649edd42" ], [ "Spec.Kyber.v_C1_BLOCK_SIZE", @@ -1051,7 +1149,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0e57e542b7c99fe15febb21dcef0d7f2" + "51b64188b31ea7ad17c5e18fc859dc52" ], [ "Spec.Kyber.v_C1_SIZE", @@ -1089,7 +1187,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "caa69f4a81824f482457650d1811f205" + "a1507316deb72626eb445f244b8098f7" ], [ "Spec.Kyber.v_C1_SIZE", @@ -1152,7 +1250,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "ed1b265ebee430de3990a32280657dc7" + "d0d23d4e8b65ca2eac2af4bb65fb38be" ], [ "Spec.Kyber.v_C2_SIZE", @@ -1198,7 +1296,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "cfe2d47aa37441248dd97aae26de5597" + "a2e8ce8e63f45ef0104258788a1023b0" ], [ "Spec.Kyber.v_C2_SIZE", @@ -1251,7 +1349,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "6238678e5e4e7cb9a384350070a5f361" + "65065d4da2e18c640612821c14d611dd" ], [ "Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", @@ -1322,7 +1420,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "639df96040c01034c62b0149857413cb" + "43deed939439bcdc75aba0c6ff76c956" ], [ "Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -1402,7 +1500,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "46eb570e3082cbafcb7afc8c28bef241" + "75473f084cda34a88a1d032be03b2a5e" ], [ "Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", @@ -1448,7 +1546,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8fe3c595152241350681635c1779c61f" + "622dc323d90dba3468aa84a14559f49c" ], [ "Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", @@ -1507,7 +1605,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "eca84acbcf388949918323c400182d72" + "1c99acb3b967607909f0dcc3bdb886d0" ], [ "Spec.Kyber.t_Result", @@ -1516,7 +1614,7 @@ 1, [ "@query" ], 0, - "47a00d29bbb4167283bc01144ded1ac8" + "d6235a705485aa219ec95d07581a1a6c" ], [ "Spec.Kyber.__proj__Ok__item___0", @@ -1528,7 +1626,7 @@ "refinement_interpretation_Tm_refine_1b102a22f9e78dd36ce7df9b9f30d4ae" ], 0, - "4bff357534689a9d407bc58413e294b0" + "d9ed40a2b49d084ee48f003c1aae2885" ], [ "Spec.Kyber.__proj__Err__item___0", @@ -1540,7 +1638,7 @@ "refinement_interpretation_Tm_refine_dec1a26e2d89f644ded10c99d120cfd7" ], 0, - "bf792bcea39451cf09f727f412afc316" + "880bae4fbadd47b2bd7ca89bba94419f" ], [ "Spec.Kyber.v_G", @@ -1578,7 +1676,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "44e7fc2a2723019a1d27df34145b5e39" + "80967e3021f7bfd2c03db63d590dfb1a" ], [ "Spec.Kyber.v_H", @@ -1616,7 +1714,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "caacdd038bd40a966de542c816f597bf" + "56de1a190acd7d462d60f40f734e5500" ], [ "Spec.Kyber.v_J", @@ -1655,7 +1753,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7f504fab9a8dc3190eb5a17b59042cf2" + "52aa2fe3d82e52b6fdcd7a36a57c8ca2" ], [ "Spec.Kyber.polynomial", @@ -1693,7 +1791,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4080e0307cc33956525263e40d8d3a5e" + "5334360d0b8fa81ef02eae7708336880" ], [ "Spec.Kyber.sample_matrix_A", @@ -1731,7 +1829,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1015fcaa24ee76812afefa30d3bd6c85" + "48d02537aadac025985cd92946d420ad" ], [ "Spec.Kyber.sample_vector_cbd", @@ -1769,7 +1867,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "e65b1df0246302323ebd713d72c5aff2" + "2d532a2fecaf621f43194dfeb70ececd" ], [ "Spec.Kyber.sample_poly_binomial", @@ -1823,7 +1921,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a1624bc2eaa9235f42b1c035cca3bac9" + "5f4c2f87cbfd5813d87264b2b9918d58" ], [ "Spec.Kyber.sample_poly_cbd", @@ -1861,7 +1959,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2b1a989e3a08cabb85253cfe204e5d0a" + "7297f4e22255be8179e05a8c0902ad59" ], [ "Spec.Kyber.sample_poly_cbd", @@ -1871,7 +1969,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1879,27 +1978,52 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.valid_params", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7be811dccb445fddc98a91947e1fcc35", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "c6f08252da177e3688f3550614685d65" + "494dd7493d779ab6bee738a6e0ad533d" ], [ "Spec.Kyber.sample_poly_cbd", @@ -1963,7 +2087,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "00b8c9f47ebc2d2c7cd2517665834cdf" + "50ef809b2e510ab552430800d15adf6d" ], [ "Spec.Kyber.sample_vector_cbd_then_ntt", @@ -2001,7 +2125,65 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8d067c1478d41a391016e470f12b2e8a" + "9d46fa6fdbfa71e358f49626223e7e8c" + ], + [ + "Spec.Kyber.compress_d", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.dT", + "equation_Spec.Kyber.field_element", + "equation_Spec.Kyber.v_FIELD_MODULUS", "int_inversion", "int_typing", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_595e844c6a8d713d4126310ff4b320d4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c7359e77cabee15ef712ef8911d37772", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.v_FIELD_MODULUS", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "99a0e916e3db909142280f5c44f72fa4" ], [ "Spec.Kyber.bits_to_bytes", @@ -2014,18 +2196,65 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "f4f299f25047445085298b2903713566" + "866d9bb65067869c6fbb049ba3bdeb6f" + ], + [ + "Spec.Kyber.bits_to_bytes", + 2, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "primitive_Prims.op_Multiply", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "560051fb131498ca3984d474018e5064" + ], + [ + "Spec.Kyber.bytes_to_bits", + 1, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.u8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_arr", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.length" + ], + 0, + "10ea572e03411f0ec6d7a48208ea85cc" ], [ - "Spec.Kyber.encode_bytes", + "Spec.Kyber.byte_encode", 1, 0, 1, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", - "Spec.Kyber_interpretation_Tm_arrow_9dce8273322ffa9de8b7d037707b85c4", "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", @@ -2034,64 +2263,47 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", - "equation_Rust_primitives.Arrays.length", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.int_t", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.dT", - "equation_Spec.Kyber.polynomial", "int_inversion", "int_typing", + "equation_Spec.Kyber.dT", "int_inversion", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", - "refinement_interpretation_Tm_refine_166d4c3417fd96f9724976aea8b77dc8", - "refinement_interpretation_Tm_refine_38049ec672286a814b3fe565274988d5", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5fc392dac7e04dd7bdbfe3cf5a747765", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a0ba94daac3508f671b3c67d311f6ca8", + "refinement_interpretation_Tm_refine_595e844c6a8d713d4126310ff4b320d4", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", - "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "typing_Lib.IntTypes.v", "typing_Rust_primitives.Arrays.createi", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Tm_abs_3afc325b5674641b972213d8857ce591", - "typing_tok_Lib.IntTypes.PUB@tok" + "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2878177f875061cab9a20d3a31a1a517" + "ab153d1798b334e40ac784d3958fd87d" ], [ - "Spec.Kyber.compress_then_encode_v", + "Spec.Kyber.byte_decode", 1, 0, 1, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "bool_typing", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", @@ -2100,53 +2312,77 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", - "equation_Spec.Kyber.v_C2_SIZE", "equation_Spec.Kyber.valid_params", - "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.dT", + "equation_Spec.Kyber.map_", "equation_Spec.Kyber.v_FIELD_MODULUS", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_595e844c6a8d713d4126310ff4b320d4", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_dfcb1e9e73d6b2e3e7433033f730bf7e", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_Lib.IntTypes.pub_int_v", + "typing_Rust_primitives.Arrays.createi", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + "typing_Spec.Kyber.v_FIELD_MODULUS", + "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7fa98d3053999c843f80241a674613e3" + "d39e2af3c9e01ae63ee0678f204f3886" ], [ - "Spec.Kyber.ind_cpa_generate_keypair", - 1, + "Spec.Kyber.byte_decode", + 2, 0, 1, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -2154,8 +2390,547 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "data_elim_FStar.Pervasives.Native.Mktuple2", - "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "equation_Spec.Kyber.dT", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_595e844c6a8d713d4126310ff4b320d4", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "ae644decfc152f972dfe381062579ed1" + ], + [ + "Spec.Kyber.vector_encode_12", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.map_", + "equation_Spec.Kyber.params", "equation_Spec.Kyber.polynomial", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "equation_Spec.Kyber.valid_params", "equation_Spec.Kyber.vector", + "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_RANK", + "typing_Spec.Kyber.valid_params", + "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "38feb350f0500cf3a318ffbecb2da985" + ], + [ + "Spec.Kyber.vector_decode_12", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "equation_Spec.Kyber.valid_params", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_Lib.IntTypes.pow2_2", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_439f8078285456e69a4492be8a994f60", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_8af576a73ec9a26ff8580dea2278a598", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "ab00a0cf52611b52d6b2a3707e826843" + ], + [ + "Spec.Kyber.compress_then_byte_encode", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "Spec.Kyber_interpretation_Tm_arrow_9dce8273322ffa9de8b7d037707b85c4", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.dT", + "equation_Spec.Kyber.polynomial", "int_inversion", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_166d4c3417fd96f9724976aea8b77dc8", + "refinement_interpretation_Tm_refine_38049ec672286a814b3fe565274988d5", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_595e844c6a8d713d4126310ff4b320d4", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a0ba94daac3508f671b3c67d311f6ca8", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c7359e77cabee15ef712ef8911d37772", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Tm_abs_2264a8fb7745580ca0df79ca4c2f1ce5", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "091b2e1068cfa43a6c6875a01259d65d" + ], + [ + "Spec.Kyber.compress_then_encode_u", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "Spec.Kyber_interpretation_Tm_arrow_b8f3797486a5f5b555d3817e995f58de", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.polynomial", "equation_Spec.Kyber.valid_params", + "equation_Spec.Kyber.vector", + "fuel_guarded_inversion_Spec.Kyber.params_", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_436367a2f03ad853bec12b19c1846e96", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b1f55fd9219711ebc3ad00ea54defdad", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.t_Array", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_RANK", + "typing_Spec.Kyber.__proj__Mkparams___item__v_VECTOR_U_COMPRESSION_FACTOR", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", + "typing_Tm_abs_85e8ff3beeb7aaf5b28387e5fdd5b75d", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "0f8149c86c1c7fb6836df43d9015307a" + ], + [ + "Spec.Kyber.decode_then_decompress_u", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.gte", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_Spec.Kyber.params_", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0082db4ed4536a01d4e126fcec0c045c", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_439f8078285456e69a4492be8a994f60", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.lt", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_RANK", + "typing_Spec.Kyber.__proj__Mkparams___item__v_VECTOR_U_COMPRESSION_FACTOR", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "30ad18575616edb246367118df1cd436" + ], + [ + "Spec.Kyber.compress_then_encode_v", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_C2_SIZE", "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "fbb36f44cf368f9af5efb3d9c2b5a9cd" + ], + [ + "Spec.Kyber.decode_then_decompress_v", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_C2_SIZE", "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "a503da59523b36f6229c846ce8b2a647" + ], + [ + "Spec.Kyber.ind_cpa_generate_keypair", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", @@ -2224,7 +2999,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b058dad3973e96a4be54f3200bdf3f88" + "addf2a07ddaed1754e50bd5ae6968dc6" ], [ "Spec.Kyber.ind_cpa_encrypt", @@ -2328,7 +3103,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "098253585aef24e41a111d1360a1b514" + "3c5281479cf3f49e1666d2571456a361" ], [ "Spec.Kyber.ind_cpa_decrypt", @@ -2380,7 +3155,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "99398e7932197f7bf122b31930867bb5" + "30b8e25753ae8707ae6b5884c5356c6a" ], [ "Spec.Kyber.ind_cca_generate_keypair", @@ -2497,7 +3272,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "72f76f4a24d8f6914d5342a3eb6afe66" + "b285acbca2e0a945fbf488520bc47b37" ], [ "Spec.Kyber.ind_cca_encapsulate", @@ -2574,7 +3349,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "3802d93f1af8f454bf41ba23f03f0b4f" + "1d0698a7b04a1041eb377de674460999" ], [ "Spec.Kyber.ind_cca_decapsulate", @@ -2696,7 +3471,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "05cbdceb7fdf132fe17c1f0a257cd26b" + "f8ac760e9f1de9f5ba36977c01aa3256" ], [ "Spec.Kyber.kyber768_params", @@ -2749,7 +3524,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "454587c785699702842fbb3a194d0421" + "f013d31926857954ed8f6f5a8c338176" ], [ "Spec.Kyber.kyber768_generate_keypair", @@ -2759,7 +3534,10 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "Spec.Kyber_interpretation_Tm_arrow_5b864e552c0ff441929523e016bf2b54", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -2767,27 +3545,105 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.split", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.compute_As_plus_e", + "equation_Spec.Kyber.flatten", + "equation_Spec.Kyber.ind_cca_generate_keypair", + "equation_Spec.Kyber.ind_cpa_generate_keypair", + "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.map_", + "equation_Spec.Kyber.polynomial", + "equation_Spec.Kyber.sample_vector_cbd_then_ntt", + "equation_Spec.Kyber.t_KyberKeyPair", + "equation_Spec.Kyber.t_KyberPrivateKey", + "equation_Spec.Kyber.t_KyberPublicKey", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.vector_encode_12", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5ea3e8723d30319eef6f4c2706107a9a", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d26fa327c2c1ff0a9633e2624291cd2a", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "refinement_interpretation_Tm_refine_ed95cbcc65ce70ece9e84ad5f1db743e", + "refinement_interpretation_Tm_refine_f2f124f4ff354f341e763b0410e68fde", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.split", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_G", "typing_Spec.Kyber.v_H", + "typing_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_Tm_abs_0101aabc80c2620620c59c92a7c67f6d", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "337c6772741f4e986cb9db6cba4ee9c6" + "f6868114a0e1263008d4a26cd010502b" ], [ "Spec.Kyber.kyber768_generate_keypair", @@ -2911,7 +3767,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "566a36276f8d0e4efebfeb9350430879" + "ba073194fdbe9b1670ba1b06c5359db7" ], [ "Spec.Kyber.kyber768_encapsulate", @@ -2921,7 +3777,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -2929,27 +3786,84 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_RANK", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "d5abd0908064a5a023d8198fbaa52dc2" + "e97bf65c4e36f5e6680acbe994d539d4" ], [ "Spec.Kyber.kyber768_encapsulate", @@ -3091,7 +4005,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "168b1c7571d1ffd8c62d84e5ab1c8c46" + "8205c5ac70570c268ceaa9a2a0985039" ], [ "Spec.Kyber.kyber768_decapsulate", @@ -3101,7 +4015,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3109,27 +4024,84 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber768_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion", + "int_typing", "lemma_Lib.IntTypes.pow2_2", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "aeb44a9f060b8c373e0b501a499e29f3" + "b1f5d4e61a42bc4efca95bce17dbae6e" ], [ "Spec.Kyber.kyber768_decapsulate", @@ -3224,7 +4196,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b1b5b8cf5d3e314cbd882b24d1d22069" + "612e041ea92dd5e351d595db4b3a7c58" ], [ "Spec.Kyber.kyber1024_params", @@ -3277,7 +4249,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7317210f619c804aaffcf35bd5ace2ea" + "24ee78253f0d9380daa695b15a6ab077" ], [ "Spec.Kyber.kyber1024_generate_keypair", @@ -3287,7 +4259,10 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "Spec.Kyber_interpretation_Tm_arrow_5b864e552c0ff441929523e016bf2b54", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3295,27 +4270,109 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.split", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.compute_As_plus_e", + "equation_Spec.Kyber.flatten", + "equation_Spec.Kyber.ind_cca_generate_keypair", + "equation_Spec.Kyber.ind_cpa_generate_keypair", + "equation_Spec.Kyber.kyber1024_params", "equation_Spec.Kyber.map_", + "equation_Spec.Kyber.polynomial", + "equation_Spec.Kyber.sample_vector_cbd_then_ntt", + "equation_Spec.Kyber.t_KyberKeyPair", + "equation_Spec.Kyber.t_KyberPrivateKey", + "equation_Spec.Kyber.t_KyberPublicKey", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.vector_encode_12", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_1d1f1ecbbef37067035a7c7f276e4e21", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5ea3e8723d30319eef6f4c2706107a9a", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d26fa327c2c1ff0a9633e2624291cd2a", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "refinement_interpretation_Tm_refine_ed95cbcc65ce70ece9e84ad5f1db743e", + "refinement_interpretation_Tm_refine_f2f124f4ff354f341e763b0410e68fde", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.slice", + "typing_Rust_primitives.Arrays.split", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_G", "typing_Spec.Kyber.v_H", + "typing_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_Tm_abs_0101aabc80c2620620c59c92a7c67f6d", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "369e5b23166a7dabdca12c4baee01a7b" + "51158506b62439422763ae64d88af1e1" ], [ "Spec.Kyber.kyber1024_generate_keypair", @@ -3440,7 +4497,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "3a13b9bd7640fd50c152f7e36f774376" + "a879e99c9752fb49d548679804beeecf" ], [ "Spec.Kyber.kyber1024_encapsulate", @@ -3450,7 +4507,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3458,27 +4516,78 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber1024_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0d9e2b3eb945dd0ee435ea3b1e51459c" + "94fe415f6ed1e1ae875fc4f3f8e6215a" ], [ "Spec.Kyber.kyber1024_encapsulate", @@ -3568,7 +4677,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "40a9986d6db87b8ebc964a34df4ace61" + "335e3c690e028a81c230bf3a3659a2fc" ], [ "Spec.Kyber.kyber1024_decapsulate", @@ -3578,7 +4687,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3586,27 +4696,84 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber1024_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "4098ce2b4f2795c254f39add04f77cb4" + "d588a07f096b04670e5de4bc32d9b207" ], [ "Spec.Kyber.kyber1024_decapsulate", @@ -3701,7 +4868,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "6a8af4e5c1f1fdc76b13ffaed7a907e5" + "b0ca5eaede7d7931fe8f24ab0490b495" ], [ "Spec.Kyber.kyber512_params", @@ -3754,7 +4921,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "99083b46d6629c359c5c1090e55d6493" + "93f17b681fb8a0556a44ed51695e37ab" ], [ "Spec.Kyber.kyber512_generate_keypair", @@ -3764,7 +4931,10 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "Spec.Kyber_interpretation_Tm_arrow_5b864e552c0ff441929523e016bf2b54", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3772,27 +4942,105 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.split", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.compute_As_plus_e", + "equation_Spec.Kyber.flatten", + "equation_Spec.Kyber.ind_cca_generate_keypair", + "equation_Spec.Kyber.ind_cpa_generate_keypair", + "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.map_", + "equation_Spec.Kyber.polynomial", + "equation_Spec.Kyber.sample_vector_cbd_then_ntt", + "equation_Spec.Kyber.t_KyberKeyPair", + "equation_Spec.Kyber.t_KyberPrivateKey", + "equation_Spec.Kyber.t_KyberPublicKey", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.vector_encode_12", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5ea3e8723d30319eef6f4c2706107a9a", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d26fa327c2c1ff0a9633e2624291cd2a", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "refinement_interpretation_Tm_refine_ed95cbcc65ce70ece9e84ad5f1db743e", + "refinement_interpretation_Tm_refine_f2f124f4ff354f341e763b0410e68fde", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.split", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_G", "typing_Spec.Kyber.v_H", + "typing_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_Tm_abs_0101aabc80c2620620c59c92a7c67f6d", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "4bb5b9e629b15e033cdf52a05884fd82" + "9652f7980916ec8789150ffd1b6700b1" ], [ "Spec.Kyber.kyber512_generate_keypair", @@ -3907,7 +5155,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "fb5b194168a2f1f9cf51d0fbb88cdc10" + "9695006dbf3ba48abd7fbfdaf4c888a2" ], [ "Spec.Kyber.kyber512_encapsulate", @@ -3917,7 +5165,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3925,27 +5174,82 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_RANK", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "55bb2eea357fb4be2bcd11cf495c516c" + "dce7321c2dcb2cbe2cf2584ec2c861ff" ], [ "Spec.Kyber.kyber512_encapsulate", @@ -4084,7 +5388,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8ca5422608bf4908a49221c3b47006d2" + "50fb9c9a509d0a286aabb6665d43cd7d" ], [ "Spec.Kyber.kyber512_decapsulate", @@ -4094,7 +5398,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -4102,27 +5407,84 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber512_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8fb786f8823478b771d756459ca673ae", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b002b3426f26b54e386c40eef2ccbbca" + "00cb46c66a423ad7dedece7f422db3c5" ], [ "Spec.Kyber.kyber512_decapsulate", @@ -4215,7 +5577,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "5eaaa904107d6048898c88a326817783" + "b2c76ad45a9542dcbc929e012054996f" ] ] ] \ No newline at end of file From 2c4dd34d3d9935fd159ce699ee8ce191d3fb4a61 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 09:11:54 +0100 Subject: [PATCH 06/19] fix(kyber/fstar): remove admit on `byte_decode` --- proofs/fstar/extraction-edited/Spec.Kyber.fst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/proofs/fstar/extraction-edited/Spec.Kyber.fst b/proofs/fstar/extraction-edited/Spec.Kyber.fst index 6d7eec5fa..ee07bc60e 100644 --- a/proofs/fstar/extraction-edited/Spec.Kyber.fst +++ b/proofs/fstar/extraction-edited/Spec.Kyber.fst @@ -183,7 +183,12 @@ let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial - = admit () + = let bv = bit_vec_of_int_arr coefficients 8 in + let arr: t_Array nat (sz 256) = bit_vec_to_nat_arr d bv in + let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in + introduce forall i. Seq.index p i < v v_FIELD_MODULUS + with assert (Seq.index p i == Seq.index p (v (sz i))); + p let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in From 0924704ac6f549f0b4868367f25d0b31210faee9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 10:59:20 +0100 Subject: [PATCH 07/19] refactor(kyber/fstar): renaming following PR 479 of hax --- .../Libcrux.Kem.Kyber.Serialize.fsti | 6 +++--- proofs/fstar/extraction-edited/Spec.Kyber.fst | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti index 478ef7e3c..df3b6b7ee 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti @@ -7,11 +7,11 @@ open MkSeq let int_arr_bitwise_eq #t1 #t2 #n1 #n2 (arr1: t_Array (int_t t1) n1) - (d1: bit_num t1) + (d1: num_bits t1) (arr2: t_Array (x: int_t t2) n2) - (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) = forall i. i < v n1 * d1 - ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) : Prims.Pure (u8 & u8 & u8 & u8 & u8) diff --git a/proofs/fstar/extraction-edited/Spec.Kyber.fst b/proofs/fstar/extraction-edited/Spec.Kyber.fst index ee07bc60e..36dfe26ed 100644 --- a/proofs/fstar/extraction-edited/Spec.Kyber.fst +++ b/proofs/fstar/extraction-edited/Spec.Kyber.fst @@ -170,21 +170,21 @@ let compress_d (d: dT {d <> 12}) (x: field_element): field_element let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) : Pure (t_Array u8 bytes) (requires True) - (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == bv i)) - = bit_vec_to_int_arr 8 bv + (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) + = bit_vec_to_int_t_array 8 bv let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) : Pure (i: bit_vec (v bytes * 8)) (requires True) - (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) - = bit_vec_of_int_arr r 8 + (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) + = bit_vec_of_int_t_array r 8 let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) - = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) + = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d) let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial - = let bv = bit_vec_of_int_arr coefficients 8 in - let arr: t_Array nat (sz 256) = bit_vec_to_nat_arr d bv in + = let bv = bit_vec_of_int_t_array coefficients 8 in + let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in introduce forall i. Seq.index p i < v v_FIELD_MODULUS with assert (Seq.index p i == Seq.index p (v (sz i))); From a57b45ef853cd964024c47bebfff73b2c50fcbef Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 11:10:53 +0100 Subject: [PATCH 08/19] chore(kyber/fstar): refresh diffs --- proofs/fstar/extraction-edited.patch | 3971 ++++++----------- .../fstar/extraction-secret-independent.patch | 3790 +++++----------- proofs/fstar/extraction/Libcrux.Digest.fst | 48 + 3 files changed, 2577 insertions(+), 5232 deletions(-) create mode 100644 proofs/fstar/extraction/Libcrux.Digest.fst diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch index e1d574acd..9b1d7edfd 100644 --- a/proofs/fstar/extraction-edited.patch +++ b/proofs/fstar/extraction-edited.patch @@ -1,6 +1,58 @@ +diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst +--- extraction/Libcrux.Digest.fst 2024-01-31 11:04:44.192900512 +0100 ++++ extraction-edited/Libcrux.Digest.fst 1970-01-01 01:00:00.000000000 +0100 +@@ -1,48 +0,0 @@ +-module Libcrux.Digest +-#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +-open Core +-open FStar.Mul +- +-let shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = +- Libcrux.Hacl.Sha3.X4.shake128 v_LEN data0 data1 data2 data3 +- +-let sha3_256_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha256 payload +- +-let sha3_512_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha512 payload +- +-let shake128 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake128 v_LEN data +- +-let shake256 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake256 v_LEN data +- +-let shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = +- let input_len:usize = Core.Slice.impl__len data0 in +- let _:Prims.unit = +- if true +- then +- let _:Prims.unit = +- if +- ~.((input_len =. (Core.Slice.impl__len data1 <: usize) <: bool) && +- (input_len =. (Core.Slice.impl__len data2 <: usize) <: bool) && +- (input_len =. (Core.Slice.impl__len data3 <: usize) <: bool) && +- (input_len <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool) && +- (v_LEN <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool)) +- then +- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: input_len == data1.len() && input_len == data2.len() &&\\n input_len == data3.len() && input_len <= u32::MAX as usize &&\\n LEN <= u32::MAX as usize" +- +- <: +- Rust_primitives.Hax.t_Never) +- in +- () +- in +- let digest0:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data0 in +- let digest1:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data1 in +- let digest2:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data2 in +- let digest3:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data3 in +- digest0, digest1, digest2, digest3 +- <: +- (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) +- +-let shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = +- if Libcrux_platform.simd256_support () +- then shake128x4_256_ v_LEN data0 data1 data2 data3 +- else shake128x4_portable v_LEN data0 data1 data2 data3 diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti ---- extraction/Libcrux.Digest.fsti 2024-01-31 10:39:21.501355607 +0100 -+++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 10:39:21.594354719 +0100 +--- extraction/Libcrux.Digest.fsti 2024-01-31 11:04:44.194900484 +0100 ++++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 11:04:44.268899445 +0100 @@ -1,31 +1,41 @@ module Libcrux.Digest #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -72,7 +124,7 @@ diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti +val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst --- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.fst 2024-01-31 10:39:21.603354633 +0100 ++++ extraction-edited/Libcrux.Kem.fst 2024-01-31 11:04:44.276899332 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -81,8 +133,8 @@ diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.528355349 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.582354833 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.217900161 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.258899585 +0100 @@ -1,81 +1,356 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -480,8 +532,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux. + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.495355665 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.567354977 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.187900582 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.249899711 +0100 @@ -3,10 +3,32 @@ open Core open FStar.Mul @@ -823,8 +875,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - bool)) diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst ---- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.511355512 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.572354929 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.202900371 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.254899641 +0100 @@ -1,39 +1,79 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -928,8 +980,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Ke + res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti ---- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.507355550 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.575354900 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.199900414 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.255899627 +0100 @@ -3,8 +3,19 @@ open Core open FStar.Mul @@ -995,8 +1047,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.K + (requires fe =. 0l || fe =. 1l) + (fun result -> v result >= 0 /\ v result < 3329) diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti ---- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.518355445 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.607354594 +0100 +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.208900287 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.279899290 +0100 @@ -15,7 +15,8 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -1008,8 +1060,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux. let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.524355387 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.555355091 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.214900203 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.240899838 +0100 @@ -4,56 +4,163 @@ open FStar.Mul @@ -1195,8 +1247,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/L + ) +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.505355569 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.569354958 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.197900442 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.251899683 +0100 @@ -20,7 +20,8 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1228,8 +1280,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/ + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst ---- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.523355397 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.598354680 +0100 +--- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.213900217 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.271899402 +0100 @@ -1,12 +1,29 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1504,8 +1556,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti ---- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.531355321 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.553355110 +0100 +--- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.220900119 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.238899866 +0100 @@ -4,42 +4,81 @@ open FStar.Mul @@ -1610,8 +1662,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + (ensures (fun kp -> + (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.521355416 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.589354766 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.211900245 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.264899501 +0100 @@ -3,18 +3,27 @@ open Core open FStar.Mul @@ -1651,8 +1703,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libc + admit(); //P-F out diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.542355215 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.580354852 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.228900006 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.257899599 +0100 @@ -3,12 +3,24 @@ open Core open FStar.Mul @@ -1683,8 +1735,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Lib + (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.503355588 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.585354805 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.195900470 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.261899543 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2395,8 +2447,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem + res + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.540355235 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.605354613 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.227900021 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.277899318 +0100 @@ -1,80 +1,152 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2599,8 +2651,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Ke + + diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.538355254 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.560355043 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.225900048 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.242899810 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2653,8 +2705,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.K (sz 3168) (sz 1568) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 10:39:21.526355368 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 10:39:21.590354757 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 11:04:44.216900175 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 11:04:44.265899487 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ @@ -2700,8 +2752,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux. Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.496355655 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.548355158 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.189900554 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.234899922 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2754,8 +2806,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Ke (sz 1632) (sz 800) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 10:39:21.535355282 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 10:39:21.556355082 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 11:04:44.223900077 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 11:04:44.241899824 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ @@ -2801,8 +2853,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.K Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.491355703 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.550355139 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.183900638 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.235899908 +0100 @@ -3,37 +3,24 @@ open Core open FStar.Mul @@ -2856,8 +2908,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Ke (sz 2400) (sz 1184) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.529355340 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.551355129 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.219900133 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.237899880 +0100 @@ -63,32 +63,30 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ @@ -2912,8 +2964,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.K + (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) + diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst ---- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.516355464 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.563355015 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.206900315 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.245899768 +0100 @@ -3,192 +3,188 @@ open Core open FStar.Mul @@ -3704,8 +3756,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem. + admit(); //P-F v_A_transpose diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.498355636 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.583354824 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.190900540 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.259899571 +0100 @@ -3,39 +3,71 @@ open Core open FStar.Mul @@ -3808,8 +3860,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem + if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A + else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst ---- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.509355531 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.570354948 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.200900400 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.252899669 +0100 @@ -1,56 +1,130 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -4740,8 +4792,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyb + down_cast_poly_b #(8*3328) #3328 re +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.514355483 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.562355024 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.205900329 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.244899782 +0100 @@ -2,223 +2,80 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -5034,8 +5086,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Ky + (ensures fun _ -> True) + diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst ---- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.537355263 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.596354699 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.224900063 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.270899416 +0100 @@ -3,27 +3,34 @@ open Core open FStar.Mul @@ -5448,8 +5500,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Ke + out +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.490355712 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.592354738 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.182900652 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.267899459 +0100 @@ -3,77 +3,37 @@ open Core open FStar.Mul @@ -5550,162 +5602,199 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.K +// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.533355301 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.546355177 +0100 -@@ -1,1301 +1,4 @@ +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.221900105 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.233899936 +0100 +@@ -1,8 +1,13 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul ++#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" + open Core + open FStar.Mul --let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = -- let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in -- let coef2:u8 = -- ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) -- in -- let coef3:u8 = -- ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) -- in -- let coef4:u8 = -- ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) -- in -- let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in -- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -- --let compress_coefficients_11_ ++open Libcrux.Kem.Kyber.Arithmetic ++ ++open MkSeq ++ ++#push-options "--z3rlimit 50" + let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = + let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in + let coef2:u8 = +@@ -19,11 +24,11 @@ + in + let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in + coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++#pop-options + ++#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" + let compress_coefficients_11_ - (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: - i32) - = -- let coef1:u8 = cast (coefficient1 <: i32) <: u8 in -- let coef2:u8 = -- ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) -- in -- let coef3:u8 = -- ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) -- in -- let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in -- let coef5:u8 = -- ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) -- in -- let coef6:u8 = -- ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) -- in -- let coef7:u8 = -- ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) -- in -- let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in -- let coef9:u8 = -- ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) -- in -- let coef10:u8 = -- ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) -- in -- let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in -- coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -- <: -- (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -- ++ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = + let coef1:u8 = cast (coefficient1 <: i32) <: u8 in + let coef2:u8 = + ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in ++#push-options "--z3rlimit 20" ++let compress_coefficients_3_ coefficient1 coefficient2 = + let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in ++ get_bit_pow2_minus_one_u16 255 (sz 0); + let coef2:u8 = + cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in - coef1, coef2, coef3 <: (u8 & u8 & u8) -- --let compress_coefficients_5_ ++ coef1, coef2, coef3 <: (u8 & u8 & u8) ++#pop-options + ++#push-options "--z3rlimit 60 --split_queries always" + let compress_coefficients_5_ - (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: - u8) - = -- let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) -- in -- let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in -- let coef4:u8 = -- (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) -- in -- let coef5:u8 = (coefficient8 <>! 2l <: u8) in -- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -- ++ coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 ++ = + let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 2l <: u8) in + coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++#pop-options + -let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = -- let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in -- let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in -- let coefficient4:i32 = (byte5 <>! 6l <: i32) in ++#push-options "--z3rlimit 500" ++let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = + let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in + let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in + let coefficient4:i32 = (byte5 <>! 6l <: i32) in - coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32) -- --let decompress_coefficients_11_ ++ lemma_get_bit_bounded' coefficient1 10; ++ lemma_get_bit_bounded' coefficient2 10; ++ lemma_get_bit_bounded' coefficient3 10; ++ lemma_get_bit_bounded' coefficient4 10; ++ coefficient1, coefficient2, coefficient3, coefficient4 ++#pop-options + ++#push-options "--z3rlimit 300" + let decompress_coefficients_11_ - (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) - = -- let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in -- let coefficient3:i32 = -- (((byte5 &. 1l <: i32) <>! 6l <: i32) -- in -- let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in -- let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in -- let coefficient6:i32 = -- (((byte9 &. 3l <: i32) <>! 7l <: i32) -- in -- let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in -- let coefficient8:i32 = (byte11 <>! 5l <: i32) in -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, -- coefficient8 ++ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = + let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in + let coefficient3:i32 = +@@ -109,6 +125,14 @@ + in + let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in + let coefficient8:i32 = (byte11 <>! 5l <: i32) in ++ lemma_get_bit_bounded' coefficient1 11; ++ lemma_get_bit_bounded' coefficient2 11; ++ lemma_get_bit_bounded' coefficient3 11; ++ lemma_get_bit_bounded' coefficient4 11; ++ lemma_get_bit_bounded' coefficient5 11; ++ lemma_get_bit_bounded' coefficient6 11; ++ lemma_get_bit_bounded' coefficient7 11; ++ lemma_get_bit_bounded' coefficient8 11; + coefficient1, + coefficient2, + coefficient3, +@@ -117,15 +141,19 @@ + coefficient6, + coefficient7, + coefficient8 - <: - (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -- ++#pop-options + -let decompress_coefficients_4_ (byte: u8) = -- let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in -- let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in ++#push-options "--z3rlimit 50" ++let decompress_coefficients_4_ byte = + let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in + let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in - coefficient1, coefficient2 <: (i32 & i32) -- ++ lemma_get_bit_bounded' coefficient1 4; ++ lemma_get_bit_bounded' coefficient2 4; ++ coefficient1, coefficient2 ++#pop-options + -let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = -- let coefficient1:i32 = byte1 &. 31l in -- let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in -- let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -- let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in -- let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in -- let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in -- let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in -- let coefficient8:i32 = byte5 >>! 3l in -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, -- coefficient8 ++#push-options "--z3rlimit 400" ++let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = + let coefficient1:i32 = byte1 &. 31l in + let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in + let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in +@@ -134,6 +162,14 @@ + let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in + let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in + let coefficient8:i32 = byte5 >>! 3l in ++ lemma_get_bit_bounded' coefficient1 5; ++ lemma_get_bit_bounded' coefficient2 5; ++ lemma_get_bit_bounded' coefficient3 5; ++ lemma_get_bit_bounded' coefficient4 5; ++ lemma_get_bit_bounded' coefficient5 5; ++ lemma_get_bit_bounded' coefficient6 5; ++ lemma_get_bit_bounded' coefficient7 5; ++ lemma_get_bit_bounded' coefficient8 5; + coefficient1, + coefficient2, + coefficient3, +@@ -142,31 +178,50 @@ + coefficient6, + coefficient7, + coefficient8 - <: - (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -- --let compress_then_serialize_10_ ++#pop-options + ++let cast_bound_lemma ++ #t #u ++ (n: int_t t) ++ (d: bit_num t) ++ : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) ++ (ensures bounded (cast #(int_t t) #(int_t u) n) d) ++ [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] ++ = () ++ ++#push-options "--z3rlimit 60" ++let int_t_d_cast_lemma #t #u d (n: int_t_d t d) ++ : Lemma (requires bits t < bits u /\ v n >= 0) ++ (ensures bounded (cast #(int_t t) #(int_t u) n) d) ++ [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)] ++ = Math.Lemmas.pow2_double_mult (bits u - 1); ++ Math.Lemmas.small_mod (v n) (modulus u) ++let mul_in_range (n m: nat) ++ : Lemma ++ (requires n <= 256 /\ m <= 256) ++ (ensures range (n * m) usize_inttype) ++ = Math.Lemmas.pow2_plus 8 8; ++ Math.Lemmas.pow2_le_compat 32 16 ++#pop-options ++ ++#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" + let compress_then_serialize_10_ - (v_OUT_LEN: usize) - (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) - = -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -- let serialized:t_Array u8 v_OUT_LEN = ++ v_OUT_LEN ++ re ++ = ++ let accT = t_Array u8 v_OUT_LEN in ++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> ++ True ++ in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.f_coefficients @@ -5719,75 +5808,56 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) - serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 4) ++ (serialized) + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in -- let coefficient1:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient2:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient3:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient4:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -- ) -- <: -- u16) -- in -- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -- compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 5 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- serialized) -- in -- serialized -- --let compress_then_serialize_11_ ++ let i, coefficients:(usize & _) = temp_1_ in + let coefficient1:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +@@ -226,79 +281,95 @@ + serialized) + in + serialized ++#pop-options ++ ++#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" ++let update5 ++ #n ++ (s: t_Array 't n) ++ (offset: usize {v offset + 5 <= v n}) ++ (i0 i1 i2 i3 i4: 't) ++ : s': t_Array 't n { ++ Seq.index s' (v offset + 0) == i0 /\ ++ Seq.index s' (v offset + 1) == i1 /\ ++ Seq.index s' (v offset + 2) == i2 /\ ++ Seq.index s' (v offset + 3) == i3 /\ ++ Seq.index s' (v offset + 4) == i4 /\ ++ (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i) ++ } ++ = let open Rust_primitives.Hax.Monomorphized_update_at in ++ let s = update_at_usize s offset i0 in ++ let s = update_at_usize s (offset +! sz 1) i1 in ++ let s = update_at_usize s (offset +! sz 2) i2 in ++ let s = update_at_usize s (offset +! sz 3) i3 in ++ let s = update_at_usize s (offset +! sz 4) i4 in ++ s ++#pop-options + ++#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" + let compress_then_serialize_11_ - (v_OUT_LEN: usize) - (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) - = -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -- let serialized:t_Array u8 v_OUT_LEN = ++ v_OUT_LEN re ++ = ++ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.f_coefficients @@ -5800,150 +5870,99 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 8) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - let coefficient1:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -- ) -- <: -- u16) -- in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in ++ let coefficient1 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 + ) + <: + u16) + in - let coefficient2:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient2 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 + ) + <: + u16) + in - let coefficient3:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient3 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 + ) + <: + u16) + in - let coefficient4:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient4 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 + ) + <: + u16) + in - let coefficient5:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient5 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 + ) + <: + u16) + in - let coefficient6:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient6 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 + ) + <: + u16) + in - let coefficient7:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient7 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 + ) + <: + u16) + in - let coefficient8:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 -- ) -- <: -- u16) -- in -- let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8) = -- compress_coefficients_11_ coefficient1 -- coefficient2 -- coefficient3 -- coefficient4 -- coefficient5 -- coefficient6 -- coefficient7 -- coefficient8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 11 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 5 <: usize) -- coef6 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 6 <: usize) -- coef7 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 7 <: usize) -- coef8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 8 <: usize) -- coef9 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 9 <: usize) -- coef10 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 10 <: usize) -- coef11 -- in -- serialized) -- in -- serialized -- --let compress_then_serialize_4_ -- (v_OUT_LEN: usize) ++ let coefficient8 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 + ) +@@ -324,6 +395,8 @@ + coefficient7 + coefficient8 + in ++ assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11); ++ assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype); + let serialized:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 11 *! i <: usize) +@@ -382,29 +455,20 @@ + serialized) + in + serialized ++#pop-options + +-let compress_then_serialize_4_ +- (v_OUT_LEN: usize) - (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) - = -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -- let serialized:t_Array u8 v_OUT_LEN = ++let compress_then_serialize_4_ v_OUT_LEN re = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++ let accT = t_Array u8 v_OUT_LEN in ++ let inv (acc: accT) (i: usize) = True in + let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.f_coefficients @@ -5956,49 +5975,31 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 2) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in -- let coefficient1:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient2:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- i -- ((coefficient2 < -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 8) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in -- let coefficient1:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient2:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient3:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient4:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient5:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient6:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient7:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient8:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -- compress_coefficients_5_ coefficient2 -- coefficient1 -- coefficient4 -- coefficient3 -- coefficient5 -- coefficient7 -- coefficient6 -- coefficient8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 5 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- serialized) -- in -- serialized -- ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in + let coefficient1:u8 = + cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +@@ -544,6 +601,14 @@ + <: + u8 + in ++ let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy ++ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] ++ <: ++ i32) ++ <: ++ u16) ++ <: ++ i32 in + let coefficient8:u8 = + cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] +@@ -566,6 +631,8 @@ + coefficient6 + coefficient8 + in ++ assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5); ++ assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype); + let serialized:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 5 *! i <: usize) +@@ -595,35 +662,24 @@ + in + serialized + -let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = -- let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in -- let serialized:t_Array u8 (sz 32) = ++let compress_then_serialize_message re = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in ++ let accT = t_Array u8 (sz 32) in ++ let inv (acc: accT) (i: usize) = True in + let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re - .Libcrux.Kem.Kyber.Arithmetic.f_coefficients @@ -6165,9 +6069,12 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 32) = serialized in ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) ++ (sz 8) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in - let i, coefficients:(usize & t_Slice i32) = temp_1_ in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) @@ -6175,57 +6082,79 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 32) = serialized in ++ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in ++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) ++ coefficients + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in - let j, coefficient:(usize & i32) = temp_1_ in -- let coefficient:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient -- in -- let coefficient_compressed:u8 = -- Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient -- in -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- i -- ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re -- | 11ul -> compress_then_serialize_11_ v_OUT_LEN re -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) ++let compress_then_serialize_ring_element_u #p ++ v_COMPRESSION_FACTOR ++ v_OUT_LEN ++ (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = + let _:Prims.unit = () <: Prims.unit in ++ assert ( ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11) \/ ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10) ++ ); ++ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); + match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with + | 10ul -> compress_then_serialize_10_ v_OUT_LEN re + | 11ul -> compress_then_serialize_11_ v_OUT_LEN re + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" - + <: + Rust_primitives.Hax.t_Never) + -let compress_then_serialize_ring_element_v - (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) - = -- let _:Prims.unit = () <: Prims.unit in -- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 4ul -> compress_then_serialize_4_ v_OUT_LEN re -- | 5ul -> compress_then_serialize_5_ v_OUT_LEN re -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) -- ++let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re = + let _:Prims.unit = () <: Prims.unit in ++ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); ++ let res = ++ assert ( ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/ ++ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5) ++ ); + match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with + | 4ul -> compress_then_serialize_4_ v_OUT_LEN re + | 5ul -> compress_then_serialize_5_ v_OUT_LEN re +@@ -665,32 +729,49 @@ + + <: + Rust_primitives.Hax.t_Never) ++ in ++ admit (); // P-F ++ res + -let deserialize_then_decompress_10_ (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in ++#push-options "--z3rlimit 160" ++let deserialize_then_decompress_10_ serialized = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) @@ -6233,8 +6162,14 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- re -- (fun re temp_1_ -> ++ let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in ++ let inv (acc: accT) (i: usize) = True in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv ++ serialized ++ (sz 5) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in @@ -6243,77 +6178,117 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in - let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in - let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) = -- decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in ++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let coefficient1, coefficient2, coefficient3, coefficient4 = + decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 4 *! i <: usize) ++ let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 ++ <: ++ i32) in ++ let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 ++ <: ++ i32) in ++ let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 ++ <: ++ i32) in ++ let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 ++ <: ++ i32) in ++ assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256); ++ assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -698,14 +779,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 4 *! i <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 - <: - i32) -- } -- <: ++ coefficient1 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 1 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -713,14 +792,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 1 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 - <: - i32) -- } -- <: ++ coefficient2 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 2 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -728,14 +805,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 2 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 - <: - i32) -- } -- <: ++ coefficient3 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 3 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -743,44 +818,43 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 3 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 - <: - i32) -- } -- <: ++ coefficient4 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- in -- re -- ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in + re) + in + re ++#pop-options + -let deserialize_then_decompress_11_ (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in ++#push-options "--z3rlimit 100 --ifuel 0" ++let deserialize_then_decompress_11_ serialized ++ : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) @@ -6321,8 +6296,12 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) ++ serialized ++ (sz 11) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in @@ -6336,147 +6315,200 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in - let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in - let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in -- let -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in ++ let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in ++ assert (v i < 32); ++ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in ++ let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in ++ let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in ++ let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in ++ let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in ++ let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in + let + coefficient1, + coefficient2, +@@ -789,11 +863,21 @@ + coefficient5, + coefficient6, + coefficient7, - coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = -- decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 -- byte11 -- in ++ coefficient8 = + decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 + byte11 + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 8 *! i <: usize) ++ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in ++ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in ++ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in ++ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in ++ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in ++ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in ++ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in ++ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in ++ assert_spinoff (8 * v i + 8 <= 256); ++ assert_spinoff (range (v (sz 8) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -801,14 +885,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 8 *! i <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 - <: - i32) -- } -- <: ++ coefficient1 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -816,14 +898,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 1 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 - <: - i32) -- } -- <: ++ coefficient2 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -831,14 +911,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 2 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 - <: - i32) -- } -- <: ++ coefficient3 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -846,14 +924,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 3 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 - <: - i32) -- } -- <: ++ coefficient4 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -861,14 +937,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 4 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 - <: - i32) -- } -- <: ++ coefficient5 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -876,14 +950,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 5 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 - <: - i32) -- } -- <: ++ coefficient6 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -891,14 +963,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 6 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 - <: - i32) -- } -- <: ++ coefficient7 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -906,35 +976,33 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 7 <: usize) - (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 - <: - i32) -- } -- <: ++ coefficient8 + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- in -- re -- ++ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement + in + re) + in + re ++#pop-options + -let deserialize_then_decompress_4_ (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in ++#push-options "--z3rlimit 100" ++let deserialize_then_decompress_4_ serialized = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) @@ -6484,1661 +6516,75 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = ++ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) ++ serialized + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -- let i, byte:(usize & u8) = temp_1_ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in + let i, byte:(usize & u8) = temp_1_ in - let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 2 *! i <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 -- <: -- i32) -- } -- <: ++ let coefficient1, coefficient2 = decompress_coefficients_4_ byte in ++ assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256); ++ assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype); ++ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -947,9 +1015,9 @@ + i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 2 *! i <: usize) +! sz 1 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- in -- re -- --let deserialize_then_decompress_5_ (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- re -- (fun re temp_1_ -> -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -- let i, bytes:(usize & t_Slice u8) = temp_1_ in -- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -- let -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, -- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = -- decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 8 *! i <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 1 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 2 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 3 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 4 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 5 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 6 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 7 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- in -- re -- --let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -- (Core.Iter.Traits.Collect.f_into_iter serialized -- <: -- Core.Array.Iter.t_IntoIter u8 (sz 32)) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) -- re -- (fun re temp_1_ -> -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -- let i, byte:(usize & u8) = temp_1_ in -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ -- Core.Ops.Range.f_start = sz 0; -- Core.Ops.Range.f_end = sz 8 -- } -- <: -- Core.Ops.Range.t_Range usize) -- <: -- Core.Ops.Range.t_Range usize) -- re -- (fun re j -> -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -- let j:usize = j in -- let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! j <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed -- -- <: -- i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- in -- re -- --let deserialize_then_decompress_ring_element_u -- (v_COMPRESSION_FACTOR: usize) -- (serialized: t_Slice u8) -- = -- let _:Prims.unit = () <: Prims.unit in -- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 10ul -> deserialize_then_decompress_10_ serialized -- | 11ul -> deserialize_then_decompress_11_ serialized -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) -- --let deserialize_then_decompress_ring_element_v -- (v_COMPRESSION_FACTOR: usize) -- (serialized: t_Slice u8) -- = -- let _:Prims.unit = () <: Prims.unit in -- match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 4ul -> deserialize_then_decompress_4_ serialized -- | 5ul -> deserialize_then_decompress_5_ serialized -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) -- --let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -- (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -- re -- (fun re temp_1_ -> -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -- let i, bytes:(usize & t_Slice u8) = temp_1_ in -- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 2 *! i <: usize) -- (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) -- } -- <: -- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- in -- re) -- in -- re -- --let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = -- let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in -- let serialized:t_Array u8 (sz 384) = -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- <: -- t_Slice i32) -- (sz 2) -- <: -- Core.Slice.Iter.t_ChunksExact i32) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -- <: -- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 384) = serialized in -- let i, coefficients:(usize & t_Slice i32) = temp_1_ in -- let coefficient1:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) -- in -- let coefficient2:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) -- in -- let coef1, coef2, coef3:(u8 & u8 & u8) = -- compress_coefficients_3_ coefficient1 coefficient2 -- in -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 3 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 3 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 3 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- serialized) -- in -- serialized -+include Libcrux.Kem.Kyber.Serialize.PartA -+include Libcrux.Kem.Kyber.Serialize.PartB -diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 10:39:21.493355684 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 -@@ -1,119 +0,0 @@ --module Libcrux.Kem.Kyber.Serialize --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul -- --val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_coefficients_11_ -- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -- i32) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val compress_coefficients_3_ (coefficient1 coefficient2: u16) -- : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_coefficients_5_ -- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: -- u8) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -- --val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) -- : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -- --val decompress_coefficients_11_ -- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) -- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val decompress_coefficients_4_ (byte: u8) -- : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -- --val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) -- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val compress_then_serialize_10_ -- (v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_11_ -- (v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_4_ -- (v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_5_ -- (v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_ring_element_u -- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_ring_element_v -- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) -- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_10_ (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_11_ (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_4_ (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_5_ (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_ring_element_u -- (v_COMPRESSION_FACTOR: usize) -- (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_ring_element_v -- (v_COMPRESSION_FACTOR: usize) -- (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) -- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -- : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) -diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-31 10:39:21.579354862 +0100 -@@ -0,0 +1,182 @@ -+module Libcrux.Kem.Kyber.Serialize.PartA -+#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" -+open Core -+open FStar.Mul -+ -+open Libcrux.Kem.Kyber.Arithmetic -+ -+open MkSeq -+ -+#push-options "--z3rlimit 50" -+let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = -+ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in -+ let coef2:u8 = -+ ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) -+ in -+ let coef3:u8 = -+ ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) -+ in -+ let coef4:u8 = -+ ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) -+ in -+ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in -+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -+#pop-options -+ -+#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" -+let compress_coefficients_11_ -+ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = -+ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in -+ let coef2:u8 = -+ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) -+ in -+ let coef3:u8 = -+ ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) -+ in -+ let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in -+ let coef5:u8 = -+ ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) -+ in -+ let coef6:u8 = -+ ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) -+ in -+ let coef7:u8 = -+ ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) -+ in -+ let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in -+ let coef9:u8 = -+ ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) -+ in -+ let coef10:u8 = -+ ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) -+ in -+ let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in -+ coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -+ <: -+ (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -+#pop-options -+ -+#push-options "--z3rlimit 20" -+let compress_coefficients_3_ coefficient1 coefficient2 = -+ let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in -+ get_bit_pow2_minus_one_u16 255 (sz 0); -+ let coef2:u8 = -+ cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in -+ coef1, coef2, coef3 <: (u8 & u8 & u8) -+#pop-options -+ -+#push-options "--z3rlimit 60 --split_queries always" -+let compress_coefficients_5_ -+ coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 -+ = -+ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) -+ in -+ let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in -+ let coef4:u8 = -+ (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) -+ in -+ let coef5:u8 = (coefficient8 <>! 2l <: u8) in -+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -+#pop-options -+ -+#push-options "--z3rlimit 500" -+let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = -+ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in -+ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in -+ let coefficient4:i32 = (byte5 <>! 6l <: i32) in -+ lemma_get_bit_bounded' coefficient1 10; -+ lemma_get_bit_bounded' coefficient2 10; -+ lemma_get_bit_bounded' coefficient3 10; -+ lemma_get_bit_bounded' coefficient4 10; -+ coefficient1, coefficient2, coefficient3, coefficient4 -+#pop-options -+ -+#push-options "--z3rlimit 300" -+let decompress_coefficients_11_ -+ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = -+ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in -+ let coefficient3:i32 = -+ (((byte5 &. 1l <: i32) <>! 6l <: i32) -+ in -+ let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in -+ let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in -+ let coefficient6:i32 = -+ (((byte9 &. 3l <: i32) <>! 7l <: i32) -+ in -+ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in -+ let coefficient8:i32 = (byte11 <>! 5l <: i32) in -+ lemma_get_bit_bounded' coefficient1 11; -+ lemma_get_bit_bounded' coefficient2 11; -+ lemma_get_bit_bounded' coefficient3 11; -+ lemma_get_bit_bounded' coefficient4 11; -+ lemma_get_bit_bounded' coefficient5 11; -+ lemma_get_bit_bounded' coefficient6 11; -+ lemma_get_bit_bounded' coefficient7 11; -+ lemma_get_bit_bounded' coefficient8 11; -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8 -+#pop-options -+ -+#push-options "--z3rlimit 50" -+let decompress_coefficients_4_ byte = -+ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in -+ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in -+ lemma_get_bit_bounded' coefficient1 4; -+ lemma_get_bit_bounded' coefficient2 4; -+ coefficient1, coefficient2 -+#pop-options -+ -+#push-options "--z3rlimit 400" -+let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = -+ let coefficient1:i32 = byte1 &. 31l in -+ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in -+ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -+ let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in -+ let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in -+ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in -+ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in -+ let coefficient8:i32 = byte5 >>! 3l in -+ lemma_get_bit_bounded' coefficient1 5; -+ lemma_get_bit_bounded' coefficient2 5; -+ lemma_get_bit_bounded' coefficient3 5; -+ lemma_get_bit_bounded' coefficient4 5; -+ lemma_get_bit_bounded' coefficient5 5; -+ lemma_get_bit_bounded' coefficient6 5; -+ lemma_get_bit_bounded' coefficient7 5; -+ lemma_get_bit_bounded' coefficient8 5; -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8 -+#pop-options -+ -diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-31 10:39:21.577354881 +0100 -@@ -0,0 +1,91 @@ -+module Libcrux.Kem.Kyber.Serialize.PartA -+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -+open Core -+open FStar.Mul -+open MkSeq -+ -+let int_arr_bitwise_eq -+ #t1 #t2 #n1 #n2 -+ (arr1: t_Array (int_t t1) n1) -+ (d1: bit_num t1) -+ (arr2: t_Array (x: int_t t2) n2) -+ (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) -+ = forall i. i < v n1 * d1 -+ ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i -+ -+val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8) -+ (requires True) -+ (ensures fun tuple -> -+ int_arr_bitwise_eq -+ (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 -+ (create5 tuple) 8 -+ ) -+ -+val compress_coefficients_11_ -+ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -+ int_t_d i32_inttype 11) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -+ (requires True) -+ (ensures fun tuple -> -+ int_arr_bitwise_eq -+ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -+ (create11 tuple) 8 -+ ) -+ -+val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) -+ : Prims.Pure (u8 & u8 & u8) -+ (requires True) -+ (ensures fun tuple -> -+ int_arr_bitwise_eq -+ (create2 (coefficient1, coefficient2)) 12 -+ (create3 tuple) 8 -+ ) -+ -+val compress_coefficients_5_ -+ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8) -+ (requires True) -+ (ensures fun tuple -> -+ int_arr_bitwise_eq -+ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 -+ (create5 tuple) 8 -+ ) -+ -+private unfold type i32_d = int_t_d i32_inttype -+val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) -+ : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) -+ (requires True) -+ (ensures fun (r1, r2, r3, r4) -> -+ int_arr_bitwise_eq -+ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 -+ (create4 #i32 (r1, r2, r3, r4)) 10 -+ ) -+ -+val decompress_coefficients_11_ -+ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) -+ : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) -+ (requires True) -+ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> -+ int_arr_bitwise_eq -+ (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 -+ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 -+ ) -+ -+val decompress_coefficients_4_ (byte: u8) -+ : Prims.Pure (i32_d 4 & i32_d 4) -+ (requires True) -+ (ensures fun (r1, r2) -> -+ int_arr_bitwise_eq -+ (create1 byte) 8 -+ (create2 (r1, r2)) 4 -+ ) -+ -+val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) -+ : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) -+ (requires True) -+ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> -+ int_arr_bitwise_eq -+ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 -+ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 -+ ) -diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-31 10:39:21.574354910 +0100 -@@ -0,0 +1,1192 @@ -+module Libcrux.Kem.Kyber.Serialize.PartB -+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -+open Core -+open FStar.Mul -+open MkSeq -+open Libcrux.Kem.Kyber.Serialize.PartA -+ -+let cast_bound_lemma -+ #t #u -+ (n: int_t t) -+ (d: bit_num t) -+ : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) -+ (ensures bounded (cast #(int_t t) #(int_t u) n) d) -+ [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] -+ = () -+ -+#push-options "--z3rlimit 60" -+let int_t_d_cast_lemma #t #u d (n: int_t_d t d) -+ : Lemma (requires bits t < bits u /\ v n >= 0) -+ (ensures bounded (cast #(int_t t) #(int_t u) n) d) -+ [SMTPat (bounded (cast #(int_t t) #(int_t u) n) d)] -+ = Math.Lemmas.pow2_double_mult (bits u - 1); -+ Math.Lemmas.small_mod (v n) (modulus u) -+let mul_in_range (n m: nat) -+ : Lemma -+ (requires n <= 256 /\ m <= 256) -+ (ensures range (n * m) usize_inttype) -+ = Math.Lemmas.pow2_plus 8 8; -+ Math.Lemmas.pow2_le_compat 32 16 -+#pop-options -+ -+#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" -+let compress_then_serialize_10_ -+ v_OUT_LEN -+ re -+ = -+ let accT = t_Array u8 v_OUT_LEN in -+ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> -+ True -+ in -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv -+ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) -+ (sz 4) -+ (serialized) -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & _) = temp_1_ in -+ let coefficient1:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient2:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient3:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient4:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -+ compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 5 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ serialized) -+ in -+ serialized -+#pop-options -+ -+#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" -+let update5 -+ #n -+ (s: t_Array 't n) -+ (offset: usize {v offset + 5 <= v n}) -+ (i0 i1 i2 i3 i4: 't) -+ : s': t_Array 't n { -+ Seq.index s' (v offset + 0) == i0 /\ -+ Seq.index s' (v offset + 1) == i1 /\ -+ Seq.index s' (v offset + 2) == i2 /\ -+ Seq.index s' (v offset + 3) == i3 /\ -+ Seq.index s' (v offset + 4) == i4 /\ -+ (forall i. (i < v offset \/ i >= v offset + 5) ==> Seq.index s' i == Seq.index s i) -+ } -+ = let open Rust_primitives.Hax.Monomorphized_update_at in -+ let s = update_at_usize s offset i0 in -+ let s = update_at_usize s (offset +! sz 1) i1 in -+ let s = update_at_usize s (offset +! sz 2) i2 in -+ let s = update_at_usize s (offset +! sz 3) i3 in -+ let s = update_at_usize s (offset +! sz 4) i4 in -+ s -+#pop-options -+ -+#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" -+let compress_then_serialize_11_ -+ v_OUT_LEN re -+ = -+ let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv -+ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) -+ (sz 8) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in -+ let coefficient1 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient2 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient3 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient4 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient5 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient6 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient7 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient8 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8) = -+ compress_coefficients_11_ coefficient1 -+ coefficient2 -+ coefficient3 -+ coefficient4 -+ coefficient5 -+ coefficient6 -+ coefficient7 -+ coefficient8 -+ in -+ assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11); -+ assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype); -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 11 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 5 <: usize) -+ coef6 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 6 <: usize) -+ coef7 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 7 <: usize) -+ coef8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 8 <: usize) -+ coef9 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 9 <: usize) -+ coef10 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 10 <: usize) -+ coef11 -+ in -+ serialized) -+ in -+ serialized -+#pop-options -+ -+let compress_then_serialize_4_ v_OUT_LEN re = -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let accT = t_Array u8 v_OUT_LEN in -+ let inv (acc: accT) (i: usize) = True in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv -+ (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) -+ (sz 2) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in -+ let coefficient1:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient2:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ i -+ ((coefficient2 < -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in -+ let coefficient1:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient2:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient3:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient4:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient5:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient6:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient7:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32 in -+ let coefficient8:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -+ compress_coefficients_5_ coefficient2 -+ coefficient1 -+ coefficient4 -+ coefficient3 -+ coefficient5 -+ coefficient7 -+ coefficient6 -+ coefficient8 -+ in -+ assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5); -+ assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype); -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 5 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ serialized) -+ in -+ serialized -+ -+let compress_then_serialize_message re = -+ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in -+ let accT = t_Array u8 (sz 32) in -+ let inv (acc: accT) (i: usize) = True in -+ let serialized:t_Array u8 (sz 32) = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv -+ (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) -+ (sz 8) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 32) = serialized in -+ let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in -+ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) -+ coefficients -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 32) = serialized in -+ let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in -+ let coefficient:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient -+ in -+ let coefficient_compressed:u8 = -+ Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient -+ in -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ i -+ ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re -+ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ <: -+ Rust_primitives.Hax.t_Never) -+ -+let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re = -+ let _:Prims.unit = () <: Prims.unit in -+ Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); -+ let res = -+ assert ( -+ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4) \/ -+ (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5) -+ ); -+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -+ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re -+ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ in -+ admit (); // P-F -+ res -+ -+#push-options "--z3rlimit 160" -+let deserialize_then_decompress_10_ serialized = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in -+ let inv (acc: accT) (i: usize) = True in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv -+ serialized -+ (sz 5) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -+ let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in -+ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -+ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let coefficient1, coefficient2, coefficient3, coefficient4 = -+ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 -+ in -+ let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 -+ <: -+ i32) in -+ let coefficient2 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 -+ <: -+ i32) in -+ let coefficient3 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 -+ <: -+ i32) in -+ let coefficient4 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 -+ <: -+ i32) in -+ assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256); -+ assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype); -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 4 *! i <: usize) -+ coefficient1 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 1 <: usize) -+ coefficient2 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 2 <: usize) -+ coefficient3 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 3 <: usize) -+ coefficient4 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ in -+ re -+#pop-options -+ -+#push-options "--z3rlimit 100 --ifuel 0" -+let deserialize_then_decompress_11_ serialized -+ : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) -+ serialized -+ (sz 11) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -+ let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in -+ assert (v i < 32); -+ let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2: int_t_d i32_inttype 8 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3: int_t_d i32_inttype 8 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -+ let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let byte6: int_t_d i32_inttype 8 = cast (bytes.[ sz 5 ] <: u8) <: i32 in -+ let byte7: int_t_d i32_inttype 8 = cast (bytes.[ sz 6 ] <: u8) <: i32 in -+ let byte8: int_t_d i32_inttype 8 = cast (bytes.[ sz 7 ] <: u8) <: i32 in -+ let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in -+ let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in -+ let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in -+ let -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8 = -+ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 -+ byte11 -+ in -+ let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in -+ let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in -+ let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in -+ let coefficient4 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 in -+ let coefficient5 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 in -+ let coefficient6 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 in -+ let coefficient7 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 in -+ let coefficient8 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 in -+ assert_spinoff (8 * v i + 8 <= 256); -+ assert_spinoff (range (v (sz 8) * v i) usize_inttype); -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 8 *! i <: usize) -+ coefficient1 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 1 <: usize) -+ coefficient2 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 2 <: usize) -+ coefficient3 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 3 <: usize) -+ coefficient4 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 4 <: usize) -+ coefficient5 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 5 <: usize) -+ coefficient6 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 6 <: usize) -+ coefficient7 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 7 <: usize) -+ coefficient8 -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ in -+ re -+#pop-options -+ -+#push-options "--z3rlimit 100" -+let deserialize_then_decompress_4_ serialized = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) -+ serialized -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -+ let i, byte:(usize & u8) = temp_1_ in -+ let coefficient1, coefficient2 = decompress_coefficients_4_ byte in -+ assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256); -+ assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype); -+ let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 2 *! i <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 -+ <: -+ i32) -+ } -+ <: + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 2 *! i <: usize) +! sz 1 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 -+ <: -+ i32) -+ } -+ <: + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -962,33 +1030,32 @@ + i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ in -+ re + in + re) + in + re +#pop-options -+ + +-let deserialize_then_decompress_5_ (serialized: t_Slice u8) = +#push-options "--z3rlimit 150" +let deserialize_then_decompress_5_ serialized = -+ let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) + serialized (sz 5) -+ re -+ (fun re temp_1_ -> + re + (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in +- let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in + let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in + assert (v i < 32); @@ -8147,17 +6593,18 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Lib + let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in + let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in + let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, + let + coefficient1, + coefficient2, +@@ -997,10 +1064,25 @@ + coefficient5, + coefficient6, + coefficient7, +- coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = + coefficient8 = -+ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 -+ in + decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in + let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in + let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in @@ -8174,206 +6621,272 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Lib + mul_in_range 8 (v i); + assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype); + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 8 *! i <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1008,14 +1090,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 8 *! i <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 +- <: +- i32) + coefficient1 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 1 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1023,14 +1103,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 1 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 +- <: +- i32) + coefficient2 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 2 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1038,14 +1116,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 2 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 +- <: +- i32) + coefficient3 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 3 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1053,14 +1129,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 3 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 +- <: +- i32) + coefficient4 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 4 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1068,14 +1142,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 4 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 +- <: +- i32) + coefficient5 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 5 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1083,14 +1155,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 5 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 +- <: +- i32) + coefficient6 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 6 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1098,14 +1168,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 6 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 +- <: +- i32) + coefficient7 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 7 <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1113,33 +1181,27 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 7 <: usize) +- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 +- <: +- i32) + coefficient8 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ in -+ re + in + re) + in + re +#pop-options -+ + +#push-options "--z3rlimit 60" -+let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = + let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Iter.Traits.Collect.f_into_iter serialized +- <: +- Core.Array.Iter.t_IntoIter u8 (sz 32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) + serialized -+ re -+ (fun re temp_1_ -> + re + (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -+ let i, byte:(usize & u8) = temp_1_ in -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ -+ Core.Ops.Range.f_start = sz 0; -+ Core.Ops.Range.f_end = sz 8 -+ } -+ <: -+ Core.Ops.Range.t_Range usize) -+ <: -+ Core.Ops.Range.t_Range usize) -+ re -+ (fun re j -> + let i, byte:(usize & u8) = temp_1_ in + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +@@ -1151,10 +1213,11 @@ + Core.Ops.Range.t_Range usize) + re + (fun re j -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -+ let j:usize = j in -+ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in + let j:usize = j in + let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + lemma_get_bit_bounded' coefficient_compressed 1; + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! j <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed -+ -+ <: -+ i32) -+ } -+ <: + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1168,19 +1231,20 @@ + i32) + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ <: + in + re) + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -+ in + in + admit(); //P-F -+ re + re +#pop-options -+ + +-let deserialize_then_decompress_ring_element_u +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- = +let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized = -+ let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); + assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11); -+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -+ | 10ul -> deserialize_then_decompress_10_ serialized -+ | 11ul -> deserialize_then_decompress_11_ serialized -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ + match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with + | 10ul -> deserialize_then_decompress_10_ serialized + | 11ul -> deserialize_then_decompress_11_ serialized +@@ -1190,11 +1254,11 @@ + <: + Rust_primitives.Hax.t_Never) + +-let deserialize_then_decompress_ring_element_v +- (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- = +let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = -+ let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in + mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR); + assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5); + let res = -+ match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -+ | 4ul -> deserialize_then_decompress_4_ serialized -+ | 5ul -> deserialize_then_decompress_5_ serialized -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) + match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with + | 4ul -> deserialize_then_decompress_4_ serialized + | 5ul -> deserialize_then_decompress_5_ serialized +@@ -1203,27 +1267,32 @@ + + <: + Rust_primitives.Hax.t_Never) + in + admit(); //P-F + res -+ + +-let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = +#push-options "--z3rlimit 100" +let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in + let _:Prims.unit = () <: Prims.unit in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in + in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = + Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) + serialized + (sz 3) -+ re -+ (fun re temp_1_ -> + re + (fun re temp_1_ -> +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in +- let i, bytes:(usize & t_Slice u8) = temp_1_ in +- let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in +- let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in +- let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in +- let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in + let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in + let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in @@ -8384,115 +6897,247 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-edited/Lib + lemma_get_bit_bounded' coef1 11; + lemma_get_bit_bounded' coef2 11; + let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 2 *! i <: usize) + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1231,12 +1300,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 2 *! i <: usize) +- (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) + coef2 -+ } -+ <: + } + <: +- Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ in -+ re) -+ in -+ re + in + re) + in + re +#pop-options -+ + +-let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = +#push-options "--z3rlimit 100" +let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = -+ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in -+ let serialized:t_Array u8 (sz 384) = + let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in + let serialized:t_Array u8 (sz 384) = +- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate +- (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re +- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients +- <: +- t_Slice i32) +- (sz 2) +- <: +- Core.Slice.Iter.t_ChunksExact i32) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) +- <: +- Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) + (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) + (sz 2) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 384) = serialized in + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in +- let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in + assert (v i < 128); -+ let coefficient1:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) -+ in -+ let coefficient2:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) -+ in -+ let coef1, coef2, coef3:(u8 & u8 & u8) = -+ compress_coefficients_3_ coefficient1 coefficient2 -+ in + let coefficient1:u16 = + Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) + in +@@ -1281,6 +1344,8 @@ + let coef1, coef2, coef3:(u8 & u8 & u8) = + compress_coefficients_3_ coefficient1 coefficient2 + in + assert_spinoff (3 * v i + 3 <= 384); + assert_spinoff (range (v (sz 3) * v i) usize_inttype); -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 3 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 3 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 3 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ serialized) -+ in -+ serialized + let serialized:t_Array u8 (sz 384) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 3 *! i <: usize) +@@ -1299,3 +1364,4 @@ + serialized) + in + serialized +#pop-options -diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-31 10:39:21.558355063 +0100 -@@ -0,0 +1,108 @@ -+module Libcrux.Kem.Kyber.Serialize.PartB -+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -+open Core -+open FStar.Mul +diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.185900610 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.248899725 +0100 +@@ -2,118 +2,193 @@ + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul +open MkSeq + -+val compress_then_serialize_10_ ++let int_arr_bitwise_eq ++ #t1 #t2 #n1 #n2 ++ (arr1: t_Array (int_t t1) n1) ++ (d1: bit_num t1) ++ (arr2: t_Array (x: int_t t2) n2) ++ (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) ++ = forall i. i < v n1 * d1 ++ ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i + + val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 ++ (create5 tuple) 8 ++ ) + + val compress_coefficients_11_ + (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +- i32) ++ int_t_d i32_inttype 11) + : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val compress_coefficients_3_ (coefficient1 coefficient2: u16) +- : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 ++ (create11 tuple) 8 ++ ) ++ ++val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) ++ : Prims.Pure (u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create2 (coefficient1, coefficient2)) 12 ++ (create3 tuple) 8 ++ ) + + val compress_coefficients_5_ +- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: +- u8) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) +- +-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) +- : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) ++ (requires True) ++ (ensures fun tuple -> ++ int_arr_bitwise_eq ++ (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 ++ (create5 tuple) 8 ++ ) ++ ++private unfold type i32_d = int_t_d i32_inttype ++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4) -> ++ int_arr_bitwise_eq ++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 ++ (create4 #i32 (r1, r2, r3, r4)) 10 ++ ) + + val decompress_coefficients_11_ +- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) +- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> ++ int_arr_bitwise_eq ++ (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 ++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 ++ ) + + val decompress_coefficients_4_ (byte: u8) +- : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) +- +-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) +- : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +- Prims.l_True +- (fun _ -> Prims.l_True) ++ : Prims.Pure (i32_d 4 & i32_d 4) ++ (requires True) ++ (ensures fun (r1, r2) -> ++ int_arr_bitwise_eq ++ (create1 byte) 8 ++ (create2 (r1, r2)) 4 ++ ) ++ ++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) ++ : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) ++ (requires True) ++ (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> ++ int_arr_bitwise_eq ++ (create5 (byte1, byte2, byte3, byte4, byte5)) 8 ++ (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 ++ ) + + val compress_then_serialize_10_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + (v_OUT_LEN: usize {v v_OUT_LEN >= 320}) + (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_11_ + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_11_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + (v_OUT_LEN: usize {v v_OUT_LEN >= 352}) + (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_4_ + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_4_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + (v_OUT_LEN: usize {v v_OUT_LEN >= 128}) + (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_5_ + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_5_ +- (v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + (v_OUT_LEN: usize {v v_OUT_LEN >= 160}) + (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + +-val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + : Pure (t_Array u8 (sz 32)) + (requires True) + (ensures (fun res -> + res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) -+ -+val compress_then_serialize_ring_element_u + + val compress_then_serialize_ring_element_u +- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) +- +-val compress_then_serialize_ring_element_v +- (v_COMPRESSION_FACTOR v_OUT_LEN: usize) +- (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + (#p:Spec.Kyber.params) + (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11}) + (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR }) @@ -8509,37 +7154,52 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Li + res == + Spec.Kyber.compress_then_encode_v p + (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) -+ + +-val deserialize_then_decompress_10_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320}) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ + Prims.l_True + (fun _ -> Prims.l_True) + +-val deserialize_then_decompress_11_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352}) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ + Prims.l_True + (fun _ -> Prims.l_True) + +-val deserialize_then_decompress_4_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128}) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ + Prims.l_True + (fun _ -> Prims.l_True) + +-val deserialize_then_decompress_5_ (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +val deserialize_then_decompress_5_ + (serialized: t_Slice u8 {Seq.length serialized == 160}) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + + val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + (requires True) + (ensures fun res -> + Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == + Spec.Kyber.decode_then_decompress_message serialized) -+ -+val deserialize_then_decompress_ring_element_u -+ (v_COMPRESSION_FACTOR: usize) + + val deserialize_then_decompress_ring_element_u + (v_COMPRESSION_FACTOR: usize) +- (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) + (serialized: t_Slice u8 { + match v v_COMPRESSION_FACTOR with + | 10 -> Seq.length serialized == 320 @@ -8549,17 +7209,28 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Li + : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11) + (ensures fun _ -> True) -+ + +-val deserialize_then_decompress_ring_element_v +- (v_COMPRESSION_FACTOR: usize) +val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params) + (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5}) -+ (serialized: t_Slice u8) + (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\ + length serialized == Spec.Kyber.v_C2_SIZE p)) + (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res + == Spec.Kyber.decode_then_decompress_v p serialized) -+ -+val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) + + val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) +- : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement +- Prims.l_True +- (fun _ -> Prims.l_True) +- +-val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) +- : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) + : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) + (ensures fun _ -> True) @@ -8569,8 +7240,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-edited/Li + (requires True) + (ensures (fun res -> True)) diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst ---- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.512355502 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.565354996 +0100 +--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.203900357 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.246899754 +0100 @@ -3,31 +3,33 @@ open Core open FStar.Mul @@ -8841,8 +7512,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.K + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti ---- extraction/Libcrux_platform.fsti 2024-01-31 10:39:21.520355426 +0100 -+++ extraction-edited/Libcrux_platform.fsti 2024-01-31 10:39:21.601354652 +0100 +--- extraction/Libcrux_platform.fsti 2024-01-31 11:04:44.210900259 +0100 ++++ extraction-edited/Libcrux_platform.fsti 2024-01-31 11:04:44.274899360 +0100 @@ -1,20 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -8867,7 +7538,7 @@ diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fs +val simd256_support: bool diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst --- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/MkSeq.fst 2024-01-31 10:39:21.587354785 +0100 ++++ extraction-edited/MkSeq.fst 2024-01-31 11:04:44.263899515 +0100 @@ -0,0 +1,91 @@ +module MkSeq +open Core @@ -8962,7 +7633,7 @@ diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst --- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Spec.Kyber.fst 2024-01-31 10:39:21.599354671 +0100 ++++ extraction-edited/Spec.Kyber.fst 2024-01-31 11:04:44.273899375 +0100 @@ -0,0 +1,426 @@ +module Spec.Kyber +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch index 354e3d955..63516f37c 100644 --- a/proofs/fstar/extraction-secret-independent.patch +++ b/proofs/fstar/extraction-secret-independent.patch @@ -1,6 +1,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.582354833 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 10:39:21.630354375 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.258899585 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.299899009 +0100 @@ -1,356 +1,81 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -397,8 +397,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-i - - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.567354977 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 10:39:21.637354308 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.249899711 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.305898925 +0100 @@ -3,32 +3,10 @@ open Core open FStar.Mul @@ -746,8 +746,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.572354929 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 10:39:21.635354327 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.254899641 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.304898939 +0100 @@ -1,79 +1,39 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" @@ -852,8 +852,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-ind + (Core.Ops.Arith.Neg.neg fe <: i32) &. + ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.575354900 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 10:39:21.616354508 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.255899627 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.288899164 +0100 @@ -3,42 +3,44 @@ open Core open FStar.Mul @@ -925,8 +925,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-in - (fun result -> v result >= 0 /\ v result < 3329) + : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.607354594 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 10:39:21.615354518 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.279899290 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.286899192 +0100 @@ -15,8 +15,7 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -938,8 +938,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-i let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.555355091 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 10:39:21.611354556 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.240899838 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.283899234 +0100 @@ -4,163 +4,61 @@ open FStar.Mul @@ -1128,8 +1128,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-s -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.569354958 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 10:39:21.650354183 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.251899683 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.316898770 +0100 @@ -20,26 +20,30 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1173,7 +1173,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction- + result = rhs <: bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst --- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 10:39:21.663354059 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 11:04:44.327898616 +0100 @@ -0,0 +1,87 @@ +module Libcrux.Kem.Kyber.Conversions +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1264,8 +1264,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret- + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ Pas de fin de ligne à la fin du fichier diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst ---- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.598354680 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 10:39:21.657354117 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.271899402 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.322898686 +0100 @@ -1,29 +1,12 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -1509,8 +1509,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) - diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti ---- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.553355110 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 10:39:21.652354165 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.238899866 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.318898742 +0100 @@ -10,75 +10,31 @@ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -1600,8 +1600,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.589354766 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 10:39:21.629354384 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.264899501 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.298899023 +0100 @@ -3,27 +3,18 @@ open Core open FStar.Mul @@ -1650,8 +1650,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secr - admit(); //P-F out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.580354852 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 10:39:21.647354212 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.257899599 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.313898813 +0100 @@ -3,24 +3,12 @@ open Core open FStar.Mul @@ -1683,7 +1683,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-sec + : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst --- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 10:39:21.658354107 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 11:04:44.323898672 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem.Kyber.Helper +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1692,8 +1692,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-indep + + diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.585354805 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 10:39:21.620354470 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.261899543 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.291899122 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2404,8 +2404,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-inde - res - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.605354613 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 10:39:21.660354088 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.277899318 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.325898644 +0100 @@ -1,152 +1,80 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2608,8 +2608,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-ind + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.560355043 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 10:39:21.644354241 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.242899810 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.310898855 +0100 @@ -3,23 +3,22 @@ open Core open FStar.Mul @@ -2643,8 +2643,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-in (sz 3168) (sz 1568) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.548355158 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 10:39:21.622354451 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.234899922 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.292899108 +0100 @@ -5,21 +5,20 @@ let decapsulate_512_ @@ -2675,8 +2675,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-ind (sz 1632) (sz 800) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.550355139 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 10:39:21.625354422 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.235899908 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.295899065 +0100 @@ -3,24 +3,22 @@ open Core open FStar.Mul @@ -2710,8 +2710,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-ind (sz 2400) (sz 1184) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.551355129 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 10:39:21.639354289 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.237899880 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.306898911 +0100 @@ -74,19 +74,16 @@ val decapsulate_768_ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) @@ -2740,8 +2740,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.563355015 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 10:39:21.665354040 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.245899768 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.329898588 +0100 @@ -3,418 +3,432 @@ open Core open FStar.Mul @@ -3550,8 +3550,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-indep - admit(); //P-F v_A_transpose diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.583354824 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 10:39:21.634354336 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.259899571 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.302898967 +0100 @@ -3,71 +3,39 @@ open Core open FStar.Mul @@ -3654,8 +3654,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-inde + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.570354948 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 10:39:21.613354537 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.252899669 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.285899206 +0100 @@ -1,130 +1,56 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -4586,8 +4586,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independ -#pop-options + re diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.562355024 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 10:39:21.653354155 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.244899782 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.319898728 +0100 @@ -2,80 +2,224 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -4881,8 +4881,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-indepen + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.596354699 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 10:39:21.662354069 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.270899416 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.326898630 +0100 @@ -3,34 +3,27 @@ open Core open FStar.Mul @@ -5319,8 +5319,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-ind -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.592354738 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 10:39:21.632354356 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.267899459 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.301898981 +0100 @@ -3,37 +3,77 @@ open Core open FStar.Mul @@ -5421,1566 +5421,102 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.546355177 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 10:39:21.643354250 +0100 -@@ -1,4 +1,1301 @@ +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.233899936 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.309898869 +0100 +@@ -1,13 +1,8 @@ module Libcrux.Kem.Kyber.Serialize -+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -+open Core -+open FStar.Mul - --include Libcrux.Kem.Kyber.Serialize.PartA --include Libcrux.Kem.Kyber.Serialize.PartB -+let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = -+ let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in -+ let coef2:u8 = -+ ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) -+ in -+ let coef3:u8 = -+ ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) -+ in -+ let coef4:u8 = -+ ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) -+ in -+ let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in -+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -+ -+let compress_coefficients_11_ -+ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -+ i32) -+ = -+ let coef1:u8 = cast (coefficient1 <: i32) <: u8 in -+ let coef2:u8 = -+ ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) -+ in -+ let coef3:u8 = -+ ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) -+ in -+ let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in -+ let coef5:u8 = -+ ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) -+ in -+ let coef6:u8 = -+ ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) -+ in -+ let coef7:u8 = -+ ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) -+ in -+ let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in -+ let coef9:u8 = -+ ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) -+ in -+ let coef10:u8 = -+ ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) -+ in -+ let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in -+ coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -+ <: -+ (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -+ -+let compress_coefficients_3_ (coefficient1 coefficient2: u16) = -+ let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in -+ let coef2:u8 = -+ cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in -+ coef1, coef2, coef3 <: (u8 & u8 & u8) -+ -+let compress_coefficients_5_ -+ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: -+ u8) -+ = -+ let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) -+ in -+ let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in -+ let coef4:u8 = -+ (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) -+ in -+ let coef5:u8 = (coefficient8 <>! 2l <: u8) in -+ coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -+ -+let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = -+ let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in -+ let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in -+ let coefficient4:i32 = (byte5 <>! 6l <: i32) in -+ coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32) -+ -+let decompress_coefficients_11_ -+ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) -+ = -+ let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in -+ let coefficient3:i32 = -+ (((byte5 &. 1l <: i32) <>! 6l <: i32) -+ in -+ let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in -+ let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in -+ let coefficient6:i32 = -+ (((byte9 &. 3l <: i32) <>! 7l <: i32) -+ in -+ let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in -+ let coefficient8:i32 = (byte11 <>! 5l <: i32) in -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8 -+ <: -+ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -+ -+let decompress_coefficients_4_ (byte: u8) = -+ let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in -+ let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in -+ coefficient1, coefficient2 <: (i32 & i32) -+ -+let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = -+ let coefficient1:i32 = byte1 &. 31l in -+ let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in -+ let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -+ let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in -+ let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in -+ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in -+ let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in -+ let coefficient8:i32 = byte5 >>! 3l in -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8 -+ <: -+ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -+ -+let compress_then_serialize_10_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ = -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ <: -+ t_Slice i32) -+ (sz 4) -+ <: -+ Core.Slice.Iter.t_ChunksExact i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ let coefficient1:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient2:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient3:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient4:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -+ compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 5 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ serialized) -+ in -+ serialized -+ -+let compress_then_serialize_11_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ = -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ <: -+ t_Slice i32) -+ (sz 8) -+ <: -+ Core.Slice.Iter.t_ChunksExact i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ let coefficient1:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient2:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient3:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient4:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient5:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient6:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient7:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coefficient8:i32 = -+ Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 -+ ) -+ <: -+ u16) -+ in -+ let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8 & -+ u8) = -+ compress_coefficients_11_ coefficient1 -+ coefficient2 -+ coefficient3 -+ coefficient4 -+ coefficient5 -+ coefficient6 -+ coefficient7 -+ coefficient8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 11 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 5 <: usize) -+ coef6 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 6 <: usize) -+ coef7 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 7 <: usize) -+ coef8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 8 <: usize) -+ coef9 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 9 <: usize) -+ coef10 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 11 *! i <: usize) +! sz 10 <: usize) -+ coef11 -+ in -+ serialized) -+ in -+ serialized -+ -+let compress_then_serialize_4_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ = -+ let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ <: -+ t_Slice i32) -+ (sz 2) -+ <: -+ Core.Slice.Iter.t_ChunksExact i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ let coefficient1:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient2:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ i -+ ((coefficient2 < -+ let serialized:t_Array u8 v_OUT_LEN = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ let coefficient1:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient2:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient3:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient4:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient5:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient6:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient7:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coefficient8:u8 = -+ cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -+ (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -+ <: -+ i32) -+ <: -+ u16) -+ <: -+ i32) -+ <: -+ u8 -+ in -+ let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -+ compress_coefficients_5_ coefficient2 -+ coefficient1 -+ coefficient4 -+ coefficient3 -+ coefficient5 -+ coefficient7 -+ coefficient6 -+ coefficient8 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 5 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 3 <: usize) -+ coef4 -+ in -+ let serialized:t_Array u8 v_OUT_LEN = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 5 *! i <: usize) +! sz 4 <: usize) -+ coef5 -+ in -+ serialized) -+ in -+ serialized -+ -+let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = -+ let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in -+ let serialized:t_Array u8 (sz 32) = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ <: -+ t_Slice i32) -+ (sz 8) -+ <: -+ Core.Slice.Iter.t_ChunksExact i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 32) = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 32) = serialized in -+ let j, coefficient:(usize & i32) = temp_1_ in -+ let coefficient:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient -+ in -+ let coefficient_compressed:u8 = -+ Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient -+ in -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ i -+ ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re -+ | 11ul -> compress_then_serialize_11_ v_OUT_LEN re -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ -+let compress_then_serialize_ring_element_v -+ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ = -+ let _:Prims.unit = () <: Prims.unit in -+ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with -+ | 4ul -> compress_then_serialize_4_ v_OUT_LEN re -+ | 5ul -> compress_then_serialize_5_ v_OUT_LEN re -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ -+let deserialize_then_decompress_10_ (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, bytes:(usize & t_Slice u8) = temp_1_ in -+ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -+ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) = -+ decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 4 *! i <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 1 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 2 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 4 *! i <: usize) +! sz 3 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ in -+ re -+ -+let deserialize_then_decompress_11_ (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, bytes:(usize & t_Slice u8) = temp_1_ in -+ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -+ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in -+ let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in -+ let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in -+ let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in -+ let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in -+ let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in -+ let -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = -+ decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 -+ byte11 -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 8 *! i <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 1 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 2 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 3 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 4 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 5 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 6 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 7 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ in -+ re -+ -+let deserialize_then_decompress_4_ (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, byte:(usize & u8) = temp_1_ in -+ let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 2 *! i <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 2 *! i <: usize) +! sz 1 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ in -+ re -+ -+let deserialize_then_decompress_5_ (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, bytes:(usize & t_Slice u8) = temp_1_ in -+ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in -+ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -+ let -+ coefficient1, -+ coefficient2, -+ coefficient3, -+ coefficient4, -+ coefficient5, -+ coefficient6, -+ coefficient7, -+ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = -+ decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 8 *! i <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 1 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 2 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 3 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 4 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 5 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 6 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! sz 7 <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ in -+ re -+ -+let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Iter.Traits.Collect.f_into_iter serialized -+ <: -+ Core.Array.Iter.t_IntoIter u8 (sz 32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, byte:(usize & u8) = temp_1_ in -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ -+ Core.Ops.Range.f_start = sz 0; -+ Core.Ops.Range.f_end = sz 8 -+ } -+ <: -+ Core.Ops.Range.t_Range usize) -+ <: -+ Core.Ops.Range.t_Range usize) -+ re -+ (fun re j -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let j:usize = j in -+ let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ ((sz 8 *! i <: usize) +! j <: usize) -+ (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed -+ -+ <: -+ i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ in -+ re -+ -+let deserialize_then_decompress_ring_element_u -+ (v_COMPRESSION_FACTOR: usize) -+ (serialized: t_Slice u8) -+ = -+ let _:Prims.unit = () <: Prims.unit in -+ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with -+ | 10ul -> deserialize_then_decompress_10_ serialized -+ | 11ul -> deserialize_then_decompress_11_ serialized -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ -+let deserialize_then_decompress_ring_element_v -+ (v_COMPRESSION_FACTOR: usize) -+ (serialized: t_Slice u8) -+ = -+ let _:Prims.unit = () <: Prims.unit in -+ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with -+ | 4ul -> deserialize_then_decompress_4_ serialized -+ | 5ul -> deserialize_then_decompress_5_ serialized -+ | _ -> -+ Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -+ -+ <: -+ Rust_primitives.Hax.t_Never) -+ -+let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = -+ let _:Prims.unit = () <: Prims.unit in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -+ in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) -+ re -+ (fun re temp_1_ -> -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in -+ let i, bytes:(usize & t_Slice u8) = temp_1_ in -+ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in -+ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in -+ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in -+ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = -+ { -+ re with -+ Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ (sz 2 *! i <: usize) -+ (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) -+ } -+ <: -+ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ in -+ re) -+ in -+ re -+ -+let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = -+ let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in -+ let serialized:t_Array u8 (sz 384) = -+ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate -+ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re -+ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -+ <: -+ t_Slice i32) -+ (sz 2) -+ <: -+ Core.Slice.Iter.t_ChunksExact i32) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ <: -+ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) -+ serialized -+ (fun serialized temp_1_ -> -+ let serialized:t_Array u8 (sz 384) = serialized in -+ let i, coefficients:(usize & t_Slice i32) = temp_1_ in -+ let coefficient1:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) -+ in -+ let coefficient2:u16 = -+ Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) -+ in -+ let coef1, coef2, coef3:(u8 & u8 & u8) = -+ compress_coefficients_3_ coefficient1 coefficient2 -+ in -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ (sz 3 *! i <: usize) -+ coef1 -+ in -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 3 *! i <: usize) +! sz 1 <: usize) -+ coef2 -+ in -+ let serialized:t_Array u8 (sz 384) = -+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -+ ((sz 3 *! i <: usize) +! sz 2 <: usize) -+ coef3 -+ in -+ serialized) -+ in -+ serialized -diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 10:39:21.641354270 +0100 -@@ -0,0 +1,119 @@ -+module Libcrux.Kem.Kyber.Serialize -+#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -+open Core -+open FStar.Mul -+ -+val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_coefficients_11_ -+ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -+ i32) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val compress_coefficients_3_ (coefficient1 coefficient2: u16) -+ : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_coefficients_5_ -+ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: -+ u8) -+ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) -+ -+val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) -+ : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -+ -+val decompress_coefficients_11_ -+ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) -+ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val decompress_coefficients_4_ (byte: u8) -+ : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) -+ -+val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) -+ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_10_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_11_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_4_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_5_ -+ (v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_ring_element_u -+ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val compress_then_serialize_ring_element_v -+ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) -+ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_10_ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_11_ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_4_ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_5_ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_ring_element_u -+ (v_COMPRESSION_FACTOR: usize) -+ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_then_decompress_ring_element_v -+ (v_COMPRESSION_FACTOR: usize) -+ (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) -+ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement -+ Prims.l_True -+ (fun _ -> Prims.l_True) -+ -+val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) -+ : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) -diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst 2024-01-31 10:39:21.579354862 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fst 1970-01-01 01:00:00.000000000 +0100 -@@ -1,182 +0,0 @@ --module Libcrux.Kem.Kyber.Serialize.PartA -#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" --open Core --open FStar.Mul -- ++#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul + -open Libcrux.Kem.Kyber.Arithmetic - -open MkSeq - -#push-options "--z3rlimit 50" --let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = -- let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in -- let coef2:u8 = -- ((cast (coefficient2 &. 63l <: i32) <: u8) <>! 8l <: i32) &. 3l <: i32) <: u8) -- in -- let coef3:u8 = -- ((cast (coefficient3 &. 15l <: i32) <: u8) <>! 6l <: i32) &. 15l <: i32) <: u8) -- in -- let coef4:u8 = -- ((cast (coefficient4 &. 3l <: i32) <: u8) <>! 4l <: i32) &. 63l <: i32) <: u8) -- in -- let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in -- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) + let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = + let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in + let coef2:u8 = +@@ -24,11 +19,11 @@ + in + let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in + coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -#pop-options -- + -#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" --let compress_coefficients_11_ + let compress_coefficients_11_ - coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = -- let coef1:u8 = cast (coefficient1 <: i32) <: u8 in -- let coef2:u8 = -- ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: i32) <: u8) -- in -- let coef3:u8 = -- ((cast (coefficient3 &. 3l <: i32) <: u8) <>! 5l <: i32) <: u8) -- in -- let coef4:u8 = cast ((coefficient3 >>! 2l <: i32) &. 255l <: i32) <: u8 in -- let coef5:u8 = -- ((cast (coefficient4 &. 127l <: i32) <: u8) <>! 10l <: i32) <: u8) -- in -- let coef6:u8 = -- ((cast (coefficient5 &. 15l <: i32) <: u8) <>! 7l <: i32) <: u8) -- in -- let coef7:u8 = -- ((cast (coefficient6 &. 1l <: i32) <: u8) <>! 4l <: i32) <: u8) -- in -- let coef8:u8 = cast ((coefficient6 >>! 1l <: i32) &. 255l <: i32) <: u8 in -- let coef9:u8 = -- ((cast (coefficient7 &. 63l <: i32) <: u8) <>! 9l <: i32) <: u8) -- in -- let coef10:u8 = -- ((cast (coefficient8 &. 7l <: i32) <: u8) <>! 6l <: i32) <: u8) -- in -- let coef11:u8 = cast (coefficient8 >>! 3l <: i32) <: u8 in -- coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -- <: -- (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) ++ (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: ++ i32) ++ = + let coef1:u8 = cast (coefficient1 <: i32) <: u8 in + let coef2:u8 = + ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in + let coef2:u8 = + cast ((coefficient1 >>! 8l <: u16) |. ((coefficient2 &. 15us <: u16) <>! 4l <: u16) &. 255us <: u16) <: u8 in - coef1, coef2, coef3 <: (u8 & u8 & u8) -#pop-options -- ++ coef1, coef2, coef3 <: (u8 & u8 & u8) + -#push-options "--z3rlimit 60 --split_queries always" --let compress_coefficients_5_ + let compress_coefficients_5_ - coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 - = -- let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 3l <: u8) -- in -- let coef3:u8 = ((coefficient5 &. 15uy <: u8) <>! 1l <: u8) in -- let coef4:u8 = -- (((coefficient7 &. 3uy <: u8) <>! 4l <: u8) -- in -- let coef5:u8 = (coefficient8 <>! 2l <: u8) in -- coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: ++ u8) ++ = + let coef1:u8 = ((coefficient2 &. 7uy <: u8) <>! 2l <: u8) in + coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -#pop-options -- + -#push-options "--z3rlimit 500" -let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = -- let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in -- let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in -- let coefficient4:i32 = (byte5 <>! 6l <: i32) in ++let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = + let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in + let coefficient3:i32 = ((byte4 &. 63l <: i32) <>! 4l <: i32) in + let coefficient4:i32 = (byte5 <>! 6l <: i32) in - lemma_get_bit_bounded' coefficient1 10; - lemma_get_bit_bounded' coefficient2 10; - lemma_get_bit_bounded' coefficient3 10; - lemma_get_bit_bounded' coefficient4 10; - coefficient1, coefficient2, coefficient3, coefficient4 -#pop-options -- ++ coefficient1, coefficient2, coefficient3, coefficient4 <: (i32 & i32 & i32 & i32) + -#push-options "--z3rlimit 300" --let decompress_coefficients_11_ + let decompress_coefficients_11_ - byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = -- let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in -- let coefficient3:i32 = -- (((byte5 &. 1l <: i32) <>! 6l <: i32) -- in -- let coefficient4:i32 = ((byte6 &. 15l <: i32) <>! 1l <: i32) in -- let coefficient5:i32 = ((byte7 &. 127l <: i32) <>! 4l <: i32) in -- let coefficient6:i32 = -- (((byte9 &. 3l <: i32) <>! 7l <: i32) -- in -- let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in -- let coefficient8:i32 = (byte11 <>! 5l <: i32) in ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) ++ = + let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in + let coefficient3:i32 = +@@ -125,14 +109,6 @@ + in + let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in + let coefficient8:i32 = (byte11 <>! 5l <: i32) in - lemma_get_bit_bounded' coefficient1 11; - lemma_get_bit_bounded' coefficient2 11; - lemma_get_bit_bounded' coefficient3 11; @@ -6989,35 +5525,38 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-sec - lemma_get_bit_bounded' coefficient6 11; - lemma_get_bit_bounded' coefficient7 11; - lemma_get_bit_bounded' coefficient8 11; -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, -- coefficient8 + coefficient1, + coefficient2, + coefficient3, +@@ -141,19 +117,15 @@ + coefficient6, + coefficient7, + coefficient8 -#pop-options -- ++ <: ++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) + -#push-options "--z3rlimit 50" -let decompress_coefficients_4_ byte = -- let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in -- let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in ++let decompress_coefficients_4_ (byte: u8) = + let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in + let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in - lemma_get_bit_bounded' coefficient1 4; - lemma_get_bit_bounded' coefficient2 4; - coefficient1, coefficient2 -#pop-options -- ++ coefficient1, coefficient2 <: (i32 & i32) + -#push-options "--z3rlimit 400" -let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = -- let coefficient1:i32 = byte1 &. 31l in -- let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in -- let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -- let coefficient4:i32 = ((byte3 &. 15l <: i32) <>! 7l <: i32) in -- let coefficient5:i32 = ((byte4 &. 1l <: i32) <>! 4l <: i32) in -- let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in -- let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in -- let coefficient8:i32 = byte5 >>! 3l in ++let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = + let coefficient1:i32 = byte1 &. 31l in + let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in + let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in +@@ -162,14 +134,6 @@ + let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in + let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in + let coefficient8:i32 = byte5 >>! 3l in - lemma_get_bit_bounded' coefficient1 5; - lemma_get_bit_bounded' coefficient2 5; - lemma_get_bit_bounded' coefficient3 5; @@ -7026,122 +5565,15 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fst extraction-sec - lemma_get_bit_bounded' coefficient6 5; - lemma_get_bit_bounded' coefficient7 5; - lemma_get_bit_bounded' coefficient8 5; -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, -- coefficient8 + coefficient1, + coefficient2, + coefficient3, +@@ -178,50 +142,31 @@ + coefficient6, + coefficient7, + coefficient8 -#pop-options - -diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartA.fsti 2024-01-31 10:39:21.577354881 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartA.fsti 1970-01-01 01:00:00.000000000 +0100 -@@ -1,91 +0,0 @@ --module Libcrux.Kem.Kyber.Serialize.PartA --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul --open MkSeq -- --let int_arr_bitwise_eq -- #t1 #t2 #n1 #n2 -- (arr1: t_Array (int_t t1) n1) -- (d1: bit_num t1) -- (arr2: t_Array (x: int_t t2) n2) -- (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) -- = forall i. i < v n1 * d1 -- ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i -- --val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8) -- (requires True) -- (ensures fun tuple -> -- int_arr_bitwise_eq -- (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 -- (create5 tuple) 8 -- ) -- --val compress_coefficients_11_ -- (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -- int_t_d i32_inttype 11) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -- (requires True) -- (ensures fun tuple -> -- int_arr_bitwise_eq -- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -- (create11 tuple) 8 -- ) -- --val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) -- : Prims.Pure (u8 & u8 & u8) -- (requires True) -- (ensures fun tuple -> -- int_arr_bitwise_eq -- (create2 (coefficient1, coefficient2)) 12 -- (create3 tuple) 8 -- ) -- --val compress_coefficients_5_ -- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) -- : Prims.Pure (u8 & u8 & u8 & u8 & u8) -- (requires True) -- (ensures fun tuple -> -- int_arr_bitwise_eq -- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 -- (create5 tuple) 8 -- ) -- --private unfold type i32_d = int_t_d i32_inttype --val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) -- : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) -- (requires True) -- (ensures fun (r1, r2, r3, r4) -> -- int_arr_bitwise_eq -- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 -- (create4 #i32 (r1, r2, r3, r4)) 10 -- ) -- --val decompress_coefficients_11_ -- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) -- : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) -- (requires True) -- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> -- int_arr_bitwise_eq -- (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 -- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 -- ) -- --val decompress_coefficients_4_ (byte: u8) -- : Prims.Pure (i32_d 4 & i32_d 4) -- (requires True) -- (ensures fun (r1, r2) -> -- int_arr_bitwise_eq -- (create1 byte) 8 -- (create2 (r1, r2)) 4 -- ) -- --val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) -- : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) -- (requires True) -- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> -- int_arr_bitwise_eq -- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 -- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 -- ) -diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst 2024-01-31 10:39:21.574354910 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fst 1970-01-01 01:00:00.000000000 +0100 -@@ -1,1192 +0,0 @@ --module Libcrux.Kem.Kyber.Serialize.PartB --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul --open MkSeq --open Libcrux.Kem.Kyber.Serialize.PartA -- -let cast_bound_lemma - #t #u - (n: int_t t) @@ -7165,84 +5597,51 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - = Math.Lemmas.pow2_plus 8 8; - Math.Lemmas.pow2_le_compat 32 16 -#pop-options -- ++ <: ++ (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) + -#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" --let compress_then_serialize_10_ + let compress_then_serialize_10_ - v_OUT_LEN - re -- = -- let accT = t_Array u8 v_OUT_LEN in -- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> -- True -- in -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv -- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) -- (sz 4) -- (serialized) -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in -- let i, coefficients:(usize & _) = temp_1_ in -- let coefficient1:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient2:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient3:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -- ) -- <: -- u16) -- in -- let coefficient4:i32 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -- ) -- <: -- u16) -- in -- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -- compress_coefficients_10_ coefficient1 coefficient2 coefficient3 coefficient4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 5 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- serialized) +- = +- let accT = t_Array u8 v_OUT_LEN in +- let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> +- True - in -- serialized ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = +- Rust_primitives.Iterators.foldi_chunks_exact #_ #accT #inv +- (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) +- (sz 4) +- (serialized) ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 4) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in +- let i, coefficients:(usize & _) = temp_1_ in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient1:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 +@@ -281,95 +226,79 @@ + serialized) + in + serialized -#pop-options - -#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" @@ -7267,302 +5666,186 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - let s = update_at_usize s (offset +! sz 4) i4 in - s -#pop-options -- + -#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" --let compress_then_serialize_11_ + let compress_then_serialize_11_ - v_OUT_LEN re - = - let inv = fun (acc: t_Array u8 v_OUT_LEN) (i: usize) -> True in -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in -- let serialized:t_Array u8 v_OUT_LEN = ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in + let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv - (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) - (sz 8) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 8) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in - let coefficient1 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -- ) -- <: -- u16) -- in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ let coefficient1:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 + ) + <: + u16) + in - let coefficient2 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient2:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32 + ) + <: + u16) + in - let coefficient3 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient3:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] <: i32 + ) + <: + u16) + in - let coefficient4 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient4:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] <: i32 + ) + <: + u16) + in - let coefficient5 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient5:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] <: i32 + ) + <: + u16) + in - let coefficient6 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient6:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] <: i32 + ) + <: + u16) + in - let coefficient7 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 -- ) -- <: -- u16) -- in ++ let coefficient7:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] <: i32 + ) + <: + u16) + in - let coefficient8 = -- Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 -- ) -- <: -- u16) -- in -- let coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11:(u8 & u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8 & -- u8) = -- compress_coefficients_11_ coefficient1 -- coefficient2 -- coefficient3 -- coefficient4 -- coefficient5 -- coefficient6 -- coefficient7 -- coefficient8 -- in ++ let coefficient8:i32 = + Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 + ) +@@ -395,8 +324,6 @@ + coefficient7 + coefficient8 + in - assert_spinoff (v i < 32 ==> 11 * v i + 11 <= 32 * 11); - assert_spinoff (v i < 32 ==> range (v (sz 11) * v i) usize_inttype); -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 11 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 5 <: usize) -- coef6 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 6 <: usize) -- coef7 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 7 <: usize) -- coef8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 8 <: usize) -- coef9 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 9 <: usize) -- coef10 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 11 *! i <: usize) +! sz 10 <: usize) -- coef11 -- in -- serialized) -- in -- serialized + let serialized:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 11 *! i <: usize) +@@ -455,20 +382,29 @@ + serialized) + in + serialized -#pop-options -- + -let compress_then_serialize_4_ v_OUT_LEN re = -- let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in ++let compress_then_serialize_4_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = + let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in - let accT = t_Array u8 v_OUT_LEN in - let inv (acc: accT) (i: usize) = True in -- let serialized:t_Array u8 v_OUT_LEN = + let serialized:t_Array u8 v_OUT_LEN = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv - (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) - (sz 2) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 2) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 2)) = temp_1_ in -- let coefficient1:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient2:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- i -- ((coefficient2 < -- let serialized:t_Array u8 v_OUT_LEN = serialized in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 8) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in - let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement (sz 8)) = temp_1_ in -- let coefficient1:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient2:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient3:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 2 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient4:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 3 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient5:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 4 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient6:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 5 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coefficient7:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 6 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient1:u8 = + cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] +@@ -601,14 +544,6 @@ + <: + u8 + in - let coefficient8' = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy - (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] - <: @@ -7571,112 +5854,101 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - u16) - <: - i32 in -- let coefficient8:u8 = -- cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy -- (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -- <: -- i32) -- <: -- u16) -- <: -- i32) -- <: -- u8 -- in -- let coef1, coef2, coef3, coef4, coef5:(u8 & u8 & u8 & u8 & u8) = -- compress_coefficients_5_ coefficient2 -- coefficient1 -- coefficient4 -- coefficient3 -- coefficient5 -- coefficient7 -- coefficient6 -- coefficient8 -- in + let coefficient8:u8 = + cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy + (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] +@@ -631,8 +566,6 @@ + coefficient6 + coefficient8 + in - assert_spinoff (v i < 32 ==> 5 * v i + 5 <= 32 * 5); - assert_spinoff (v i < 32 ==> range (v (sz 5) * v i) usize_inttype); -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 5 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 3 <: usize) -- coef4 -- in -- let serialized:t_Array u8 v_OUT_LEN = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 5 *! i <: usize) +! sz 4 <: usize) -- coef5 -- in -- serialized) -- in -- serialized -- + let serialized:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 5 *! i <: usize) +@@ -662,24 +595,35 @@ + in + serialized + -let compress_then_serialize_message re = -- let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in ++let compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let accT = t_Array u8 (sz 32) in - let inv (acc: accT) (i: usize) = True in -- let serialized:t_Array u8 (sz 32) = + let serialized:t_Array u8 (sz 32) = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv - (re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) - (sz 8) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 32) = serialized in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 8) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in - let i, coefficients:(usize & t_Array Libcrux.Kem.Kyber.Arithmetic.wfFieldElement _) = temp_1_ in - Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) - coefficients -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 32) = serialized in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter coefficients <: Core.Slice.Iter.t_Iter i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in - let j, coefficient:(usize & Libcrux.Kem.Kyber.Arithmetic.wfFieldElement) = temp_1_ in -- let coefficient:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient -- in -- let coefficient_compressed:u8 = -- Libcrux.Kem.Kyber.Compress.compress_message_coefficient coefficient -- in -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- i -- ((serialized.[ i ] <: u8) |. (coefficient_compressed < compress_then_serialize_10_ v_OUT_LEN re -- | 11ul -> compress_then_serialize_11_ v_OUT_LEN re -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- <: -- Rust_primitives.Hax.t_Never) -- ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with + | 10ul -> compress_then_serialize_10_ v_OUT_LEN re + | 11ul -> compress_then_serialize_11_ v_OUT_LEN re + | _ -> + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" ++ + <: + Rust_primitives.Hax.t_Never) + -let compress_then_serialize_ring_element_v #p v_COMPRESSION_FACTOR v_OUT_LEN re = -- let _:Prims.unit = () <: Prims.unit in ++let compress_then_serialize_ring_element_v ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ = + let _:Prims.unit = () <: Prims.unit in - Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); - let res = - assert ( @@ -7684,31 +5956,42 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5) - ); - match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 4ul -> compress_then_serialize_4_ v_OUT_LEN re -- | 5ul -> compress_then_serialize_5_ v_OUT_LEN re -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with + | 4ul -> compress_then_serialize_4_ v_OUT_LEN re + | 5ul -> compress_then_serialize_5_ v_OUT_LEN re + | _ -> +@@ -729,49 +665,32 @@ + + <: + Rust_primitives.Hax.t_Never) - in - admit (); // P-F - res -- + -#push-options "--z3rlimit 160" -let deserialize_then_decompress_10_ serialized = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_10_ (serialized: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let accT = Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement in - let inv (acc: accT) (i: usize) = True in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #inv - serialized - (sz 5) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in - let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in - let byte1: int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in @@ -7717,8 +6000,16 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - let byte4: int_t_d i32_inttype 8 = cast (bytes.[ sz 3 ] <: u8) <: i32 in - let byte5: int_t_d i32_inttype 8 = cast (bytes.[ sz 4 ] <: u8) <: i32 in - let coefficient1, coefficient2, coefficient3, coefficient4 = -- decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let coefficient1, coefficient2, coefficient3, coefficient4:(i32 & i32 & i32 & i32) = + decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 + in - let coefficient1 = (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 - <: - i32) in @@ -7734,75 +6025,105 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - assert_spinoff (v i < 64 ==> 4 * v i + 4 <= 256); - assert_spinoff (v i < 64 ==> range (v (sz 4) * v i) usize_inttype); - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 4 *! i <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -779,12 +698,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 4 *! i <: usize) - coefficient1 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient1 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 1 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -792,12 +713,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 1 <: usize) - coefficient2 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient2 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 2 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -805,12 +728,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 2 <: usize) - coefficient3 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient3 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 4 *! i <: usize) +! sz 3 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -818,43 +743,44 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 4 *! i <: usize) +! sz 3 <: usize) - coefficient4 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 10uy coefficient4 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- in -- re ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + re -#pop-options -- + -#push-options "--z3rlimit 100 --ifuel 0" -let deserialize_then_decompress_11_ serialized - : Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_11_ (serialized: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) - serialized - (sz 11) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 11) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in - let i, bytes:(usize & t_Array u8 (sz 11)) = temp_1_ in - assert (v i < 32); @@ -7817,18 +6138,31 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - let byte9: int_t_d i32_inttype 8 = cast (bytes.[ sz 8 ] <: u8) <: i32 in - let byte10: int_t_d i32_inttype 8 = cast (bytes.[ sz 9 ] <: u8) <: i32 in - let byte11: int_t_d i32_inttype 8 = cast (bytes.[ sz 10 ] <: u8) <: i32 in -- let -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in ++ let byte6:i32 = cast (bytes.[ sz 5 ] <: u8) <: i32 in ++ let byte7:i32 = cast (bytes.[ sz 6 ] <: u8) <: i32 in ++ let byte8:i32 = cast (bytes.[ sz 7 ] <: u8) <: i32 in ++ let byte9:i32 = cast (bytes.[ sz 8 ] <: u8) <: i32 in ++ let byte10:i32 = cast (bytes.[ sz 9 ] <: u8) <: i32 in ++ let byte11:i32 = cast (bytes.[ sz 10 ] <: u8) <: i32 in + let + coefficient1, + coefficient2, +@@ -863,21 +789,11 @@ + coefficient5, + coefficient6, + coefficient7, - coefficient8 = -- decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 -- byte11 -- in ++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = + decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 + byte11 + in - let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 in - let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 in - let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 in @@ -7840,176 +6174,232 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - assert_spinoff (8 * v i + 8 <= 256); - assert_spinoff (range (v (sz 8) * v i) usize_inttype); - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 8 *! i <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -885,12 +801,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 8 *! i <: usize) - coefficient1 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient1 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -898,12 +816,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 1 <: usize) - coefficient2 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient2 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -911,12 +831,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 2 <: usize) - coefficient3 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient3 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -924,12 +846,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 3 <: usize) - coefficient4 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient4 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -937,12 +861,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 4 <: usize) - coefficient5 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient5 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -950,12 +876,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 5 <: usize) - coefficient6 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient6 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -963,12 +891,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 6 <: usize) - coefficient7 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient7 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -976,33 +906,35 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 7 <: usize) - coefficient8 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 11uy coefficient8 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- in -- re ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + re -#pop-options -- + -#push-options "--z3rlimit 100" -let deserialize_then_decompress_4_ serialized = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_4_ (serialized: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) - serialized -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__iter serialized <: Core.Slice.Iter.t_Iter u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_Iter u8)) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -- let i, byte:(usize & u8) = temp_1_ in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let i, byte:(usize & u8) = temp_1_ in - let coefficient1, coefficient2 = decompress_coefficients_4_ byte in - assert_spinoff (v i < 128 ==> 2 * v i + 1 < 256); - assert_spinoff (v i < 128 ==> range (v (sz 2) * v i) usize_inttype); - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 2 *! i <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient1 -- <: -- i32) -- } -- <: ++ let coefficient1, coefficient2:(i32 & i32) = decompress_coefficients_4_ byte in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1015,9 +947,9 @@ + i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 2 *! i <: usize) +! sz 1 <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 4uy coefficient2 -- <: -- i32) -- } -- <: ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1030,32 +962,33 @@ + i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- in -- re ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + re -#pop-options -- + -#push-options "--z3rlimit 150" -let deserialize_then_decompress_5_ serialized = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_5_ (serialized: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) - serialized (sz 5) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 5) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in - let i, bytes:(usize & t_Array u8 (sz 5)) = temp_1_ in - assert (v i < 32); @@ -8018,17 +6408,24 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - let byte3 = cast (bytes.[ sz 2 ] <: u8) <: i32 in - let byte4 = cast (bytes.[ sz 3 ] <: u8) <: i32 in - let byte5 = cast (bytes.[ sz 4 ] <: u8) <: i32 in -- let -- coefficient1, -- coefficient2, -- coefficient3, -- coefficient4, -- coefficient5, -- coefficient6, -- coefficient7, ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let byte4:i32 = cast (bytes.[ sz 3 ] <: u8) <: i32 in ++ let byte5:i32 = cast (bytes.[ sz 4 ] <: u8) <: i32 in + let + coefficient1, + coefficient2, +@@ -1064,25 +997,10 @@ + coefficient5, + coefficient6, + coefficient7, - coefficient8 = -- decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 -- in ++ coefficient8:(i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) = + decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 + in - let coefficient1 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 in - let coefficient2 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 in - let coefficient3 = Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 in @@ -8045,206 +6442,271 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - mul_in_range 8 (v i); - assert_spinoff (v i < 32 ==> range (v (sz 8) * v i) usize_inttype); - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 8 *! i <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1090,12 +1008,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 8 *! i <: usize) - coefficient1 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient1 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 1 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1103,12 +1023,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 1 <: usize) - coefficient2 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient2 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 2 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1116,12 +1038,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 2 <: usize) - coefficient3 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient3 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 3 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1129,12 +1053,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 3 <: usize) - coefficient4 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient4 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 4 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1142,12 +1068,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 4 <: usize) - coefficient5 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient5 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 5 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1155,12 +1083,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 5 <: usize) - coefficient6 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient6 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 6 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1168,12 +1098,14 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 6 <: usize) - coefficient7 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient7 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! sz 7 <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1181,27 +1113,33 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + ((sz 8 *! i <: usize) +! sz 7 <: usize) - coefficient8 -- } -- <: ++ (Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient 5uy coefficient8 ++ <: ++ i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- in -- re ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + re -#pop-options -- + -#push-options "--z3rlimit 60" --let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = + let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_slice #_ #_ #(fun _ _ -> True) - serialized -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Iter.Traits.Collect.f_into_iter serialized ++ <: ++ Core.Array.Iter.t_IntoIter u8 (sz 32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Array.Iter.t_IntoIter u8 (sz 32))) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -- let i, byte:(usize & u8) = temp_1_ in -- Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ -- Core.Ops.Range.f_start = sz 0; -- Core.Ops.Range.f_end = sz 8 -- } -- <: -- Core.Ops.Range.t_Range usize) -- <: -- Core.Ops.Range.t_Range usize) -- re -- (fun re j -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let i, byte:(usize & u8) = temp_1_ in + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Ops.Range.f_start = sz 0; +@@ -1213,11 +1151,10 @@ + Core.Ops.Range.t_Range usize) + re + (fun re j -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in -- let j:usize = j in -- let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in + let j:usize = j in + let coefficient_compressed:i32 = cast ((byte >>! j <: u8) &. 1uy <: u8) <: i32 in - lemma_get_bit_bounded' coefficient_compressed 1; - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- ((sz 8 *! i <: usize) +! j <: usize) -- (Libcrux.Kem.Kyber.Compress.decompress_message_coefficient coefficient_compressed -- -- <: -- i32) -- } -- <: ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1231,21 +1168,20 @@ + i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- <: ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -- in ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + in - admit(); //P-F -- re + re -#pop-options -- + -let deserialize_then_decompress_ring_element_u v_COMPRESSION_FACTOR serialized = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_ring_element_u ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ = + let _:Prims.unit = () <: Prims.unit in - mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR); - assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 10 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 11); - match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 10ul -> deserialize_then_decompress_10_ serialized -- | 11ul -> deserialize_then_decompress_11_ serialized -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) -- ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with + | 10ul -> deserialize_then_decompress_10_ serialized + | 11ul -> deserialize_then_decompress_11_ serialized + | _ -> +@@ -1254,12 +1190,12 @@ + <: + Rust_primitives.Hax.t_Never) + -let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_then_decompress_ring_element_v ++ (v_COMPRESSION_FACTOR: usize) ++ (serialized: t_Slice u8) ++ = + let _:Prims.unit = () <: Prims.unit in - mk_int_equiv_lemma #u32_inttype (v v_COMPRESSION_FACTOR); - assert (v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 4 \/ v (cast (v_COMPRESSION_FACTOR <: usize) <: u32) == 5); - let res = - match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with -- | 4ul -> deserialize_then_decompress_4_ serialized -- | 5ul -> deserialize_then_decompress_5_ serialized -- | _ -> -- Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" -- -- <: -- Rust_primitives.Hax.t_Never) ++ match cast (v_COMPRESSION_FACTOR <: usize) <: pub_u32 with + | 4ul -> deserialize_then_decompress_4_ serialized + | 5ul -> deserialize_then_decompress_5_ serialized + | _ -> +@@ -1267,32 +1203,27 @@ + + <: + Rust_primitives.Hax.t_Never) - in - admit(); //P-F - res -- + -#push-options "--z3rlimit 100" -let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = -- let _:Prims.unit = () <: Prims.unit in ++let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = + let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Libcrux.Kem.Kyber.Arithmetic.cast_poly_b Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO -- in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO + in - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) - serialized - (sz 3) -- re -- (fun re temp_1_ -> ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact serialized (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + re + (fun re temp_1_ -> - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = re in - let i, bytes:(usize & t_Array u8 (sz 3)) = temp_1_ in - let byte1:int_t_d i32_inttype 8 = cast (bytes.[ sz 0 ] <: u8) <: i32 in @@ -8255,115 +6717,245 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fst extraction-sec - lemma_get_bit_bounded' coef1 11; - lemma_get_bit_bounded' coef2 11; - let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = -- { -- re with -- Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -- .Libcrux.Kem.Kyber.Arithmetic.f_coefficients -- (sz 2 *! i <: usize) ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = re in ++ let i, bytes:(usize & t_Slice u8) = temp_1_ in ++ let byte1:i32 = cast (bytes.[ sz 0 ] <: u8) <: i32 in ++ let byte2:i32 = cast (bytes.[ sz 1 ] <: u8) <: i32 in ++ let byte3:i32 = cast (bytes.[ sz 2 ] <: u8) <: i32 in ++ let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = + { + re with + Libcrux.Kem.Kyber.Arithmetic.f_coefficients +@@ -1300,12 +1231,12 @@ + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux.Kem.Kyber.Arithmetic.f_coefficients + (sz 2 *! i <: usize) - coef1 -- } -- <: ++ (((byte2 &. 15l <: i32) <>! 4l <: i32) &. 15l <: i32) <: i32) + } + <: - Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- in -- re) -- in -- re ++ Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + in + re) + in + re -#pop-options -- + -#push-options "--z3rlimit 100" -let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = -- let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in -- let serialized:t_Array u8 (sz 384) = ++let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = + let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in + let serialized:t_Array u8 (sz 384) = - Rust_primitives.Iterators.foldi_chunks_exact #_ #_ #(fun _ _ -> True) - (Rust_primitives.unsize re.Libcrux.Kem.Kyber.Arithmetic.f_coefficients) - (sz 2) -- serialized -- (fun serialized temp_1_ -> -- let serialized:t_Array u8 (sz 384) = serialized in ++ Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate ++ (Core.Slice.impl__chunks_exact (Rust_primitives.unsize re ++ .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ++ <: ++ t_Slice i32) ++ (sz 2) ++ <: ++ Core.Slice.Iter.t_ChunksExact i32) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) ++ <: ++ Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact i32)) + serialized + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in - let i, coefficients:(usize & t_Array (Libcrux.Kem.Kyber.Arithmetic.i32_b (v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - 1)) (sz 2)) = temp_1_ in - assert (v i < 128); -- let coefficient1:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) -- in -- let coefficient2:u16 = -- Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 1 ] <: i32) -- in -- let coef1, coef2, coef3:(u8 & u8 & u8) = -- compress_coefficients_3_ coefficient1 coefficient2 -- in ++ let i, coefficients:(usize & t_Slice i32) = temp_1_ in + let coefficient1:u16 = + Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) + in +@@ -1344,8 +1281,6 @@ + let coef1, coef2, coef3:(u8 & u8 & u8) = + compress_coefficients_3_ coefficient1 coefficient2 + in - assert_spinoff (3 * v i + 3 <= 384); - assert_spinoff (range (v (sz 3) * v i) usize_inttype); -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- (sz 3 *! i <: usize) -- coef1 -- in -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 3 *! i <: usize) +! sz 1 <: usize) -- coef2 -- in -- let serialized:t_Array u8 (sz 384) = -- Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized -- ((sz 3 *! i <: usize) +! sz 2 <: usize) -- coef3 -- in -- serialized) -- in -- serialized + let serialized:t_Array u8 (sz 384) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized + (sz 3 *! i <: usize) +@@ -1364,4 +1299,3 @@ + serialized) + in + serialized -#pop-options -diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti 2024-01-31 10:39:21.558355063 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.PartB.fsti 1970-01-01 01:00:00.000000000 +0100 -@@ -1,108 +0,0 @@ --module Libcrux.Kem.Kyber.Serialize.PartB --#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" --open Core --open FStar.Mul +diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.248899725 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.308898883 +0100 +@@ -2,193 +2,118 @@ + #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" + open Core + open FStar.Mul -open MkSeq - --val compress_then_serialize_10_ +-let int_arr_bitwise_eq +- #t1 #t2 #n1 #n2 +- (arr1: t_Array (int_t t1) n1) +- (d1: bit_num t1) +- (arr2: t_Array (x: int_t t2) n2) +- (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) +- = forall i. i < v n1 * d1 +- ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i + + val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create4 (coefficient1, coefficient2, coefficient3, coefficient4)) 10 +- (create5 tuple) 8 +- ) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + + val compress_coefficients_11_ + (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +- int_t_d i32_inttype 11) ++ i32) + : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +- (create11 tuple) 8 +- ) +- +-val compress_coefficients_3_ (coefficient1 coefficient2: int_t_d u16_inttype 12) +- : Prims.Pure (u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create2 (coefficient1, coefficient2)) 12 +- (create3 tuple) 8 +- ) ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val compress_coefficients_3_ (coefficient1 coefficient2: u16) ++ : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + + val compress_coefficients_5_ +- (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: int_t_d u8_inttype 5) +- : Prims.Pure (u8 & u8 & u8 & u8 & u8) +- (requires True) +- (ensures fun tuple -> +- int_arr_bitwise_eq +- (create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 5 +- (create5 tuple) 8 +- ) +- +-private unfold type i32_d = int_t_d i32_inttype +-val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 10 & i32_d 10 & i32_d 10 & i32_d 10) +- (requires True) +- (ensures fun (r1, r2, r3, r4) -> +- int_arr_bitwise_eq +- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 +- (create4 #i32 (r1, r2, r3, r4)) 10 +- ) ++ (coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8: ++ u8) ++ : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32) Prims.l_True (fun _ -> Prims.l_True) + + val decompress_coefficients_11_ +- (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11 & i32_d 11) +- (requires True) +- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> +- int_arr_bitwise_eq +- (create11 (byte1, byte2, byte3, byte4, byte5, byte6, byte7, byte8, byte9, byte10, byte11)) 8 +- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 11 +- ) ++ (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val decompress_coefficients_4_ (byte: u8) +- : Prims.Pure (i32_d 4 & i32_d 4) +- (requires True) +- (ensures fun (r1, r2) -> +- int_arr_bitwise_eq +- (create1 byte) 8 +- (create2 (r1, r2)) 4 +- ) +- +-val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: int_t_d i32_inttype 8) +- : Prims.Pure (i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5 & i32_d 5) +- (requires True) +- (ensures fun (r1, r2, r3, r4, r5, r6, r7, r8) -> +- int_arr_bitwise_eq +- (create5 (byte1, byte2, byte3, byte4, byte5)) 8 +- (create8 (r1, r2, r3, r4, r5, r6, r7, r8)) 5 +- ) ++ : Prims.Pure (i32 & i32) Prims.l_True (fun _ -> Prims.l_True) ++ ++val decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) ++ : Prims.Pure (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val compress_then_serialize_10_ - (v_OUT_LEN: usize {v v_OUT_LEN >= 320}) - (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_11_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_11_ - (v_OUT_LEN: usize {v v_OUT_LEN >= 352}) - (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_4_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_4_ - (v_OUT_LEN: usize {v v_OUT_LEN >= 128}) - (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- --val compress_then_serialize_5_ ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_5_ - (v_OUT_LEN: usize {v v_OUT_LEN >= 160}) - (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) -- : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) -- ++ (v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + -val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - : Pure (t_Array u8 (sz 32)) - (requires True) - (ensures (fun res -> - res == Spec.Kyber.compress_then_encode_message (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) -- --val compress_then_serialize_ring_element_u ++val compress_then_serialize_message (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + + val compress_then_serialize_ring_element_u - (#p:Spec.Kyber.params) - (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11}) - (v_OUT_LEN: usize { v v_OUT_LEN = 32 * v v_COMPRESSION_FACTOR }) @@ -8380,37 +6972,56 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-se - res == - Spec.Kyber.compress_then_encode_v p - (Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b re))) -- ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) ++ ++val compress_then_serialize_ring_element_v ++ (v_COMPRESSION_FACTOR v_OUT_LEN: usize) ++ (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + -val deserialize_then_decompress_10_ (serialized: t_Slice u8 {Seq.length serialized == 320}) - : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- ++val deserialize_then_decompress_10_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) + -val deserialize_then_decompress_11_ (serialized: t_Slice u8 {Seq.length serialized == 352}) - : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- ++val deserialize_then_decompress_11_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) + -val deserialize_then_decompress_4_ (serialized: t_Slice u8 {Seq.length serialized == 128}) - : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- ++val deserialize_then_decompress_4_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) + -val deserialize_then_decompress_5_ - (serialized: t_Slice u8 {Seq.length serialized == 160}) - : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement -- Prims.l_True -- (fun _ -> Prims.l_True) -- --val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) ++val deserialize_then_decompress_5_ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) + + val deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) - : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - (requires True) - (ensures fun res -> - Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res == - Spec.Kyber.decode_then_decompress_message serialized) -- --val deserialize_then_decompress_ring_element_u -- (v_COMPRESSION_FACTOR: usize) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val deserialize_then_decompress_ring_element_u + (v_COMPRESSION_FACTOR: usize) - (serialized: t_Slice u8 { - match v v_COMPRESSION_FACTOR with - | 10 -> Seq.length serialized == 320 @@ -8420,17 +7031,26 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-se - : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - (requires v_COMPRESSION_FACTOR = sz 10 || v_COMPRESSION_FACTOR = sz 11) - (ensures fun _ -> True) -- ++ (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + -val deserialize_then_decompress_ring_element_v (#p:Spec.Kyber.params) - (v_COMPRESSION_FACTOR: usize {v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5}) -- (serialized: t_Slice u8) ++val deserialize_then_decompress_ring_element_v ++ (v_COMPRESSION_FACTOR: usize) + (serialized: t_Slice u8) - : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - (requires (p.v_VECTOR_V_COMPRESSION_FACTOR == v_COMPRESSION_FACTOR /\ - length serialized == Spec.Kyber.v_C2_SIZE p)) - (ensures fun res -> Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b res - == Spec.Kyber.decode_then_decompress_v p serialized) -- --val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) + + val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) - : Pure (Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) - (ensures fun _ -> True) @@ -8439,9 +7059,15 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.PartB.fsti extraction-se - : Pure (t_Array u8 (sz 384)) - (requires True) - (ensures (fun res -> True)) ++ : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement ++ Prims.l_True ++ (fun _ -> Prims.l_True) ++ ++val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) ++ : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst ---- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.565354996 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 10:39:21.623354442 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.246899754 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.293899094 +0100 @@ -3,8 +3,6 @@ open Core open FStar.Mul @@ -8488,8 +7114,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-indepe type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti ---- extraction-edited/Libcrux_platform.fsti 2024-01-31 10:39:21.601354652 +0100 -+++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 10:39:21.655354136 +0100 +--- extraction-edited/Libcrux_platform.fsti 2024-01-31 11:04:44.274899360 +0100 ++++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 11:04:44.320898714 +0100 @@ -1,4 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -8497,7 +7123,7 @@ diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/ -val simd256_support: bool +val simd256_support : unit -> bool diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst ---- extraction-edited/MkSeq.fst 2024-01-31 10:39:21.587354785 +0100 +--- extraction-edited/MkSeq.fst 2024-01-31 11:04:44.263899515 +0100 +++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module MkSeq @@ -8592,7 +7218,7 @@ diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst - -%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst ---- extraction-edited/Spec.Kyber.fst 2024-01-31 10:39:21.599354671 +0100 +--- extraction-edited/Spec.Kyber.fst 2024-01-31 11:04:44.273899375 +0100 +++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,426 +0,0 @@ -module Spec.Kyber diff --git a/proofs/fstar/extraction/Libcrux.Digest.fst b/proofs/fstar/extraction/Libcrux.Digest.fst new file mode 100644 index 000000000..4993b8a42 --- /dev/null +++ b/proofs/fstar/extraction/Libcrux.Digest.fst @@ -0,0 +1,48 @@ +module Libcrux.Digest +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let shake128x4_256_ (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = + Libcrux.Hacl.Sha3.X4.shake128 v_LEN data0 data1 data2 data3 + +let sha3_256_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha256 payload + +let sha3_512_ (payload: t_Slice u8) = Libcrux.Hacl.Sha3.sha512 payload + +let shake128 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake128 v_LEN data + +let shake256 (v_LEN: usize) (data: t_Slice u8) = Libcrux.Hacl.Sha3.shake256 v_LEN data + +let shake128x4_portable (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = + let input_len:usize = Core.Slice.impl__len data0 in + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.((input_len =. (Core.Slice.impl__len data1 <: usize) <: bool) && + (input_len =. (Core.Slice.impl__len data2 <: usize) <: bool) && + (input_len =. (Core.Slice.impl__len data3 <: usize) <: bool) && + (input_len <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool) && + (v_LEN <=. (cast (Core.Num.impl__u32__MAX <: u32) <: usize) <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: input_len == data1.len() && input_len == data2.len() &&\\n input_len == data3.len() && input_len <= u32::MAX as usize &&\\n LEN <= u32::MAX as usize" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let digest0:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data0 in + let digest1:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data1 in + let digest2:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data2 in + let digest3:t_Array u8 v_LEN = Libcrux.Hacl.Sha3.shake128 v_LEN data3 in + digest0, digest1, digest2, digest3 + <: + (t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN) + +let shake128x4 (v_LEN: usize) (data0 data1 data2 data3: t_Slice u8) = + if Libcrux_platform.simd256_support () + then shake128x4_256_ v_LEN data0 data1 data2 data3 + else shake128x4_portable v_LEN data0 data1 data2 data3 From 1340b87093e13afbfd8b112f4c1c50fe6d32da28 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 13:37:15 +0100 Subject: [PATCH 09/19] feat(kyber/fstar): add README for diff workflow --- proofs/fstar/README.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 proofs/fstar/README.md diff --git a/proofs/fstar/README.md b/proofs/fstar/README.md new file mode 100644 index 000000000..54ca5e4ad --- /dev/null +++ b/proofs/fstar/README.md @@ -0,0 +1,36 @@ +# Extraction directories +The `extraction` directory is generated automatically by hax from the +Rust code. The `extraction-edited` and `extraction-secret-independent` +are hand-edited snapshots of `extraction` at some point in time. + +The edits (1) on the one hand between `extraction` and +`extraction-edited` and (2) on the other hand between +`extraction-edited` and `extraction-secret-independent` are tracked +via diff files. + +Whenever the rust code changes, the extracted F* code in `extraction` +changes as well. The CI then apply the diff files: if the patch +process fails or if the resulting patched F* doesn't typecheck, the CI +fails. + +The bash script `./patches.sh` takes care of the diffs: + - `./patches.sh create` creates patches out of the `extraction*` folders; + - `./patches.sh apply` drops the `extraction-edited` and + `extraction-secret-independent` folders and re-create them out of + the `extraction-edited.patch` and + `extraction-secret-independent.patch` files. + +# Workflow +Ideally: + - since `extraction` is a projection from the Rust code via the hax + toolchain, we should not commit it in the repository; + - since `extraction-edited` and `extraction-secret-independent` are + created via the diff files, we should not commit them either in the + repository. + +Currently, we do check those 3 folders in. Thus, when we change +anything in the F* proofs, we should always make sure we keep the diff +files and those folder in a coherent state. + +In other words, this means that the last commit of each PR should be +about regeneration of diff files, using the command `./patches.sh create`. From 2bc09bc2b474293ded96c202ee3da8ca797a536c Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 15:46:27 +0100 Subject: [PATCH 10/19] typos --- proofs/fstar/README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/proofs/fstar/README.md b/proofs/fstar/README.md index 54ca5e4ad..3a72f7414 100644 --- a/proofs/fstar/README.md +++ b/proofs/fstar/README.md @@ -9,14 +9,14 @@ The edits (1) on the one hand between `extraction` and via diff files. Whenever the rust code changes, the extracted F* code in `extraction` -changes as well. The CI then apply the diff files: if the patch +changes as well. The CI then applies the diff files: if the patch process fails or if the resulting patched F* doesn't typecheck, the CI fails. The bash script `./patches.sh` takes care of the diffs: - `./patches.sh create` creates patches out of the `extraction*` folders; - `./patches.sh apply` drops the `extraction-edited` and - `extraction-secret-independent` folders and re-create them out of + `extraction-secret-independent` folders and re-creates them out of the `extraction-edited.patch` and `extraction-secret-independent.patch` files. @@ -33,4 +33,5 @@ anything in the F* proofs, we should always make sure we keep the diff files and those folder in a coherent state. In other words, this means that the last commit of each PR should be -about regeneration of diff files, using the command `./patches.sh create`. +about regeneration of diff files (using the command `./patches.sh +create`) and regeneration of the `extraction` folder. From c3b2cb370d538df02d523b54d16527dc3d73a847 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 16:47:11 +0100 Subject: [PATCH 11/19] fix missing num_bit -> bit_nums --- proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index 82ae972d0..3bebeae5b 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -183,7 +183,7 @@ let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = let cast_bound_lemma #t #u (n: int_t t) - (d: bit_num t) + (d: num_bits t) : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) (ensures bounded (cast #(int_t t) #(int_t u) n) d) [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] From dcdaf1a6328353b10f908565bfe800aef2a61fa4 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 31 Jan 2024 17:25:10 +0100 Subject: [PATCH 12/19] update snapshots --- proofs/fstar/extraction-edited.patch | 214 +++++++++++------- .../Libcrux.Kem.Kyber.Arithmetic.fsti | 11 +- .../Libcrux.Kem.Kyber.Serialize.fst | 23 ++ .../Libcrux.Kem.Kyber.Serialize.fsti | 4 +- .../fstar/extraction-secret-independent.patch | 200 +++++++++------- 5 files changed, 285 insertions(+), 167 deletions(-) diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch index 9b1d7edfd..62d11c66f 100644 --- a/proofs/fstar/extraction-edited.patch +++ b/proofs/fstar/extraction-edited.patch @@ -1,5 +1,5 @@ diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst ---- extraction/Libcrux.Digest.fst 2024-01-31 11:04:44.192900512 +0100 +--- extraction/Libcrux.Digest.fst 2024-01-31 17:22:55.439848529 +0100 +++ extraction-edited/Libcrux.Digest.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,48 +0,0 @@ -module Libcrux.Digest @@ -51,8 +51,8 @@ diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst - then shake128x4_256_ v_LEN data0 data1 data2 data3 - else shake128x4_portable v_LEN data0 data1 data2 data3 diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti ---- extraction/Libcrux.Digest.fsti 2024-01-31 11:04:44.194900484 +0100 -+++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 11:04:44.268899445 +0100 +--- extraction/Libcrux.Digest.fsti 2024-01-31 17:22:55.427848779 +0100 ++++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 17:22:55.502847217 +0100 @@ -1,31 +1,41 @@ module Libcrux.Digest #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -124,7 +124,7 @@ diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti +val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst --- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.fst 2024-01-31 11:04:44.276899332 +0100 ++++ extraction-edited/Libcrux.Kem.fst 2024-01-31 17:22:55.489847488 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -133,8 +133,8 @@ diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.217900161 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.258899585 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.443848446 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.483847613 +0100 @@ -1,81 +1,356 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -532,8 +532,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux. + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.187900582 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.249899711 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.417848987 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.475847780 +0100 @@ -3,10 +3,32 @@ open Core open FStar.Mul @@ -567,7 +567,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux let t_FieldElementTimesMontgomeryR = i32 unfold -@@ -16,119 +38,213 @@ +@@ -16,119 +38,222 @@ let v_BARRETT_SHIFT: i64 = 26L @@ -596,6 +596,10 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux -val get_n_least_significant_bits (n: u8) (value: u32) - : Prims.Pure u32 - (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) ++let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = ++ if v m < 0 ++ then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS ++ else v m + +let to_spec_fe (m:i32) : Spec.Kyber.field_element = + int_to_spec_fe (v m) @@ -624,6 +628,9 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - let result:i32 = result in - result >. (Core.Ops.Arith.Neg.neg Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32) && - result <. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS) ++//let barrett_pre (value:i32) = ++// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R ++// Appears to work up to +/- 2^28, but not at +/- 2^29 -val montgomery_reduce (value: i32) - : Prims.Pure i32 @@ -634,10 +641,6 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - i32) && - value <=. (Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS *! v_MONTGOMERY_R <: i32)) -+//let barrett_pre (value:i32) = -+// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R -+// Appears to work up to +/- 2^28, but not at +/- 2^29 -+ +let barrett_post (value:i32) (result:i32) = + v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = + v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS @@ -768,6 +771,12 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux + assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); + p + ++let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial ++ = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in ++ introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS ++ with assert (Seq.index p i == Seq.index p (v (sz i))); ++ p ++ +let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = + to_spec_poly (derefine_poly_b m) + @@ -875,8 +884,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - bool)) diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst ---- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.202900371 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.254899641 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.422848883 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.465847988 +0100 @@ -1,39 +1,79 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -980,8 +989,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Ke + res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti ---- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.199900414 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.255899627 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.404849258 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.497847322 +0100 @@ -3,8 +3,19 @@ open Core open FStar.Mul @@ -1047,8 +1056,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.K + (requires fe =. 0l || fe =. 1l) + (fun result -> v result >= 0 /\ v result < 3329) diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti ---- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.208900287 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.279899290 +0100 +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.437848571 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.467847946 +0100 @@ -15,7 +15,8 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -1060,8 +1069,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux. let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.214900203 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.240899838 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.445848404 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.478847717 +0100 @@ -4,56 +4,163 @@ open FStar.Mul @@ -1247,8 +1256,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/L + ) +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.197900442 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.251899683 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.441848488 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.485847571 +0100 @@ -20,7 +20,8 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1280,8 +1289,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/ + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst ---- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.213900217 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.271899402 +0100 +--- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.405849237 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.470847884 +0100 @@ -1,12 +1,29 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1556,8 +1565,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti ---- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.220900119 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.238899866 +0100 +--- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.432848675 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.500847259 +0100 @@ -4,42 +4,81 @@ open FStar.Mul @@ -1662,8 +1671,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + (ensures (fun kp -> + (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.211900245 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.264899501 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.446848384 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.476847759 +0100 @@ -3,18 +3,27 @@ open Core open FStar.Mul @@ -1703,8 +1712,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libc + admit(); //P-F out diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.228900006 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.257899599 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.400849341 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.505847155 +0100 @@ -3,12 +3,24 @@ open Core open FStar.Mul @@ -1735,8 +1744,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Lib + (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.195900470 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.261899543 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.407849196 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.504847176 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2447,8 +2456,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem + res + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.227900021 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.277899318 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.450848300 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.492847426 +0100 @@ -1,80 +1,152 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2651,8 +2660,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Ke + + diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.225900048 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.242899810 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.434848633 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.460848092 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2705,8 +2714,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.K (sz 3168) (sz 1568) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 11:04:44.216900175 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 11:04:44.265899487 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 17:22:55.429848737 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 17:22:55.462848050 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ @@ -2752,8 +2761,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux. Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.189900554 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.234899922 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.398849383 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.482847634 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2806,8 +2815,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Ke (sz 1632) (sz 800) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 11:04:44.223900077 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 11:04:44.241899824 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 17:22:55.435848613 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 17:22:55.457848154 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ @@ -2853,8 +2862,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.K Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.183900638 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.235899908 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.402849300 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.480847675 +0100 @@ -3,37 +3,24 @@ open Core open FStar.Mul @@ -2908,8 +2917,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Ke (sz 2400) (sz 1184) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.219900133 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.237899880 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.425848821 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.468847925 +0100 @@ -63,32 +63,30 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ @@ -2964,8 +2973,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.K + (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) + diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst ---- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.206900315 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.245899768 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.412849091 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.509847072 +0100 @@ -3,192 +3,188 @@ open Core open FStar.Mul @@ -3756,8 +3765,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem. + admit(); //P-F v_A_transpose diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.190900540 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.259899571 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.418848967 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.491847446 +0100 @@ -3,39 +3,71 @@ open Core open FStar.Mul @@ -3860,8 +3869,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem + if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A + else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst ---- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.200900400 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.252899669 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.420848925 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.473847821 +0100 @@ -1,56 +1,130 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -4792,8 +4801,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyb + down_cast_poly_b #(8*3328) #3328 re +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.205900329 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.244899782 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.424848842 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.455848196 +0100 @@ -2,223 +2,80 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -5086,8 +5095,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Ky + (ensures fun _ -> True) + diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst ---- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.224900063 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.270899416 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.448848342 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.498847301 +0100 @@ -3,27 +3,34 @@ open Core open FStar.Mul @@ -5500,8 +5509,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Ke + out +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.182900652 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.267899459 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.415849029 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.507847113 +0100 @@ -3,77 +3,37 @@ open Core open FStar.Mul @@ -5602,8 +5611,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.K +// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.221900105 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.233899936 +0100 +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.430848717 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.463848030 +0100 @@ -1,8 +1,13 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -5760,7 +5769,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K +let cast_bound_lemma + #t #u + (n: int_t t) -+ (d: bit_num t) ++ (d: num_bits t) + : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) + (ensures bounded (cast #(int_t t) #(int_t u) n) d) + [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] @@ -6916,7 +6925,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1244,34 +1313,28 @@ +@@ -1244,34 +1313,43 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 2 *! i <: usize) +! sz 1 <: usize) @@ -6931,8 +6940,23 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K in re +#pop-options ++ ++module A = Libcrux.Kem.Kyber.Arithmetic -let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = ++let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) ++ : Lemma ++ (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) ++ (ensures p1 == p2) ++ = admit () ++ ++let eq_rw #len (re_poly: t_Array nat len) ++ : Lemma ( ++ ++ bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) ++ ) ++ = admit () ++ +#push-options "--z3rlimit 100" +let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in @@ -6961,7 +6985,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) in -@@ -1281,6 +1344,8 @@ +@@ -1281,6 +1359,8 @@ let coef1, coef2, coef3:(u8 & u8 & u8) = compress_coefficients_3_ coefficient1 coefficient2 in @@ -6970,15 +6994,24 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 3 *! i <: usize) -@@ -1299,3 +1364,4 @@ +@@ -1298,4 +1378,13 @@ + in serialized) in ++ // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); ++ // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); ++ let re_poly = A.wf_poly_to_spec_poly re in ++ assert ( ++ bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) ++ == Spec.Kyber.byte_encode 12 re_poly ++ ); ++ admit (); serialized +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.185900610 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.248899725 +0100 -@@ -2,118 +2,193 @@ +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.410849133 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.494847384 +0100 +@@ -2,118 +2,195 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -6987,11 +7020,11 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux. +let int_arr_bitwise_eq + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) -+ (d1: bit_num t1) ++ (d1: num_bits t1) + (arr2: t_Array (x: int_t t2) n2) -+ (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) ++ (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = forall i. i < v n1 * d1 -+ ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i ++ ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) @@ -7235,13 +7268,15 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux. + (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) + (ensures fun _ -> True) + ++module A = Libcrux.Kem.Kyber.Arithmetic ++ +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + : Pure (t_Array u8 (sz 384)) + (requires True) -+ (ensures (fun res -> True)) ++ (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst ---- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.203900357 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.246899754 +0100 +--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.414849050 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.487847530 +0100 @@ -3,31 +3,33 @@ open Core open FStar.Mul @@ -7512,8 +7547,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.K + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti ---- extraction/Libcrux_platform.fsti 2024-01-31 11:04:44.210900259 +0100 -+++ extraction-edited/Libcrux_platform.fsti 2024-01-31 11:04:44.274899360 +0100 +--- extraction/Libcrux_platform.fsti 2024-01-31 17:22:55.409849154 +0100 ++++ extraction-edited/Libcrux_platform.fsti 2024-01-31 17:22:55.472847842 +0100 @@ -1,20 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -7538,7 +7573,7 @@ diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fs +val simd256_support: bool diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst --- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/MkSeq.fst 2024-01-31 11:04:44.263899515 +0100 ++++ extraction-edited/MkSeq.fst 2024-01-31 17:22:55.459848113 +0100 @@ -0,0 +1,91 @@ +module MkSeq +open Core @@ -7633,8 +7668,8 @@ diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst --- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Spec.Kyber.fst 2024-01-31 11:04:44.273899375 +0100 -@@ -0,0 +1,426 @@ ++++ extraction-edited/Spec.Kyber.fst 2024-01-31 17:22:55.495847363 +0100 +@@ -0,0 +1,433 @@ +module Spec.Kyber +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core @@ -7804,21 +7839,28 @@ diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst +let compress_d (d: dT {d <> 12}) (x: field_element): field_element + = (pow2 d * x + 1664) / v v_FIELD_MODULUS + -+assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit)) ++let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) + : Pure (t_Array u8 bytes) + (requires True) -+ (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i)) ++ (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) ++ = bit_vec_to_int_t_array 8 bv + -+assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) -+ : Pure (i:nat {i < v bytes * 8} -> bit) ++let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) ++ : Pure (i: bit_vec (v bytes * 8)) + (requires True) -+ (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) ++ (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) ++ = bit_vec_of_int_t_array r 8 + +let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) -+ = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) ++ = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d) + +let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial -+ = admit () ++ = let bv = bit_vec_of_int_t_array coefficients 8 in ++ let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in ++ let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in ++ introduce forall i. Seq.index p i < v v_FIELD_MODULUS ++ with assert (Seq.index p i == Seq.index p (v (sz i))); ++ p + +let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) + = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti index 7f1530907..d31a6f31a 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti @@ -57,6 +57,10 @@ let int_to_spec_fe (m:int) : Spec.Kyber.field_element = m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS else m_v +let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = + if v m < 0 + then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS + else v m let to_spec_fe (m:i32) : Spec.Kyber.field_element = int_to_spec_fe (v m) @@ -74,7 +78,6 @@ val get_n_least_significant_bits (n: u8 {v n > 0 /\ v n < 32}) (value: u32) let result:u32 = result in v result = v value % pow2 (v n)) - //let barrett_pre (value:i32) = // v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R // Appears to work up to +/- 2^28, but not at +/- 2^29 @@ -190,6 +193,12 @@ let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); p +let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial + = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in + introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS + with assert (Seq.index p i == Seq.index p (v (sz i))); + p + let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = to_spec_poly (derefine_poly_b m) diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index 3bebeae5b..24d5006fd 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -1323,6 +1323,21 @@ let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = re #pop-options +module A = Libcrux.Kem.Kyber.Arithmetic + +let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) + : Lemma + (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) + (ensures p1 == p2) + = admit () + +let eq_rw #len (re_poly: t_Array nat len) + : Lemma ( + + bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) + ) + = admit () + #push-options "--z3rlimit 100" let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in @@ -1363,5 +1378,13 @@ let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPoly in serialized) in + // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); + // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); + let re_poly = A.wf_poly_to_spec_poly re in + assert ( + bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) + == Spec.Kyber.byte_encode 12 re_poly + ); + admit (); serialized #pop-options diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti index df3b6b7ee..91eceeaa3 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti @@ -188,7 +188,9 @@ val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) (ensures fun _ -> True) +module A = Libcrux.Kem.Kyber.Arithmetic + val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) : Pure (t_Array u8 (sz 384)) (requires True) - (ensures (fun res -> True)) + (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch index 63516f37c..cf6406004 100644 --- a/proofs/fstar/extraction-secret-independent.patch +++ b/proofs/fstar/extraction-secret-independent.patch @@ -1,6 +1,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.258899585 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 11:04:44.299899009 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.483847613 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.560846010 +0100 @@ -1,356 +1,81 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -397,8 +397,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-i - - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.249899711 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 11:04:44.305898925 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.475847780 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.551846197 +0100 @@ -3,32 +3,10 @@ open Core open FStar.Mul @@ -432,7 +432,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- let t_FieldElementTimesMontgomeryR = i32 unfold -@@ -36,215 +14,122 @@ +@@ -36,224 +14,122 @@ let v_BARRETT_MULTIPLIER: i64 = 20159L @@ -461,6 +461,10 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- - m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - else m_v - +-let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = +- if v m < 0 +- then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +- else v m - -let to_spec_fe (m:i32) : Spec.Kyber.field_element = - int_to_spec_fe (v m) @@ -481,12 +485,11 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- let result:u32 = result in - v result = v value % pow2 (v n)) - -+ v result < v (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32)) - -//let barrett_pre (value:i32) = -// v value <= v v_BARRETT_R /\ v value >= - v v_BARRETT_R -// Appears to work up to +/- 2^28, but not at +/- 2^29 -- ++ v result < v (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into n <: u32) <: u32)) + -let barrett_post (value:i32) (result:i32) = - v result % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS = - v value % v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS @@ -635,6 +638,12 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- - assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); - p - +-let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial +- = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in +- introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS +- with assert (Seq.index p i == Seq.index p (v (sz i))); +- p +- -let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = - to_spec_poly (derefine_poly_b m) - @@ -746,8 +755,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.254899641 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 11:04:44.304898939 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.465847988 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.538846468 +0100 @@ -1,79 +1,39 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" @@ -852,8 +861,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-ind + (Core.Ops.Arith.Neg.neg fe <: i32) &. + ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.255899627 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 11:04:44.288899164 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.497847322 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.561845989 +0100 @@ -3,42 +3,44 @@ open Core open FStar.Mul @@ -925,8 +934,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-in - (fun result -> v result >= 0 /\ v result < 3329) + : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.279899290 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 11:04:44.286899192 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.467847946 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.546846301 +0100 @@ -15,8 +15,7 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -938,8 +947,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-i let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.240899838 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 11:04:44.283899234 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.478847717 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.520846843 +0100 @@ -4,163 +4,61 @@ open FStar.Mul @@ -1128,8 +1137,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-s -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.251899683 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 11:04:44.316898770 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.485847571 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.554846135 +0100 @@ -20,26 +20,30 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1173,7 +1182,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction- + result = rhs <: bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst --- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 11:04:44.327898616 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 17:22:55.517846905 +0100 @@ -0,0 +1,87 @@ +module Libcrux.Kem.Kyber.Conversions +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1264,8 +1273,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret- + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ Pas de fin de ligne à la fin du fichier diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst ---- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.271899402 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 11:04:44.322898686 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.470847884 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.535846530 +0100 @@ -1,29 +1,12 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -1509,8 +1518,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) - diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti ---- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.238899866 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 11:04:44.318898742 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.500847259 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.544846343 +0100 @@ -10,75 +10,31 @@ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -1600,8 +1609,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.264899501 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 11:04:44.298899023 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.476847759 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.543846364 +0100 @@ -3,27 +3,18 @@ open Core open FStar.Mul @@ -1650,8 +1659,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secr - admit(); //P-F out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.257899599 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 11:04:44.313898813 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.505847155 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.519846863 +0100 @@ -3,24 +3,12 @@ open Core open FStar.Mul @@ -1683,7 +1692,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-sec + : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst --- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 11:04:44.323898672 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 17:22:55.552846176 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem.Kyber.Helper +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1692,8 +1701,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-indep + + diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.261899543 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 11:04:44.291899122 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.504847176 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.548846259 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2404,8 +2413,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-inde - res - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.277899318 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 11:04:44.325898644 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.492847426 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.515846947 +0100 @@ -1,152 +1,80 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2608,8 +2617,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-ind + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.242899810 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 11:04:44.310898855 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.460848092 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.525846739 +0100 @@ -3,23 +3,22 @@ open Core open FStar.Mul @@ -2643,8 +2652,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-in (sz 3168) (sz 1568) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.234899922 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 11:04:44.292899108 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.482847634 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.564845926 +0100 @@ -5,21 +5,20 @@ let decapsulate_512_ @@ -2675,8 +2684,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-ind (sz 1632) (sz 800) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.235899908 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 11:04:44.295899065 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.480847675 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.558846051 +0100 @@ -3,24 +3,22 @@ open Core open FStar.Mul @@ -2710,8 +2719,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-ind (sz 2400) (sz 1184) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.237899880 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 11:04:44.306898911 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.468847925 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.530846634 +0100 @@ -74,19 +74,16 @@ val decapsulate_768_ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) @@ -2740,8 +2749,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.245899768 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 11:04:44.329898588 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.509847072 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.533846572 +0100 @@ -3,418 +3,432 @@ open Core open FStar.Mul @@ -3550,8 +3559,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-indep - admit(); //P-F v_A_transpose diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.259899571 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 11:04:44.302898967 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.491847446 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.555846114 +0100 @@ -3,71 +3,39 @@ open Core open FStar.Mul @@ -3654,8 +3663,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-inde + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.252899669 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 11:04:44.285899206 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.473847821 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.541846405 +0100 @@ -1,130 +1,56 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -4586,8 +4595,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independ -#pop-options + re diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.244899782 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 11:04:44.319898728 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.455848196 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.563845947 +0100 @@ -2,80 +2,224 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -4881,8 +4890,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-indepen + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.270899416 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 11:04:44.326898630 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.498847301 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.514846968 +0100 @@ -3,34 +3,27 @@ open Core open FStar.Mul @@ -5319,8 +5328,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-ind -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.267899459 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 11:04:44.301898981 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.507847113 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.549846239 +0100 @@ -3,37 +3,77 @@ open Core open FStar.Mul @@ -5421,8 +5430,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.233899936 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 11:04:44.309898869 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.463848030 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.532846593 +0100 @@ -1,13 +1,8 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" @@ -5577,7 +5586,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in -let cast_bound_lemma - #t #u - (n: int_t t) -- (d: bit_num t) +- (d: num_bits t) - : Lemma (requires bounded n d /\ d <= bits u /\ unsigned u /\ v n >= 0) - (ensures bounded (cast #(int_t t) #(int_t u) n) d) - [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] @@ -6742,7 +6751,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1313,28 +1244,34 @@ +@@ -1313,43 +1244,34 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 2 *! i <: usize) +! sz 1 <: usize) @@ -6757,7 +6766,22 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in in re -#pop-options +- +-module A = Libcrux.Kem.Kyber.Arithmetic +-let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) +- : Lemma +- (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) +- (ensures p1 == p2) +- = admit () +- +-let eq_rw #len (re_poly: t_Array nat len) +- : Lemma ( +- +- bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) +- ) +- = admit () +- -#push-options "--z3rlimit 100" -let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = +let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = @@ -6787,7 +6811,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) in -@@ -1344,8 +1281,6 @@ +@@ -1359,8 +1281,6 @@ let coef1, coef2, coef3:(u8 & u8 & u8) = compress_coefficients_3_ coefficient1 coefficient2 in @@ -6796,15 +6820,24 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 3 *! i <: usize) -@@ -1364,4 +1299,3 @@ +@@ -1378,13 +1298,4 @@ + in serialized) in +- // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); +- // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); +- let re_poly = A.wf_poly_to_spec_poly re in +- assert ( +- bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) +- == Spec.Kyber.byte_encode 12 re_poly +- ); +- admit (); serialized -#pop-options diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.248899725 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 11:04:44.308898883 +0100 -@@ -2,193 +2,118 @@ +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.494847384 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.522846801 +0100 +@@ -2,195 +2,118 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -6813,11 +6846,11 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i -let int_arr_bitwise_eq - #t1 #t2 #n1 #n2 - (arr1: t_Array (int_t t1) n1) -- (d1: bit_num t1) +- (d1: num_bits t1) - (arr2: t_Array (x: int_t t2) n2) -- (d2: bit_num t2 {v n1 * d1 == v n2 * d2}) +- (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) - = forall i. i < v n1 * d1 -- ==> bit_vec_of_int_arr arr1 d1 i == bit_vec_of_int_arr arr2 d2 i +- ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i val compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) @@ -7055,10 +7088,12 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i - (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) - (ensures fun _ -> True) - +-module A = Libcrux.Kem.Kyber.Arithmetic +- -val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - : Pure (t_Array u8 (sz 384)) - (requires True) -- (ensures (fun res -> True)) +- (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) @@ -7066,8 +7101,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst ---- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.246899754 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 11:04:44.293899094 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.487847530 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.527846697 +0100 @@ -3,8 +3,6 @@ open Core open FStar.Mul @@ -7114,8 +7149,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-indepe type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti ---- extraction-edited/Libcrux_platform.fsti 2024-01-31 11:04:44.274899360 +0100 -+++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 11:04:44.320898714 +0100 +--- extraction-edited/Libcrux_platform.fsti 2024-01-31 17:22:55.472847842 +0100 ++++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 17:22:55.536846509 +0100 @@ -1,4 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -7123,7 +7158,7 @@ diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/ -val simd256_support: bool +val simd256_support : unit -> bool diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst ---- extraction-edited/MkSeq.fst 2024-01-31 11:04:44.263899515 +0100 +--- extraction-edited/MkSeq.fst 2024-01-31 17:22:55.459848113 +0100 +++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module MkSeq @@ -7218,9 +7253,9 @@ diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst - -%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst ---- extraction-edited/Spec.Kyber.fst 2024-01-31 11:04:44.273899375 +0100 +--- extraction-edited/Spec.Kyber.fst 2024-01-31 17:22:55.495847363 +0100 +++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -@@ -1,426 +0,0 @@ +@@ -1,433 +0,0 @@ -module Spec.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core @@ -7390,21 +7425,28 @@ diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Ky -let compress_d (d: dT {d <> 12}) (x: field_element): field_element - = (pow2 d * x + 1664) / v v_FIELD_MODULUS - --assume val bits_to_bytes (#bytes: usize) (f: (i:nat {i < v bytes * 8} -> bit)) +-let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) - : Pure (t_Array u8 bytes) - (requires True) -- (ensures fun r -> (forall i. bit_vec_of_int_arr r 8 i == f i)) +- (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) +- = bit_vec_to_int_t_array 8 bv - --assume val bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) -- : Pure (i:nat {i < v bytes * 8} -> bit) +-let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) +- : Pure (i: bit_vec (v bytes * 8)) - (requires True) -- (ensures fun f -> (forall i. bit_vec_of_int_arr r 8 i == f i)) +- (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) +- = bit_vec_of_int_t_array r 8 - -let byte_encode (d: dT) (coefficients: polynomial): t_Array u8 (sz (32 * d)) -- = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_arr coefficients d) +- = bits_to_bytes #(sz (32 * d)) (bit_vec_of_nat_array coefficients d) - -let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial -- = admit () +- = let bv = bit_vec_of_int_t_array coefficients 8 in +- let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d bv in +- let p = map' (fun (x: nat) -> x % v v_FIELD_MODULUS <: nat) arr in +- introduce forall i. Seq.index p i < v v_FIELD_MODULUS +- with assert (Seq.index p i == Seq.index p (v (sz i))); +- p - -let vector_encode_12 (#p:params) (v: vector p): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) - = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map' (byte_encode 12) v in From 38aea7d2620a854cf9876b12c174e96c4de0ebd2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 1 Feb 2024 07:57:08 +0100 Subject: [PATCH 13/19] hints --- .../.hints/Core.Array.fst.hints | 4 +- .../.hints/Core.Convert.fst.hints | 8 +- .../Core.Iter.Adapters.Enumerate.fst.hints | 2 +- .../Core.Iter.Adapters.Step_by.fst.hints | 2 +- .../.hints/Core.Iter.Traits.Collect.fst.hints | 2 +- .../Core.Iter.Traits.Iterator.fst.hints | 2 +- .../.hints/Core.Iter.fsti.hints | 4 +- .../.hints/Core.Num.fsti.hints | 34 +- .../.hints/Core.Ops.Range.fsti.hints | 32 +- .../.hints/Core.Ops.fst.hints | 2 +- .../.hints/Core.Panicking.fst.hints | 4 +- .../.hints/Core.Slice.fsti.hints | 8 +- .../.hints/Libcrux.Digest.fsti.hints | 6 +- .../Libcrux.Kem.Kyber.Arithmetic.fst.hints | 2587 ++++----------- .../Libcrux.Kem.Kyber.Arithmetic.fsti.hints | 242 +- .../Libcrux.Kem.Kyber.Compress.fst.hints | 92 +- .../Libcrux.Kem.Kyber.Compress.fsti.hints | 4 +- ...crux.Kem.Kyber.Constant_time_ops.fst.hints | 10 +- ...rux.Kem.Kyber.Constant_time_ops.fsti.hints | 4 +- .../Libcrux.Kem.Kyber.Constants.fsti.hints | 14 +- ...Libcrux.Kem.Kyber.Hash_functions.fst.hints | 80 +- ...ibcrux.Kem.Kyber.Hash_functions.fsti.hints | 6 +- .../Libcrux.Kem.Kyber.Ind_cpa.fst.hints | 523 +++- .../Libcrux.Kem.Kyber.Ind_cpa.fsti.hints | 24 +- .../Libcrux.Kem.Kyber.Kyber1024.fst.hints | 268 +- .../Libcrux.Kem.Kyber.Kyber1024.fsti.hints | 46 +- .../Libcrux.Kem.Kyber.Kyber512.fst.hints | 276 +- .../Libcrux.Kem.Kyber.Kyber512.fsti.hints | 46 +- .../Libcrux.Kem.Kyber.Kyber768.fst.hints | 271 +- .../Libcrux.Kem.Kyber.Kyber768.fsti.hints | 46 +- .../.hints/Libcrux.Kem.Kyber.Matrix.fst.hints | 97 +- .../Libcrux.Kem.Kyber.Matrix.fsti.hints | 10 +- .../.hints/Libcrux.Kem.Kyber.Ntt.fst.hints | 839 ++++- .../.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints | 12 +- .../Libcrux.Kem.Kyber.Sampling.fst.hints | 2768 +---------------- .../Libcrux.Kem.Kyber.Sampling.fsti.hints | 8 +- .../Libcrux.Kem.Kyber.Serialize.fsti.hints | 32 +- .../.hints/Libcrux.Kem.Kyber.Types.fst.hints | 22 +- .../.hints/Libcrux.Kem.Kyber.fst.hints | 293 +- .../.hints/Libcrux.Kem.Kyber.fsti.hints | 10 +- .../extraction-edited/.hints/MkSeq.fst.hints | 56 +- .../.hints/Rust_primitives.Arrays.fsti.hints | 300 +- .../Rust_primitives.BitVectors.fsti.hints | 81 +- ...ves.Hax.Monomorphized_update_at.fsti.hints | 12 +- .../.hints/Rust_primitives.Hax.fst.hints | 12 +- .../Rust_primitives.Iterators.fsti.hints | 8 +- .../.hints/Rust_primitives.fst.hints | 34 +- .../.hints/Spec.Kyber.fst.hints | 222 +- 48 files changed, 3863 insertions(+), 5602 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints index 5ff523dac..923ea98ba 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Array.fst.hints @@ -1,5 +1,5 @@ [ - "\u000f\\\u0006$\u000b5\"0M)", + "!\u000fh?UKC&G", [ [ "Core.Array.impl_23__as_slice", @@ -20,7 +20,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "6f4ce370b8866e98540496030b9ea2bc" + "85561bc0b31937bb58fa81295e630a5e" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints index b6631fc27..52a29fb01 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Convert.fst.hints @@ -1,5 +1,5 @@ [ - "h\u0013J\u0019[ל", + "T>\u0016\u0004.~eo", [ [ "Core.Convert.impl_6", @@ -40,7 +40,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f1bc017bd20d2ef7663ed3a86cfa560d" + "776c403496c6101a5e549bedcdf06d68" ], [ "Core.Convert.impl_6_refined", @@ -71,7 +71,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3f9a9ed660e48fd52e177d202c0ea8b2" + "4ee3850617bf742063814d94c541060a" ], [ "Core.Convert.integer_into", @@ -93,7 +93,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "8fe5bd2209d844468d8621aba258ab14" + "2f85519fe3abcc75daa2e1b30615daba" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints index 99bdfbd8b..8f43c879a 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Enumerate.fst.hints @@ -23,7 +23,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "cbed40f98cd777329f1b2316fb374fde" + "3ecc0dd1b3858521a9105734362b2361" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints index 6ffb9f11c..1d5f30fe6 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Adapters.Step_by.fst.hints @@ -23,7 +23,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "540a3ab535433f04a217511a2ee1d003" + "792cc060a645ed5b1a7f4c64adcdb56b" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints index 4bb791ad9..24b7cf23a 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Collect.fst.hints @@ -1 +1 @@ -[ "_xqlVD\"Z4xi", [] ] \ No newline at end of file +[ "t\f\t\u001fapH\u001a", [] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints index 7ce4e2cdb..8a928bef7 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.Traits.Iterator.fst.hints @@ -1 +1 @@ -[ "Z\u0007+->\u000b7l؇", [] ] \ No newline at end of file +[ "עZ6DŽ\u0010#Y\u001d", [] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints index fe716f04f..59d60ee5c 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Iter.fsti.hints @@ -43,7 +43,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ec19e6631c38e3182d7c50839db89cf8" + "3a3c9afc9b5e4c1cb03540e357d97eff" ], [ "Core.Iter.iterator_array_contains", @@ -64,7 +64,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "f5117c85c72962bb0a58ab19c428ab57" + "2d9eb0ecbf9d4cf085c95dbb41ddd32d" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints index 5f96d1c79..7223e8fc0 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Num.fsti.hints @@ -1,5 +1,5 @@ [ - "KWRBF>|]\fSu", + "_/ґї2'", [ [ "Core.Num.impl__i32__abs", @@ -8,7 +8,7 @@ 1, [ "@query", "equation_Rust_primitives.Integers.i32_inttype" ], 0, - "9630ee37c31ef00ab4ef862b3a82f753" + "312c6ec65c8a63c762b9d3448cc5c92b" ], [ "Core.Num.impl__u32__from_le_bytes", @@ -47,7 +47,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "92790a027199601eac121ca1d8f73f11" + "5746f48c356c86b82e8cd96f98edb188" ], [ "Core.Num.impl__u32__from_be_bytes", @@ -86,7 +86,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "773cfcb5736810e096ed9e306e0fbeca" + "e5364e57dad18e8325c7a26e113c09c5" ], [ "Core.Num.impl__u32__to_le_bytes", @@ -125,7 +125,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c84b6c59e1c5d821d204cc5c21fa4225" + "12454d00d84c02302ace7c6291e3f8d7" ], [ "Core.Num.impl__u32__to_be_bytes", @@ -164,7 +164,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "511b8f6ff9d3e6589982c466baf5be68" + "1c80570e2bb5a5a5ec00e682a53c0eb8" ], [ "Core.Num.impl__u64__from_le_bytes", @@ -203,7 +203,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "712bfc0a8968173e028e4bfdac7bd10b" + "022eff849b907bdee54aaf903771d626" ], [ "Core.Num.impl__u64__from_be_bytes", @@ -242,7 +242,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "6ee430cca71e4000ec55161d2cc92268" + "1c2ee314345badaa4b0a9f37603f4992" ], [ "Core.Num.impl__u64__to_le_bytes", @@ -281,7 +281,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b664f1d907ee9a3da2c12bd033d87e40" + "16985d5260eded8284e8cfb6d8cc327f" ], [ "Core.Num.impl__u64__to_be_bytes", @@ -320,7 +320,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "e58595728c8c2eb19cb37488c1dab3fb" + "f63c69cca1ddc958827bf63ffb4a1865" ], [ "Core.Num.impl__u128__from_le_bytes", @@ -359,7 +359,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d906bd8158e664764046b75644747e0f" + "89745637cff927916d62016d7992dfc0" ], [ "Core.Num.impl__u128__from_be_bytes", @@ -398,7 +398,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2a72008d06176dd0c18e8ff9f9aab93b" + "5c5f5e0de34e79f78a9cf3c3921ed4d7" ], [ "Core.Num.impl__u128__to_le_bytes", @@ -437,7 +437,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f221d00f0f8273404150142d023d23a7" + "d87c0017b522e60736ce6287c02b6525" ], [ "Core.Num.impl__u128__to_be_bytes", @@ -476,7 +476,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f3a53fc4fd0707de5776f57375914a00" + "90206980db06463ddfb8d2cdeb137621" ], [ "Core.Num.impl__u16__pow", @@ -530,7 +530,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "ad786856041d609067afa3239a85cdb6" + "844a8a52362dd37b11ef806fd449c26f" ], [ "Core.Num.impl__u32__pow", @@ -579,7 +579,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "541e02295b185f69213b941b8bc2dff5" + "3cbeeb9b9eef20abb1a42bc3814145dc" ], [ "Core.Num.impl__i32__pow", @@ -632,7 +632,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "3e92424cad7be60da6b35e7c91fdac0c" + "b92feb66af9dbbca634f3428a03dfce8" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints index 8c23034c1..b28a285c9 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Ops.Range.fsti.hints @@ -1,5 +1,5 @@ [ - "%\u0013\u000e\u0001*'[\u001bQ", + "\u0003RjP'{b\u0003\t\u0000\u000fU", [ [ "Core.Ops.Range.t_RangeTo", @@ -8,7 +8,7 @@ 1, [ "@query" ], 0, - "599978869034aed653ac2dc914c48182" + "5398350df56eb89c20a8ba53b10573fa" ], [ "Core.Ops.Range.t_RangeFrom", @@ -17,7 +17,7 @@ 1, [ "@query" ], 0, - "dcc7765e25f537b833808d4de52f944b" + "437362cec397474f5b8925b3245783f2" ], [ "Core.Ops.Range.t_Range", @@ -26,7 +26,7 @@ 1, [ "@query" ], 0, - "f61b2ca1bb24ff07bb1d24b7be03286c" + "23b6132c3f6e53c1bc895ac90049e232" ], [ "Core.Ops.Range.fold_range'", @@ -113,7 +113,7 @@ "well-founded-ordering-on-nat" ], 0, - "066b242a5310c3a14051e9dad032ff94" + "de7afb4742bd05ac1a2150ce9b2f66ff" ], [ "Core.Ops.Range.iterator_range", @@ -146,7 +146,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "f338800437571d0ece3361b2341125f8" + "70cffc878822fef0980e4605f5616d5a" ], [ "Core.Ops.Range.impl_index_range_slice", @@ -195,7 +195,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "9ff2acb15337e75cd275920883614933" + "3de7ca01540ee1194c44d8fa7d0cc728" ], [ "Core.Ops.Range.impl_index_range_to_slice", @@ -243,7 +243,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "b7467fd36ca30cd49913262cef19b78d" + "b24cda752d36c7df291a1050fec62b4a" ], [ "Core.Ops.Range.impl_index_range_from_slice", @@ -285,7 +285,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "1615a0726f007fb31a609c39c15bcf48" + "ce04978f6a0585224764eba2b493f2b2" ], [ "Core.Ops.Range.impl_range_index_array", @@ -306,7 +306,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "90ae7248866f152fb1ac9e979f2da4ff" + "3692684509378c8ea71a01470c75b15b" ], [ "Core.Ops.Range.impl_range_to_index_array", @@ -327,7 +327,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "b17cc5ec7b7b8ce2c00704057bd360fa" + "66d32ff6feda8c597d7d4116e9f346a2" ], [ "Core.Ops.Range.impl_range_from_index_array", @@ -348,7 +348,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "b567d71cc1fb2608bbb605e723b88983" + "5fb6376bf677c4b640d4709d955f92d0" ], [ "Core.Ops.Range.impl_range_full_index_array", @@ -369,7 +369,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "0e9975537c15d7955c0958aa5fb7f0ca" + "230722d2ec5e7889c8f2285ce4bfe03c" ], [ "Core.Ops.Range.update_at_tc_array_range", @@ -386,7 +386,7 @@ "token_correspondence_Core.Ops.Index.in_range" ], 0, - "50ce3c5981834330293ab0a311b0ba9e" + "e6d465c3c1745148c6f9478bd5ea1196" ], [ "Core.Ops.Range.update_at_tc_array_range_to", @@ -403,7 +403,7 @@ "token_correspondence_Core.Ops.Index.in_range" ], 0, - "82fe0fdd6bc4b760d56edf1d6432dd25" + "63e37c8f5397769c870b7fe556d27916" ], [ "Core.Ops.Range.update_at_tc_array_range_from", @@ -420,7 +420,7 @@ "token_correspondence_Core.Ops.Index.in_range" ], 0, - "01b1538ef1368989f0f8ebfbe5421ba7" + "6b197c3ba1b712eb23e9d66f798cd017" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints index e49870803..ba15328c5 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Ops.fst.hints @@ -15,7 +15,7 @@ "token_correspondence_Core.Ops.Index.in_range" ], 0, - "9a4f699813f6a21267cbaedf31fae292" + "2696b555db278ac0471d721e1d1e7fcd" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints b/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints index 99b32211d..417b64e17 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Panicking.fst.hints @@ -11,7 +11,7 @@ "refinement_interpretation_Tm_refine_f1ecc6ab6882a651504f328937700647" ], 0, - "82ab84f30432fd12cf60facccfcb3574" + "b287358079d8631514c604e1d2ba8f28" ], [ "Core.Panicking.assert_failed", @@ -23,7 +23,7 @@ "refinement_interpretation_Tm_refine_f1ecc6ab6882a651504f328937700647" ], 0, - "84764ee4448f964544c5999fe8579618" + "8d32a257d54ea6209af4fa4daed14c75" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints b/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints index 55410d9c0..ff2de0784 100644 --- a/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Core.Slice.fsti.hints @@ -1,5 +1,5 @@ [ - "\u0014M\f\u00056'\u00020\"P\u0014", + "l@¨@@&!I", [ [ "Core.Slice.impl__len", @@ -24,7 +24,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bba75b6d0d64d3b38abd48d9af5bf9a4" + "9e31505b57f7db6c4aff9cd33bbf8667" ], [ "Core.Slice.impl__index", @@ -60,7 +60,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "64d9878bf893ddf00144af6a2248b8b9" + "9c3c18cc383c8c95b08b0f624139e938" ], [ "Core.Slice.impl__split_at", @@ -91,7 +91,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "0f1a477b7dffbe0ab287f10890259f7f" + "31e2491be711c431d115e16b22889e8c" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints index 774c480bf..4afbbc8ae 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Digest.fsti.hints @@ -52,7 +52,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2367eb1397787998f7d4631faa0eb327" + "5da8d161accf15cf2ef8015bc7f927a8" ], [ "Libcrux.Digest.sha3_256_", @@ -90,7 +90,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "439108f73e08dab063aa1f0d33b2e54f" + "264bf2615fbf776da2fae750ea6b4d8c" ], [ "Libcrux.Digest.sha3_512_", @@ -128,7 +128,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0c5e35b2b0d2d2da0c258e520b9ed810" + "289a981c77fa6504f972fc7e59a9d2ad" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints index 1af8ce4bc..56d50b987 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints @@ -24,7 +24,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "56a2ca7e203811d8d859be0a084c2796" + "85be0a6251a7c79f8f46c30cccc98f8c" ], [ "Libcrux.Kem.Kyber.Arithmetic.lemma_mul_i32_range", @@ -88,7 +88,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "565521c8ceccbcec79baeb49dcb75ab8" + "9c34ccd2426244de45403fb21951573f" ], [ "Libcrux.Kem.Kyber.Arithmetic.lemma_add_i32_range", @@ -128,7 +128,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4fe6feb29bc7cd6d88d1b52ec748b127" + "9bd607b28d1ceeba549c6a5577d38ec6" ], [ "Libcrux.Kem.Kyber.Arithmetic.mul_i32_b", @@ -162,7 +162,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ec39d9b89261bcb683aed81d89b3e10f" + "9f2313bad42c63d876bd0181ed6241ba" ], [ "Libcrux.Kem.Kyber.Arithmetic.mul_i32_b", @@ -200,7 +200,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "16d9748f01ad466e56b614a858f34e13" + "7c73c486db50615ef0b3c8fd632f42f5" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_i32_b", @@ -214,7 +214,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "6c578730c6aed3ec2ca61de6a57dcd8a" + "c1677ca87756e94704adce27931090e7" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_i32_b", @@ -252,7 +252,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1f106e6d5c3689ce827beaa8fc69cfb9" + "def12a88748d0ee3b1b1568bdc8fdec0" ], [ "Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", @@ -266,7 +266,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "6374137dd3a1561c83c1e19595cebc33" + "22f0918de6554de78d918567972cfcf3" ], [ "Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", @@ -307,7 +307,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b11bfb41326e1ed6b68048ea463e64ab" + "cee15ba68a8f8231db35a7ce2e19b649" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_i32_b", @@ -323,7 +323,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "c1f5629cb8080184498ded2b46b9f168" + "c118627868bd2245c1d9b772b912646d" ], [ "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", @@ -335,77 +335,29 @@ "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" ], 0, - "cfba8c72591de666d7187ab8922e0628" + "d9ba5b2da8e172010c9a24289cd78b16" ], [ "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 3, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_6b63944b159c15af90180cc02421aeb2" - ], - 0, - "71dbc2c446bd30fcdc16099af8741d44" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 4, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", - "equation_Rust_primitives.Integers.bits", - "refinement_interpretation_Tm_refine_6b63944b159c15af90180cc02421aeb2" - ], - 0, - "acfb03d4275a0d4e199c530575119e85" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 5, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "f1c2395fd3b62f9a0cdf036fab5de373" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 6, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_GreaterThan", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "ac67d1c5d398c47bf388a6f9e87164c3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 7, + 2, 0, 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U1", - "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.unsigned", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", + "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", @@ -413,1436 +365,32 @@ "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_right", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values", - "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", - "lemma_Lib.IntTypes.pow2_4", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f5200f9f73e8a5e8a8aa0040048ad01d", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Rust_primitives.Integers.minint", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "5004d023eabb9964f9dfbcd4e2157e42" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 8, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "fb3e7478e16c6648284c9c7227abd439" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 9, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Prims.nat", "int_inversion", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" - ], - 0, - "8f65bad42836e8b29f4f786029bd8dd5" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 10, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "851f67e20afe63bf8a6d8aaeb81e3eaf" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 11, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "5a2b2b44ba1af16bc00d86c90b250726" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 12, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "8cabb86840c58f9a9a1eff51e8c383f0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 13, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "4b57788208d18a3e27277b6d89526a12" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 14, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "9483a3e477a0fb68341697fd3e63418c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 15, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "3534f0a8bd3fbb3270c843fc5aa7c469" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 16, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Prims.nat", "int_inversion", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" - ], - 0, - "72cc555e046b6f06ef3f4ffc3428f70c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 17, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "b2d2b1de2eb1c209f31bb45196fa9897" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 18, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "c1826237aea4c94fcaf99ae0fe5bee86" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 19, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "2fea4391b8036e7a50e912768d379514" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 20, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "97ae6a43beb64e8152b35658494a58cb" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 21, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "14b65ef1235605dd4b2ef42722c0cb9e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 22, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "32418b2bc482cc52c239fe3b7df0f0cd" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 23, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "32418b2bc482cc52c239fe3b7df0f0cd" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 24, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "6250d155a21e975ff3c8b144abf6e658" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 25, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "265a77e2ca37ad84f2383ee543d5942f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 26, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", - "function_token_typing_Prims.__cache_version_number__", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a", - "refinement_interpretation_Tm_refine_8a2cb36738bd59880353542ddfcf2306", - "refinement_interpretation_Tm_refine_fced9469325a21ee5658f91ad6556434" - ], - 0, - "76e9cf01032a7acf00bc1fc93aabc791" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 27, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "195dc1d610ef0b39f9175e6a1a0ae95d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 28, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "22ac8320a53ac68a244acb9c2d93976e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 29, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "0b6d812661a6c83d324fd0433880464c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 30, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "a14ac4dc6d5f4f8c174898ed6fe6e940" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 31, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "96ec107d5319615f15ed33f5a1078d79" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 32, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "edda4b832e3ab2e90bc84eaa5c84be77" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 33, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "dd865875704049451849b53cb0a83d4e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 34, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "a6732e87c2b628a8746fe1afca7663a6" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 35, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "74e07d75f04ee8e032786c0fa2e75aa7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 36, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "b1e5f15a6040f15cdaf13d13ca93d97b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 37, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "06b164f12d25a521201473cabb6c5eb0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 38, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "52805f9f4bef225ae408ed3cf9c35ddb" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 39, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "d14794fffa587006e2cf0702f2827b7f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 40, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "d2fe3d030dc8e91a93669bd594843bee" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 41, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "2255a101406dc4905c0ac62ca36a19f8" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 42, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "f8fadab02500b28db89fce39798c8fb2" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 43, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "13e26cbc12c62e4813a1abf9683e530e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 44, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "39eab8b68d0a4a209848f0ba551c9dc1" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 45, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "e1e57373c21d5d61c1a4ce9670800ac9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 46, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "9824d27626931c50e3ced12cf29374c1" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 47, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "b2f2e83393a847828d2f77df008cdef4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 48, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "b17f8c720a9a7e07687735382757dcd3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 49, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "8ee1abed6928a7777425390b9ea68a5a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 50, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "a456f0309015c65a4874aa97fa3d2db7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 51, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "4f50af4034244da9bf7144e662adce83" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 52, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "8e83378470ff5d1401c532347c9e9a4e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 53, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "aa390c57c30008bc0eeda38661101171" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 54, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "b286ddd6bafa3c8839f60a35c893d173" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 55, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "0ac9541c6234eebc7cfc286c786ea94f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 56, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "9a48d9c416f338bfbe6c732747ac1725" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 57, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "3fa0e50cb05ab8a397f88428bc18c56c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 58, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_373062363cd4174449e04fce764b71f7" - ], - 0, - "e121f95a9f346ae63f5c89943ba8a020" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 59, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "e0d89533525f1e818b5c297d9e9d1e47" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 60, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "ca3474dc6687b48f113a39d70f3ca9f6" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 61, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "af8ee0f308f0939ca08c39e928acc5e4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 62, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a" - ], - 0, - "1fcc5b7274a8443a330a02fd926a15c0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 63, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "79fa33573cd2886c81e4f10ae1293b4a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 64, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "94c5419df5a8d7bccd0ee150f300416a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 65, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_61800b1d066f53faab1d1b384921f53b", - "refinement_interpretation_Tm_refine_86e7594d5d7f7028a8cc49d9f20f6af0" - ], - 0, - "283e825a37597eca3a2ab89ea81ab265" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 66, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.pos", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_373062363cd4174449e04fce764b71f7", - "refinement_interpretation_Tm_refine_53a2a9b64394f36689cfe65c0cefbf17", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10" - ], - 0, - "d22a9995a70a40ff31562d174253b078" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 67, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "25a6f2f60f0b29ee43444803728339cc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 68, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "refinement_interpretation_Tm_refine_15307945ad18048be93d23e7b931242a" - ], - 0, - "077024314c219ac4cfc2d9baf861c2a9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 69, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "749646d01bfde9553229f0064c1d465c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 70, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "5ebbf214b736930d383d35062ed9ce6f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 71, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "3cafe04b51e5809f40a1bd53e3327f0d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 72, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "528a1a9e07d5cf10633b7c223a50111d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 73, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "435354b2f0daf1da2ce79ebf8a6f1dc3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 74, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "d17b74ff7ab47c057ce7ac9f161f94e9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 75, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "087c17026a211e75eeb5712999fd42d0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 76, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0" - ], - 0, - "6425e63eaf4010349dc98243af244032" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 77, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "32987e208a6b382dde90389c6eb56dfe" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 78, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Addition", - "primitive_Prims.op_Equality", "primitive_Prims.op_Minus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0" - ], - 0, - "46860781098f8159997a2626d91a6498" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 79, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "d47270d698107c750e278d890aca613b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 80, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "3b5fdfba8f7304fd690160277099f15a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 81, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "dbe6751bb55aeed2a66f93cdbece106d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 82, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "54932d48b19cf66365bd765d54ce26d0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 83, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "197f88cf5c15181c87e13bf96dff2a99" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 84, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "05ad4986a6dcbdeb0ab85cfd41a079c0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 85, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "cd69e47daeb1ea3d4240820be7efb948" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 86, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "c2c7777d5b515596e0855949e0351bb9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 87, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Addition", - "primitive_Prims.op_Equality", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0" - ], - 0, - "068d30bad15ca2ecb9d092d24ee0086c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 88, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "d4fd84fcce6f232cfba25a8f776a3456" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 89, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "61fe391a383751a95dc0b5a3b5e2713d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 90, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "fb2a2d8081caa41b1f06606fde117779" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 91, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "03fcd8415074aa568e584d64e3fbfdc2" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 92, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "63bff3bf761cec1fe5d89f6d196efdfc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 93, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "int_inversion", - "primitive_Prims.op_Addition", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_96d10e142f70bdc599c296a6327e9c4e" - ], - 0, - "e4a27b1e49f864f039ae61c77db105f3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 94, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "94f9b65d819e2d8cb636314c80bfc741" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 95, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", - "equation_Prims.pos", - "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "primitive_Prims.op_Equality", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10", - "refinement_interpretation_Tm_refine_991c8e84c488404d45d3b64beb0c0549", - "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024" - ], - 0, - "b533274a21af93245127386b8736852b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 96, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.pos", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10" - ], - 0, - "abf6c2bbf2e0c6a0798e40bba4f9abb1" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 97, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "7a1424d3b24ead039b1254f5081e3185" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 98, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "912591cdc53d230885d8e6fb6f50f366" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 99, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "cfec7614ed7fc4a055ec305d2a94fbe6" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 100, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "39f9d83a20a20ae4cd221d6be77453ba" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 101, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "6c7838919a9251b0d73f4711cc09f3e3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 102, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8" - ], - 0, - "09257a25c082880f00fc1c62025946ed" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 103, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "ada1e62524d5529ffdbf9b65f379f705" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 104, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "6a7bafd9c8b834c55a85f0780ac70c22" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 105, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8" - ], - 0, - "4632b31458facda6b2e29a8121f73a7a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 106, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "5604635404a9703eab30c944fe0548d9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 107, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_161e5e2ba78eda4fc9d9477a05bb989b" - ], - 0, - "a49e1d030504939f8f82206bee59f706" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 108, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "int_inversion", - "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8", - "refinement_interpretation_Tm_refine_96d10e142f70bdc599c296a6327e9c4e" - ], - 0, - "0b8835c1a704f262c6155084f2852f1e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 109, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "db0cf8d537339a53c0dec9f5f4de04a7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 110, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024" - ], - 0, - "038171f4498fec500553c30f65a79da5" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 111, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "refinement_interpretation_Tm_refine_42cf014fd435f15d06a8770f66c1c816", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_86e7594d5d7f7028a8cc49d9f20f6af0" - ], - 0, - "f3a5af88b8747b6c6b6bb46cf77aa055" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 112, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.pos", + "equation_Rust_primitives.Integers.v", "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "primitive_Prims.op_Addition", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_53a2a9b64394f36689cfe65c0cefbf17", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7eac4267ebe846531ba2e938aaa99a10", - "refinement_interpretation_Tm_refine_95c500edac59a6189d08eaab31648ba8", - "refinement_interpretation_Tm_refine_991c8e84c488404d45d3b64beb0c0549", - "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024" - ], - 0, - "e64f07c8f8769eb7fb49d2be1fd75522" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 113, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" - ], - 0, - "c644c26f77cc082d5ed2b39c37024a1b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - 114, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "refinement_interpretation_Tm_refine_c6d62e70d21b069f54f1adbce24ea024" + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6b3632cf06e237af83392d248f9bd070" + "5de39354a8cb875a34395fc70e5d3dbd" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", @@ -1851,7 +399,7 @@ 1, [ "@query" ], 0, - "da2f323a35e642616a6e81c21b58b78b" + "ca09aa222c3f10c7308f751c8121f8fc" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", @@ -1879,8 +427,7 @@ "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT", "equation_Prims.nat", "equation_Prims.pos", @@ -1912,7 +459,8 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_FStar.Int.fits", "typing_Lib.IntTypes.pub_int_v", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Lib.IntTypes.pub_int_v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.op_At_Percent_Dot", @@ -1922,7 +470,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "4b45971de7331dc214b89952ec454ceb" + "ec51290e68e3259f24f87c6da9c3bc94" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", @@ -1931,7 +479,7 @@ 1, [ "@query" ], 0, - "24139d88f2a97a658276e4aaf19fb469" + "bf4467dff15d12ba57fc02dcfefdf79c" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", @@ -1972,7 +520,7 @@ "equation_Rust_primitives.Integers.shift_left", "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Rust_primitives.Integers.pow2_values", @@ -1991,6 +539,7 @@ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", @@ -2001,7 +550,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3a4061f15c8cc285b283d735c3ae61f4" + "1da8e6250c17cf279dfdc340e93da6ae" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", @@ -2035,7 +584,7 @@ "typing_Prims.pow2" ], 0, - "824e898718fb0cfd445b0d2cde55f4c9" + "d08d5026b0fd0f430b04ac318e3dab4c" ], [ "Libcrux.Kem.Kyber.Arithmetic.int_to_spec_fe", @@ -2077,7 +626,62 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "dd7b571a31f6b468e6dceea73ddf711d" + "16b234ecc784afab8b09dda84685ba62" + ], + [ + "Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.v_FIELD_MODULUS", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "962a30307052cf341e2fe6e71a27dc5d" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2089,7 +693,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "55a8e8cc2ed8874837be785c3d52a1b2" + "5763fa3537bd6fb9c0acb422ed0c6efd" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2101,7 +705,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "0a32a101cc661008cd347f0da7fcdecf" + "96ef339d45266f72aa9f9de87f47a583" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2117,7 +721,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "f75e660fc9f7179810495076b907a703" + "de8de109c2e1de075907d82af9d5513e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2133,7 +737,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "cb558ecb6065fccb902f98eca6a0d923" + "6695c8609b67f103a8e7caa1b995d3f1" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2145,7 +749,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "072a25f196042973e3b9b1f75e6d1c23" + "cc05062612bd79f970e64614ac8a02c2" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2157,7 +761,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "01bacdf8f55c088ab5121aedf979f118" + "064d9bdf95a32fd5253accf8c8aa208e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2167,13 +771,13 @@ [ "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U32@tok", - "equation_Rust_primitives.BitVectors.bit_num", + "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.u32_inttype", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df" ], 0, - "ca39f86cf53083d9b954a643d34f59d5" + "1dc7fa937bf3d8900a15d693813d9e8e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2183,13 +787,13 @@ [ "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U32@tok", - "equation_Rust_primitives.BitVectors.bit_num", + "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.u32_inttype", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df" ], 0, - "980dc1ad080b246aac4bcecfd1511130" + "dbf4c459630bc09d8f1894aac8e6815e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2206,7 +810,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "cc182e54adfc35052402874f5c2b6401" + "6413e158b6cfa74c0c4fb194fa862352" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2218,7 +822,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "d554dcba416f7444bb69a6d841281a44" + "48fa649f127f11f34255a40fd52fc397" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2230,7 +834,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "927adf990bc43f010069662a71575a62" + "2cad29857489773536c849a442fa0dc9" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2242,7 +846,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "03531906e606a9a71d713b59c7b59c63" + "4ee675b5a65068f2713c520461f9125a" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2257,7 +861,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "0d8f77cca69a0e21263a6c9255806031" + "9c89a03cac77b612b179961be6ce1c6b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2324,7 +928,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "bb6ed03ee494d736e34cf8c75f584f57" + "8f37404b7f55deab2028cd76048345ac" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2336,7 +940,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "e739dec272ba77c4acb3341269e95ed3" + "d6253539a3319ed6e1027dca6fae8049" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2348,7 +952,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "e83a97c8a6dd28fc858885f65a5e5c41" + "7fa4c523b5093dbe21a853fdc25a2cc6" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2400,7 +1004,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "58861a1fdaddb4e9b29c56deee5e9195" + "2ce7f0c438769403ed4023452005995b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2412,7 +1016,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "c24490617a5308669ae6a1f41d460f24" + "49c86c505598d80742ff4b99b047d750" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2467,7 +1071,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "384fb3488891c2d9cfb3fc4db9235225" + "112713a032486b9c4aa36a91914af334" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2492,7 +1096,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "2faca346e8a8943166592e5cbfedad59" + "abaa89fd484937d856b442aea6dd7e45" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2524,7 +1128,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "c2203ca1ef33e795af092ee378758481" + "9a98181345bb76e161eab398f575d1d5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2536,7 +1140,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "bf85cba2c700a100020dd59f37295bfa" + "bfe6b782321e443afed0b796e7ec5631" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2549,7 +1153,7 @@ "refinement_interpretation_Tm_refine_e3fe9b7b2b1f21f6c8f47835047505be" ], 0, - "26ce028b3cd1a131e1d173896a768a1e" + "14348cd83f20a0353d4aca8a9ea8978c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2564,7 +1168,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "5e83969aa5e82c8d6a693c6a43a1c3d7" + "cf687f70b3162ed783a933f6327711e8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2576,7 +1180,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "050a070e5213ebdbc99a036439bbfb76" + "e1dee05891851bd3d7b4851e127fe025" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2588,7 +1192,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "2bfa3b1b706ab51d0dc18de9a4e2fdcc" + "399f1fc6ec7b524d5fd2c9619f5df1d6" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2642,7 +1246,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "b112dbc8d6ce533caaf0d8da2626d59e" + "7261ad8e5e1430f6a9d847ec224035dd" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2667,7 +1271,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "a1edff52dc3a71b8d5ba8c1008d6bd8e" + "778d0df2f1750885dd80cdb856e50f47" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2716,7 +1320,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "87c14c227b9011c7e9661df496b8a375" + "0114b40ab222f8bef5488555c1e04723" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2728,7 +1332,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "0addc2edcc694911fc163c6ae9e12b02" + "baa22c08861357d8772c5823d4ba5c59" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2743,7 +1347,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "555ef49b224331b53a03b8b2e25c4740" + "fca12837003ea3d1b2c4aaa59a9171da" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2768,7 +1372,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "7a4453ba1ed0727c3cfd2916e8c118e7" + "a681bc54d2356b5b3e7025cf67def161" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2781,7 +1385,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "af2017cd6d344c6752c20925f8bd77f4" + "93151cbab7327e920c4cc4910f82345f" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2806,7 +1410,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "d8d29c2026a4da8c90e0cc31afbc4090" + "79969d67ff8d094ff022e763329f83e3" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2818,7 +1422,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "d33424c2cae3fc88fda60ffa3fb97761" + "ade9840751d4dc1f8d3b3c620ff2dd53" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2833,7 +1437,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "fe39b297f3409b04d85c01e73249cf05" + "65c0e05d392fca2aeb495ee9c5742ca5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2858,7 +1462,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "bfe6d94de6d8cf852507442c2abc9137" + "57146214395f06026a1d753094ff218d" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2898,7 +1502,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "c25496d527cb3e1ec645b4c792ff0e02" + "5e5864948afdeada420325b79143a91c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2910,7 +1514,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "e9ebe78c433ba79bd85281de412c1b0f" + "a4634dc6ebcfcbd63df1870946816cb5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2923,7 +1527,7 @@ "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34" ], 0, - "190ce5fc992241fe1d7bd50691d861f1" + "666ddde2de31aabf4f9c4d182a91b3b5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2938,7 +1542,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "556142838eb04e5b1f5b07b68a1deb90" + "41fc478e9ab9e336652f1f7acaf6417e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2963,7 +1567,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "774df252836b9180e3cde5ee0f86430b" + "4da8451231b582b5b1cb43e9f05a7e2c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2976,7 +1580,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "2e1cd3f050ac8159c432fa650476ea98" + "3b2f71620ab50517fbfa437e8e8291a1" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2988,7 +1592,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "2bb9281ce1eed013a77ff0402b398742" + "92365046921da07c96e83682f3d0e09b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3003,7 +1607,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "d3e673ec6956cc60bdfd01989d937d1b" + "4537f5fb8c22a8ca53d2dc7d52d98199" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3016,7 +1620,7 @@ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e" ], 0, - "cf15317f282b02d7334e41e8d1fc713a" + "fb2b36e86d0b5e3086cec86c7518ea87" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3041,7 +1645,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "f263bb742515dbd8837bfb3f90fc230a" + "f233e3e1570d5ccc847782a5c783dd0a" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3053,7 +1657,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "3b7ababe09318f3654e2233f483106fd" + "9e133bff4350d22206f788f7b1053ab5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3068,7 +1672,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "f7d2c4b2bf75d380c9387da2bc88ca69" + "c0a9d665b35184cafaae3ef883c42208" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3093,7 +1697,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "71002d5de802ba69bab919671f354066" + "4f0da2af7b1d09dace61c5d000fe7735" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3106,7 +1710,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "106751d9b0f2519fb43cf62777355c75" + "d8aa32bc9ba67e8e1d91399da34e627a" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3118,7 +1722,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "ddf79b0d5f10ca31fdb6bc8000941fe3" + "4cb8362ac40da8da555bbdcb74b8b6f9" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3133,7 +1737,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "1a0e90daba81b398cb5f9b22082a40c8" + "2016f07e8f21f9c1c1fcb13a8f10d476" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3146,7 +1750,7 @@ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e" ], 0, - "b0a43489e22da22da0b75cbb1cca0bf2" + "0d034a6874d3299189bbc7f0c05ea7ca" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3172,7 +1776,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "7a123a339482cb72f59d392d808f1039" + "271c3db43f35bd21d78d5fd10d1054af" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3185,7 +1789,7 @@ "equation_Rust_primitives.Integers.u32_inttype" ], 0, - "6cf4d75a29fea4466a18875d012be104" + "b6bb31ce053898fe8664e556da2ab137" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3224,7 +1828,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "80064f40c65900ce9fe0c9af51232e98" + "d1a0d8f9b6457d6bc498909394647ee8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3236,7 +1840,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "39ee46ed002f4d07409d1e8572703f82" + "1d945423302214eabc74a83e13b18c9f" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3248,7 +1852,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "eefd094143f2419106c7379b516e1952" + "e75c54c651b3c202c0cd528221c660b7" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3292,7 +1896,7 @@ "typing_FStar.UInt32.v", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "f61bf60e436ea1bff63f2d4eb960c5c5" + "0c083eadf3cc3f85cc3c383c91a71a9e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3304,7 +1908,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "9ff5721e0f089e4fa0d1f19d37fb9209" + "4b581cc525a201f2dd879c580b864737" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3316,7 +1920,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "8ea62f45b08571c49b4c9d515327b524" + "d29db944813816d3aba40408cf4e9772" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3376,7 +1980,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "4d548ff662910a647605d3e2ed9eb0a3" + "67085c67b222f14028379eb44cb5c6aa" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3388,7 +1992,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "811624aa1d8c946b4ab6081432d6f0d6" + "9dc2bbce89ff2afa62735a0c6a764f9f" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3400,7 +2004,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "be8eedd5a04a82589f821a35b7e87d11" + "e39807ca54fc33fa35cba89228a7b998" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3412,7 +2016,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "f435d500363e958c68a49b70a657f867" + "ca35e35f06b11258c433f40f24301ad5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3427,7 +2031,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "351b88452aece3ab516fd5cc3c5f5546" + "ad20d344db199f3ef9034e87b5aed6cb" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3445,7 +2049,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "095fd50fda360785b62d64370fc0ac89" + "9403cf17d69292e493a1181ca5a9939e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3454,7 +2058,7 @@ 1, [ "@query" ], 0, - "fb5592f86fc8638d233f3d70b8f12a4a" + "86f0ff87990b6f9224b37338fa51b2dc" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3466,7 +2070,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "984717eb05ca07f785d98d43a642d4d0" + "a4aeb472c87afc706d298739496ded77" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3483,7 +2087,7 @@ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e" ], 0, - "a47fc361d23530fc818f2e338367923a" + "b2d3b3cb476bee2fad16d1df2205db1c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3504,7 +2108,7 @@ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e" ], 0, - "3ec38a1471f0b76a6304979bb909adc9" + "3960808320cc75aec9263f39daa961af" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -3519,7 +2123,7 @@ "refinement_interpretation_Tm_refine_e52b4600b58a10f95ba9a5252b69d191" ], 0, - "d77750aa2a4476c73b8b59e3acc0d244" + "70b4120b5772fbc07fec81dcbe4f3531" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -3558,7 +2162,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a6dd563c42e7164e131b63bca516ef62" + "80e10294f79555b51022b6b419552df4" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -3571,7 +2175,7 @@ "refinement_interpretation_Tm_refine_da29c9b9e29d9389ae9376ed75fe59eb" ], 0, - "5310f939e00519ca6bd6633113e3bd42" + "e63da65a0925d630c299999e2dc024d6" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -3592,7 +2196,7 @@ "typing_Prims.pow2" ], 0, - "5444c5d326d5ca493b94c03c6be3ff8a" + "407edf4a361d89506acaf65545ded579" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -3600,20 +2204,107 @@ 0, 1, [ - "@MaxIFuel_assumption", "@query", + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.S64@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Core.Convert.f_from", + "equation_Core.Convert.integer_into", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.barrett_post", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_MULTIPLIER", "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", + "equation_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_SHIFT", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.v", "int_typing", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i64", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_right", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_72f48fcc9d60c06731d9c4abb4f9ff9d", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "interpretation_Tm_abs_db8cd405d3f0871788b1d0edf4fda3fa", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.Int64.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Convert.Mkt_From_f_from", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "token_correspondence_Core.Convert.f_from", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int64.v", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", - "typing_Prims.pow2" + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "38bae4599c4a6ca2ce68c4ef6cd62b98" + "9626e2a5d0d330e588e195319f98a913" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -3710,7 +2401,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "aeaa02428cb37a2e326e5ebe26b869ff" + "066b9b7179ef6757f10597805926edc0" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_post", @@ -3750,7 +2441,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "49b551367612e1691c7ff0f2d2d1c48b" + "058df56cc5c52c8806e014e923437757" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3771,7 +2462,7 @@ "typing_Prims.pow2" ], 0, - "0955c12f4d9581dd2bb12dba167729c7" + "968e08d34f1bacdb3874d90d6d13bc56" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3783,7 +2474,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "417808de8b3e400238045a8e211cc82a" + "ba77c3a308570bf7236f899934f5c353" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3822,7 +2513,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "323d42080a007920c8ea7d94f43439c7" + "5bdeaea9c44473a3d8264351c31c717e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3873,7 +2564,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "871f698679ed0425f59fc99d52b03fc6" + "d447ff8cc120c711c91c732fc2ce13dc" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3917,7 +2608,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "20a45be7f6c1a6dc826375d7c9444b39" + "fb3d507d13b28b2b86b968a9f85b1ba5" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3961,7 +2652,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "2b7444b98543890ae053ad934c0b5a91" + "38bc4a4ea0ce9783f4572d3fd7e1f91f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3980,7 +2671,7 @@ "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474" ], 0, - "6bc58296483ac15b6f23b739c34dfaaf" + "04b4398e08e30b643c96d15b0095839c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -3993,7 +2684,7 @@ "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34" ], 0, - "c6eccc3cc8f20d1173acaa67717c4575" + "2a036aa311254ca36c2341478ae61b47" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4005,7 +2696,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "49c2169ebbe8634494abdd606f695816" + "cd5199120326e525cee7fe0741d991ba" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4077,7 +2768,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a6d9319bd4bbe37be91c8daed1f3c7a5" + "f76bcb9688b78cdd770f5dbd8cb193fa" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4090,7 +2781,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0b17177b3f69bbd4a34a81dc78b77eef" + "963258e1f76b0226ff09d7c44654dbab" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4102,7 +2793,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "5c3f4beb8d5e721fae800dda7083c7ef" + "f217caebfe355d55260cf17d8810e324" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4154,9 +2845,7 @@ "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", @@ -4173,7 +2862,8 @@ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.op_At_Percent_Dot", @@ -4183,7 +2873,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "cd0907a5d25d214609dc7b8947119814" + "62e8f61c4f25671ac24c1002c55797c7" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4196,7 +2886,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "f1be5f8769760fbf2a0d05e18b59b54f" + "b7bfb0899d681d400f84489389946207" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4225,13 +2915,10 @@ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -4245,7 +2932,6 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "function_token_typing_Prims.__cache_version_number__", "int_typing", @@ -4267,7 +2953,6 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_cd82abf5ed469bbb90bb940041fe6aba", @@ -4285,7 +2970,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "34129de8fb78ea0c1af172bd057180f8" + "0a47960822e20ce339d2b4ac150bc8c1" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4331,7 +3016,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b888e5bd542f2b1db180a8bac0c2477f" + "f3953b68dbc67c54634446e8aef79af4" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4375,7 +3060,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "59ea6e8b63de26fbf24caa3a031e9ca6" + "a3de3a53e2c9aad4d9bf06e9b2727eb6" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4419,7 +3104,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "676b5c95635948a6f15cd65ecdc6d22d" + "eb012749b3555275058ff6b0baa9b82c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4438,7 +3123,7 @@ "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f" ], 0, - "e9e09be366469cd8dfc4d94a6a2a6f66" + "138560ced56e75b0a871828da803dc6b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4450,7 +3135,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "632d0e432ffc563aae6b3c089939b53a" + "0dcf0564d629b233f17c9863d5354430" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4478,12 +3163,10 @@ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", @@ -4501,6 +3184,7 @@ "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", "equation_Rust_primitives.Integers.u32", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", @@ -4509,12 +3193,13 @@ "int_typing", "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", @@ -4522,10 +3207,10 @@ "projection_inverse_BoxInt_proj_0", "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", @@ -4533,18 +3218,19 @@ "token_correspondence_Prims.pow2.fuel_instrumented", "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", + "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.cast_mod", "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S16@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "16768694021c645c3c629397fef41e59" + "a8460531f29128620cd5ae67a6ce78aa" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4557,7 +3243,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "d16180f0a41a1222531db6056cf491f5" + "f435cf2ef93d65c28d874fd7b4631719" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4570,7 +3256,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0b7e06879ae6781d48c0dd9fb0f3e172" + "e081f87b25489f5ef048152928e26919" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4583,7 +3269,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "48520dd74737e39f8f4b4e1e33897690" + "2bb4528a9b6fb9c68c843406d8d8c4fa" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4596,7 +3282,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "e733a4f8859710ae4f4ab87cfc946a22" + "be74a100ed80ca1b238bd1e5e4e8395b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4609,7 +3295,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "127aeb933fad368b75af0f27b87451f7" + "e2105387a89c8d891bb6f4f30318105f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4622,7 +3308,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "3c30f9c8bdfea6a4bc43d327ceb604e9" + "c062740a98b19c9fbfd056376c419967" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4635,7 +3321,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "e7e9fbbac595e5a3d79b04f63018b5de" + "ebf14173d3bae744cd3a4a9381af807b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4648,7 +3334,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "7b40d450d8fe9a9e68b9417376e1f2c8" + "e163f39f07f218abf5ea4c947638b0c9" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4661,7 +3347,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "5536149524018c8e67045a14bdd07996" + "75c0377c4362213377f38c49a2989524" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4674,7 +3360,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "4433fa2f57bc481cd6ec767caecace19" + "3870321a51d139fc0bb65384e69a4ce8" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4687,7 +3373,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "9c7cd75b82159022c6f23b07f4e68bec" + "1dfe05932775d4f0c5e54698f164aa0d" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4700,7 +3386,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "e1df75c56e4e5ad0c959fc2413f17642" + "d8cc7e72344efb8be534f46ef73ec7fc" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4713,7 +3399,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "836b3299f6458c2141945427e57d714b" + "f4eec549826a524442963ba39f2bb475" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4726,7 +3412,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "e847d2d6b4dc40761298b5ff46c36a29" + "5fe76b2e93ea63a6499c91fc28398602" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4739,7 +3425,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "8751f83f61e0109a5f1e9b53b8c4a8e6" + "f4ee2432009221548bd2f1eefdacc531" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4752,7 +3438,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "4f3a3523d4531f6a967d5a4b4b89303a" + "26a224caade97ea4346bd4f30380daf1" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4765,7 +3451,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "a7fd26825f15162d976c4aa20be77e86" + "a36425b015cdd40e93656c64fcca651f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4800,9 +3486,7 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.cast_mod", "equation_Rust_primitives.Integers.i16", @@ -4818,7 +3502,6 @@ "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_left", "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "equation_Rust_primitives.cast", @@ -4839,6 +3522,7 @@ "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", @@ -4848,20 +3532,18 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34", "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", - "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int32.v", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.cast_mod", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", @@ -4870,7 +3552,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "4402923e78fae3b42992d4a9290b42c4" + "d22e13687149a74588f09e0d54719d03" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4899,12 +3581,9 @@ "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -4912,7 +3591,6 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", @@ -4920,7 +3598,8 @@ "lemma_Rust_primitives.Integers.pow2_values", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_1b065e36c75eb80aaac7221311953753", @@ -4929,7 +3608,6 @@ "refinement_interpretation_Tm_refine_5f7fa9b529eca53c4df25c4a759eb466", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -4945,7 +3623,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "695c3b37f6fc95ef435f093c68b81180" + "df05a2826f86b458f4ab31bd333db9ac" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4957,7 +3635,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "008032ce5f10496ca1f3de0a4060b816" + "d17f13e0b41af02b02df62807c4a4396" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4969,7 +3647,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "043d80acf171bff183efc6afcfec1f1b" + "d1fed4410b2e05be6e2fc410d48df276" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4978,7 +3656,7 @@ 0, [ "@query" ], 0, - "8114df4f47a8867b1dd2eac5fca781ae" + "5fdc1bda1556ff619ddedf1c333f0c02" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -4991,7 +3669,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "33cf47306048c51ca9f2fe2bea74d959" + "f31e879c7ac598e76b12d0fe7e008cd8" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5004,7 +3682,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "f47c57437e6450f88fed66bfc134ece3" + "d4484951be4f8e4bb833cb5da7596500" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5035,7 +3713,7 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", + "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -5052,22 +3730,22 @@ "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_3d634d9126feef2181d7b74928a5cdcd", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", "refinement_interpretation_Tm_refine_cd00f128e06f90e942810ff77aaa9ddf", @@ -5084,7 +3762,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "c276251fb0f1e6f2c97e3f641be71a54" + "70c8f0745bc73f7df94893bfdc71211a" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5097,7 +3775,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "5516c7c9c0f8d7b6c64409e60d9fad7f" + "c3da03f013b4481388b7ef3b78f466dc" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5110,7 +3788,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "f153e3d7b6fdaf485efdc72a30067b72" + "678c9c672ad696e079190eabd8037389" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5123,7 +3801,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "2cdf2c8dde0f9f081806b25894a57193" + "87b22dd7af34a2b929751d48f8bcfb0f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5136,7 +3814,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "1d0fc4e20d052f29d55406ad3fc1c1aa" + "6b28cce9abad116884b0851058f53542" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5149,7 +3827,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "b05238589a6a08561b11309eb8cd5104" + "f9d3ea70a04a0d78121431b3945659b0" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5162,7 +3840,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "1b848697d35a55496dde47194be2e0ad" + "cf18c894035da65ce4fa3d61336e87b3" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5175,7 +3853,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "b79f4d0e5095840ad3c1fc660821fb76" + "ce91c4bc4aad2c24d448fd986f9b6fc8" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5188,7 +3866,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "e35a384c6c46f0cebc9b45532134064a" + "58508e7fa95e2e72ee658a331e648c78" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5201,7 +3879,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0e7e4385c3a0385b664e9ebe9022f1cb" + "369c8e89fe38241c9b870b868273a101" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5214,7 +3892,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "f109b0558b31362f9a9d780e98047dbf" + "8949ffb4deac97a84758a73f56850535" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5227,7 +3905,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0c5ffec1e4e15160c779585557a1bc48" + "cedcf6fc42f13695aa17daf05bcb8caa" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5240,7 +3918,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "a615b26ca07be9f5882ca39aec853906" + "ef3cd4e41419df8d56571e1c52b4b20e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5253,7 +3931,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "91a8ec3cb2f89fbb09593bfd106a87a4" + "6b29a5d7c61e3aac6a8df3412c2b1bfe" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5266,7 +3944,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "2395fe6510de57da2e3d8c7f77182a00" + "ec751320455df37e09ffd8200aea983e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5279,7 +3957,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "29cd7b58be3976b928f4b0983139f829" + "1b9eee56feeb5935685b4ce7a3dd6d82" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5292,7 +3970,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "ce00bf93df857d03dadfc739cd4b1037" + "708e890d877fc8608da3eec932ebaa63" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5305,7 +3983,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "028c94a1ead82562614b5be703e4732f" + "d2fe97e97bacff0c357397ad0209496f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5318,7 +3996,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0b422603f55373b938af00be8c5fdec4" + "f3e49e7aebb52a45a672f498f10e7b91" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5331,7 +4009,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "5edf5e7e070a331073ce4f983c705ae0" + "bd1eac6eb3fe42fb75d34581c859c92f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5344,7 +4022,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "0f0ee1a05ad02086a5ce82c89a7ac3c8" + "2376c97e7a6d9df67220cff7d1b16c02" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5357,7 +4035,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "8973f3b2d0f3b505cf56261ec4644c72" + "288cce2a69787ca2805a1be7378727f7" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5370,7 +4048,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "4de9bcb4b7fa9fc12962acf1f2a6352c" + "c96620395f91007efc6bc2103e6bb41d" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5383,7 +4061,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "ff27f9ff6acdbcefa965779b630c1b2b" + "c7284b207b3a7d81db4bcb3c76590569" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5396,7 +4074,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "965ec5f197665080ac2f5ff5aeda96f6" + "ae89827d513d85fd2283a1242b851047" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5409,7 +4087,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "f83cd147f943637a523cb23735f3866a" + "5d63a64617c70d558b9ddc57cdc815da" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5422,7 +4100,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "30417cd876e1088b2dd3a6ca8e256403" + "3c04be1ded83884135e5f4664e77a783" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5435,7 +4113,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "868394d2daf9f65ee20ccd2aaf2d9e7d" + "a11abf998373ede6b64661767a78bd04" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5447,7 +4125,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "77734e979238698af45378025c524478" + "77efaec2f148478bde575332446355af" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5459,7 +4137,7 @@ "refinement_interpretation_Tm_refine_7cc7c724c397498f3947c652abdb267b" ], 0, - "2fe08fca10bf4c0d6558eef07732611d" + "c80ae7b08446bd936383e463240ba986" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5471,7 +4149,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "58f440f4423212e0cce01bf499dfcddb" + "5bb641087316265efb832d749de36967" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5483,7 +4161,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "7d2da6a8008d5da2fbcc48253cc54277" + "5e6d2660ea23020917cc58495c28752e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5495,7 +4173,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "f550371b235515d666fe4f13e9b3d31a" + "e7a49add86bd8c94eb7f3323d6063294" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5508,7 +4186,7 @@ "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c" ], 0, - "74a695d4b6449fdac1968a7eb28b4563" + "e77a5757cb6dc45fb96dee6e29e61764" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5517,7 +4195,7 @@ 0, [ "@query" ], 0, - "899563a3ba3351a24100aae572949f90" + "06a453a8360edac3c4c8a476d91a29dd" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5529,7 +4207,7 @@ "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877" ], 0, - "a88216d4939ee28284ea38fb06deebe1" + "be33f676c8da83b5e4ed160444418524" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5542,7 +4220,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "be9547c89b0416802141367ba94d56eb" + "a21f340121d9f1fb46a7601605e780db" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5555,7 +4233,7 @@ "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" ], 0, - "4a94792f1d50999fe2ec00f1f0d14648" + "ed8c17e219707792ce2633a6089091f3" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5563,65 +4241,14 @@ 0, 0, [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "@query", "b2t_def", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "projection_inverse_BoxInt_proj_0" ], 0, - "04164d2a9319d651306a4e135e743946" + "00c58ce7f10d8441a2dd3dd04a54b639" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5638,7 +4265,7 @@ "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R" ], 0, - "14d70b12a1f22641cb35c8eca52a17b4" + "c9a6d6abf563852a89262359140a31eb" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5673,17 +4300,26 @@ "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", @@ -5701,12 +4337,14 @@ "typing_Lib.IntTypes.bits", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "87225d38ba37c2e71779ddc3f1943eca" + "ae81e89a1e8124787488cf68ebf82f7e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5723,7 +4361,7 @@ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f" ], 0, - "1beedc1afb971c961f99750218375057" + "018cb4d04f593341b1f475c4c5238430" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5735,7 +4373,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "a7d277a633aee60c04450ece0603bfca" + "a5f4c95ddb5c78483bc702ebb31d60f2" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5774,7 +4412,7 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", + "equation_Rust_primitives.Integers.v", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", @@ -5804,7 +4442,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d326612425514d45bd08d51e64b42f5b" + "2f40d543594fa705e47888594a373938" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5863,7 +4501,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "39dc4b7c9f5685726ba550411e2b3643" + "95e22417a453004a6a5ce5010e01750d" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5877,7 +4515,7 @@ "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df" ], 0, - "74663ccc17664d43658097a9dd122019" + "61a24830da088a34c172ce0fde5c4d82" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5930,7 +4568,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "1f9d6afac772956b170a30067d9e8327" + "5a5df4851fe88d1ee9975ea021c6320a" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5979,7 +4617,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "5c15254a45cea0ed694fdc7742635442" + "1dc17764849f242a32be4b3caa021874" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -5999,7 +4637,7 @@ "typing_Prims.pow2" ], 0, - "a965b8da218cff1fa0822af24dbd76f5" + "030a3204b0cfdb20ee0bb03451a0ad72" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6052,7 +4690,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "fd652e86530ce3c8687268ced7d412b0" + "33a117b90917ad38aaa2eb30d1c3deff" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6101,7 +4739,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e46942316195c3b57219ee844134314f" + "7ea38bb1a764b0b080ce406adf451f8b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6154,7 +4792,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a001587c8b761924b0bf5a4798cd93d2" + "f64ffda8a6269bdaeca2b54b21bb7366" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6167,7 +4805,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "ec73f89cba526c70ff80b5e1a17554ce" + "60cd195cafae237c850825bcd1b455e3" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6194,15 +4832,14 @@ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", + "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -6227,36 +4864,30 @@ "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_022afc646c86a2c3ebe1e9e2457828a2", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Lib.IntTypes.bits", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "040685d9bea63f2031760a76f3f66a62" + "489560ca02335b247d350e516ea849d4" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6276,7 +4907,7 @@ "typing_Prims.pow2" ], 0, - "7724a994e555fae91fb9657ce8c2bfc0" + "4d433cd6b961eccf496e2def6d9f4a9c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6290,7 +4921,7 @@ "refinement_interpretation_Tm_refine_6990c7652f46e2c49e748c5fa474730d" ], 0, - "99cc3fc9d513e829438efdad11769fa1" + "96ebe4a6c74cb5272ce70df15a761f9e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6310,7 +4941,7 @@ "typing_Prims.pow2" ], 0, - "7724a994e555fae91fb9657ce8c2bfc0" + "4d433cd6b961eccf496e2def6d9f4a9c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6343,16 +4974,14 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", + "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", @@ -6363,31 +4992,29 @@ "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", + "typing_FStar.Int.fits", "typing_FStar.Int32.v", + "typing_Lib.IntTypes.bits", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "081a7a2875f41d40b1d7018107bc9155" + "f34bb244c28a2a99cca0ab8ee0545164" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6400,7 +5027,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "00e0bf92df80706a29566c5bed43bb72" + "ff71ca5678278439a63461344a5c6345" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6412,6 +5039,7 @@ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", @@ -6426,12 +5054,14 @@ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", @@ -6458,30 +5088,35 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", + "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", + "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", + "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "15333863514965af1f71cced5382487d" + "a047833030c68242f465c9a1127a2a76" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6494,7 +5129,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "914c8b81c56ca23634efbd8115a8198c" + "cc6924c64e4fbfd3c8c94dd718cca68e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6507,7 +5142,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "a7d44e44387fbcda471d83e6abe97693" + "d8bc6e80a51da5536456125c5edbc049" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6538,6 +5173,7 @@ "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", @@ -6554,7 +5190,7 @@ "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_right", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", @@ -6575,7 +5211,7 @@ "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", + "refinement_interpretation_Tm_refine_76f76d8c58a153fe127ee79ea9243e3b", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", @@ -6586,7 +5222,6 @@ "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", @@ -6598,7 +5233,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b6fd7495f6a1cc89e0ca0de9265ef0af" + "6d88a05c2aab29481722f81889510d42" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6611,7 +5246,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "c7731529f78673a5232b527f5da9a77a" + "55310797d498327244863d7bc3ccf17e" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6626,7 +5261,7 @@ "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87" ], 0, - "3fa6c358d9a3ff0f37493ea09c38734b" + "2d9b765cd97cc11ba3ae326adfb9095b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6649,7 +5284,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7d20c3dbf5823969070c3bc67eed00d4" + "6cee2a82ac99dc892b8beb95a47365ce" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6662,7 +5297,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "466a5514d0a340b0cf74a11e95135f82" + "ea83d3952ccd9d720f08b68c0ada3587" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6675,7 +5310,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "a39a554e90094e41076e25ae359e5dc3" + "07824d58f484bb33554f6b117e957565" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6690,7 +5325,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "fb4c3193058b1ea1c76f111449b3a4c2" + "0776c76249af1867c571eccd2e237726" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6705,7 +5340,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "28dd4259862eebbe2bc4951223257927" + "327f73d726409109668cdabc33a70851" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6718,7 +5353,7 @@ "refinement_interpretation_Tm_refine_4787d0a0d97065c6a181a66dcc5cb837" ], 0, - "d267a6a70916a466cf408229efc29213" + "effe23d029a187e78d1e35d24438b765" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6747,15 +5382,19 @@ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.mul_i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -6765,16 +5404,18 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_right", + "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", @@ -6787,10 +5428,13 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_9d1b816da7077db463e73321431a64f3", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", + "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df", "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", @@ -6801,11 +5445,12 @@ "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.v", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "f2456a0889cfc169f522bd5b4d99aea6" + "c8ef812202960e86cf28f0c3fe90a232" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6819,7 +5464,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "b70d25a314fa4e7ccbd75bf5dc5c7641" + "1992e18a0dc4ae5c18146a4e8fead3dc" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6831,7 +5476,7 @@ "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" ], 0, - "62bef640c5d87b267c177c88c13843e3" + "d9b1ad33868042e39d9cad21dbaa512d" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6843,6 +5488,7 @@ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", @@ -6858,6 +5504,7 @@ "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", @@ -6866,6 +5513,8 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -6875,6 +5524,7 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.shift_right", + "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", @@ -6897,12 +5547,14 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", @@ -6915,7 +5567,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "33cbedee78ac6de2b548c31b4599fc4c" + "50bdfab4d265e9f534917e7f22d557f4" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6924,7 +5576,7 @@ 0, [ "@query" ], 0, - "4ece426085862d61f77ad300d4b84e2f" + "3c9d0dbc3beae165fa2318b8a0c6b922" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6937,7 +5589,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "267d50e9359f0c8d04fb9e136bd98fa7" + "f6b6123911059de0af5bb79a3e81348f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6950,7 +5602,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "3d7b4adbce99e14d7dc7ae2edca1b2d6" + "3f242e1b457efab6f2a1f2bbcf02bc9c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6963,7 +5615,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "f01b9d56b67907241e2bf902251ba428" + "a301b4364d092098c3cf618670046eb4" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6976,7 +5628,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "a62287fc9bff8ca59f87c37d5235e01e" + "9f8eaaf07363d46328f21b8fbb41718c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -6989,7 +5641,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "bc93b64c7faf68c00a5c4a9b5b7a2cb9" + "af6f46391df5412b593407cfb14ba2f6" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7002,7 +5654,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "691be9b898bacd572cb4ae2f5d7e8a7b" + "bc511ebb5c9abbede5a625f3f05ce599" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7016,7 +5668,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "6b04dffc14a69a29392e3ddd2cf6ed1c" + "21e175dbeffc8164622542e2ddffaffc" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7028,7 +5680,7 @@ "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" ], 0, - "36ea213b70825178a812f7edbb94ba35" + "2a680aa44921f81363327035a5fd0720" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7055,13 +5707,10 @@ "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", @@ -7084,7 +5733,6 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", @@ -7093,7 +5741,6 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_891cf327b2a58324b2af048eda42d114", - "refinement_interpretation_Tm_refine_9d1b816da7077db463e73321431a64f3", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", @@ -7106,13 +5753,14 @@ "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.v", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "41f8b649b122b851ff7778e654bfdbc8" + "a6728b6b65fbb7461826b147ded96636" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7125,7 +5773,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "d543032a580b2f379cd08640bd346880" + "81259c86cbc67756eab7659838d2df18" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7137,7 +5785,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "161573286db359654f1aa75ffdd2625b" + "fdbc2d2b4a82dfc55cd300acb7e82cf9" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7150,7 +5798,7 @@ "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" ], 0, - "305227ea8a8f38f6b357f08dcede4403" + "f01ec75d9d6836bfa79ee458c37d5a03" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7162,7 +5810,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "4ed13a021b6b73e0d6c94b5082479121" + "10a727cdf7fa784ef083698f80a15a23" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7176,7 +5824,7 @@ "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" ], 0, - "91ec5f28970173fa7a1b90e04080b4c1" + "dedc5700fa235df0a8940ad85c8b1cb5" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7188,7 +5836,7 @@ "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" ], 0, - "d6b9d691f9e8f3de963f310c5dbeb5cd" + "797457e6ace6e6a5a41ec91a672a0c9c" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7200,7 +5848,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0" ], 0, - "219c0fe20e9828ccb1bb9037d67bc282" + "903c18c89eec065cf6c16f189b970118" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7225,8 +5873,7 @@ "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", @@ -7236,7 +5883,6 @@ "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_typing", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", @@ -7252,7 +5898,6 @@ "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -7260,14 +5905,12 @@ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", "typing_Prims.pow2", "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "192c4054c2f52cedfa56ca82f623e532" + "18357c9327f8fe00808d32db03f1a3a7" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7279,7 +5922,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "fb300dfd0b6eed95243d4ce96ac4b68f" + "d16874d93f57fe4c2eb66e495d416e54" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7288,7 +5931,7 @@ 0, [ "@query", "primitive_Prims.op_Multiply" ], 0, - "151cf410d6997a308907bf998a61155a" + "6285a08979d4b96dbb30a974cbb2113b" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7300,7 +5943,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "c647ed2655e7f3e6094612ebd8413821" + "ecde0207ab1ceb978908b64573f70eb4" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7312,7 +5955,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "7303ba94ecc1c337b5a0dbba62099252" + "91c96933da10c7f51776c659c68a42e2" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7321,7 +5964,7 @@ 0, [ "@query" ], 0, - "01a69e60dfeebedef2fba17eddf7b354" + "f380bc5f7792d7464a3a6e5c1dc390d7" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -7370,6 +6013,7 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_09274165c5a70fc322c881338ab414f6", "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", "refinement_interpretation_Tm_refine_443715b95b52c40b08e892e330553198", "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", @@ -7391,7 +6035,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "0313d541d563512c549e2003c3694ffd" + "780fbcb15274ae161aae862f6f943fdd" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -7437,7 +6081,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "23c40c172a8b813df376eed01777d827" + "5206a369285307d41a22aeea42613878" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -7454,7 +6098,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "47fd2154966a24df4246271b6b057759" + "cb59db9f94edc299ddfa59a67dd4aad1" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -7528,7 +6172,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "f0e0e0b8b6b97901c45958a1cea72b91" + "cadaaeedf554ff469f839431eb9e83e6" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -7588,7 +6232,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d826b700888349c174458b20197797dd" + "eb338e46240c350e7ed107a303e34e0c" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -7608,7 +6252,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "e9be338f018f3353d896e7e65c2655d9" + "786ad69db7c889697a77838a2a10bff0" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -7715,7 +6359,7 @@ "typing_tok_Lib.IntTypes.U16@tok" ], 0, - "770e11e0f65d5a2792573c708b605152" + "c6a4925316b279df98ae4b6517396c3c" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -7753,7 +6397,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b19c414dc1bcd4f421a62b47d72cc577" + "2745e87d8de80c4fe4569e03fee9c1b1" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -7791,7 +6435,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "02c8d63fecc8d1e8f537b7d42fdc8756" + "017d25c2a5300f5ed5e41d8aac679941" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -7816,7 +6460,7 @@ "typing_FStar.Int32.t" ], 0, - "c5a95862457255661aa81e1b276314c7" + "3bc0197edb1d0f0b26aecd921b14ef34" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -7854,7 +6498,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "858e111cbf227eae8463bbc64c61a577" + "eb707080091a4e692f6b7c4507ee9933" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -7892,7 +6536,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4a985e894676392c37c6e192212fb731" + "b101c98b9c8f34dba7d5cf8a4971019b" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -7930,7 +6574,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9ed4a41109e471e447fb9cdf054a6aec" + "a3b9b7e512bf319bea0c4a2dc52b3839" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -7968,7 +6612,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9f906c21c16adc2c70f148c1ab6c6936" + "43f8a040bdb9e3a7f8eb64b87937a2d4" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -7996,7 +6640,7 @@ "typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b" ], 0, - "b4bd182bdbe941578d9796aa68dcc975" + "c2bd8772f94ac8f5bb5f7f853c6782d5" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -8034,7 +6678,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b8a333e2efd129f78717675e32894c25" + "ae30db03759999ed23d6e347710bd62d" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -8072,7 +6716,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4a85882369d2047e82f9b0f4a0bd7c98" + "0d251f157908baf34cdc373db319655a" ], [ "Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", @@ -8123,7 +6767,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1be3dc8343f883e3883f68be8f4a04e7" + "ec1e48e3014c6cdc6ff628204d37046f" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -8202,7 +6846,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ba9167bc6b2fab6e04f3f07821ce2b4f" + "aed2d6f9f4959b37ade8487df23d7a5b" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -8292,7 +6936,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ec28403cd503026897181f98c1da8677" + "b2159801c66b97dc28dffa3ace622c6e" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b", @@ -8326,7 +6970,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "579019e21bf67db3494a3fa2386a1a30" + "87812bc4c0459ecbafba7964910802c9" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b", @@ -8370,7 +7014,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "2f5d78b58f4c43cda9e7b0d2fabd0d65" + "c132a12436bbabacd12077f11b68e8b4" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -8404,7 +7048,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "e53d79215887395f1225851d2dd15811" + "a71aefeaa10bb3c1575d447411abc157" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -8448,7 +7092,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "412d5f48adc080cd832dace28ff58289" + "841cef0782dd2bbf647afcb8c16c3c3a" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", @@ -8527,7 +7171,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "319bac79e78b4323f373863601493027" + "b0a5c68fc4d87377d781e2c986c80e4f" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", @@ -8632,7 +7276,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e1b240ee9c8ee39c446c946ea85559f3" + "e7bb2f1cf9367752840b189a5fec1ee7" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_vector_b", @@ -8676,7 +7320,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3d513ff05c4c46d07d17a0164b1afeff" + "9559c6901dcc8bdde1cfc23a5f435281" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_vector_b", @@ -8753,7 +7397,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c783d3f07be72a5296d8e9b7f9c357f7" + "59784667ed0bc53aec4e78b7e828e60e" ], [ "Libcrux.Kem.Kyber.Arithmetic.poly_range", @@ -8829,7 +7473,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "89d7a3a617f668520e4bcfed68395beb" + "c3bbbdb6074c078960405e16829f4c1b" ], [ "Libcrux.Kem.Kyber.Arithmetic.vector_range", @@ -8874,7 +7518,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "709977cfbe60a8eaa26fa52e30cf0dc0" + "53e9a2b0e1f268a5fe467a787fbfa5e5" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b", @@ -8954,7 +7598,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e6a8531bde5ece54028ba756cef24b0e" + "6310e5e1a54ef2d0ce69c58105a597ff" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b", @@ -9059,7 +7703,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "fea9533b4ca6f5353a007a573d6f450b" + "8b8ed1c62d70b71897571af66a82572e" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b", @@ -9103,7 +7747,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a711b9d08437ee86861c389f2f6e7c72" + "7db1384c05f624d206f7da850e1ad382" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b", @@ -9182,7 +7826,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "100365028d2807cfe29f7c5ff56a5b2e" + "a2505f7bd7a6cd3a759cbee200a526df" ], [ "Libcrux.Kem.Kyber.Arithmetic.op_String_Access", @@ -9228,7 +7872,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "78d1ded3f6e1c8ccb3cf988d87af415b" + "6e4b286597db17868ee587384265e649" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_poly", @@ -9307,7 +7951,102 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "f667ec84780ae3dde5e6941a3c582a9e" + "396064e12c39de6e7b64849b57a442ef" + ], + [ + "Libcrux.Kem.Kyber.Arithmetic.wf_poly_to_spec_poly", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.field_element", "equation_Spec.Kyber.map_", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", + "int_inversion", "int_typing", + "interpretation_Tm_abs_1109ec8a6e71e35977bc79a4f4e881c1", + "interpretation_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5cc1cca606a548adee39e38a44999096", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", + "refinement_interpretation_Tm_refine_9a09b8d60f882fd21b3c7c5705154313", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d17b88cb161e2dcda7d74cf193d2fcb7", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.index", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.length", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "e68a8e7370cb7ff87042f503ca41a8ec" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly", @@ -9382,7 +8121,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fcbc5204451c8154149f6d83e1d0f731" + "97e4e66ee9b6b27f59b2cd7a7c458ab9" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_vector", @@ -9395,7 +8134,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "83140ffe1afabe29156d8b1db62bbca1" + "b0800288d4da782f9d98e6e824380e84" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector", @@ -9408,7 +8147,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "d9ef7d1ce627d56795517bc3501e1f6c" + "b283064c4712b399781debcce13b8f5e" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix", @@ -9421,7 +8160,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "63e9e0d052e9560f4d5d803abedae2d7" + "2cc138bf784e582519132c05dd740408" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix", @@ -9434,7 +8173,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "8426614909cf08de3eb14bf1af008b93" + "bde4bfa3a99d2cfc602145908c068c69" ], [ "Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", @@ -9501,7 +8240,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "483e503d3f200480cd1424269295f49a" + "8e64410f9ecfe6a79dd55bbf67fb00d1" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -9542,7 +8281,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "abe3bbbcd49891782f1b6ee3f5351f24" + "04f8395e312bce89a2c225842677954e" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -9668,7 +8407,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9e5317409ee92f1570466b17ac13d6c4" + "97a39fc8d0287d81a820522821c2cc5c" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints index 969150e78..9381cb572 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints @@ -1,5 +1,5 @@ [ - "i\f$\u000b\\'9]S", + "+).j.\fi", [ [ "Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", @@ -24,7 +24,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "e655a601eba58e488c1adafd4c3dc7b9" + "13931f2278fef6b7cf88235ef14fadbb" ], [ "Libcrux.Kem.Kyber.Arithmetic.mul_i32_b", @@ -41,7 +41,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "2d7c7964dd351ed46db1a921ea654400" + "5755a268f477785543b50cb91561655d" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_i32_b", @@ -55,7 +55,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "267a89b42f476c24b3d301dac0dd9dc0" + "92c879854dfafb75af4724e82cec2641" ], [ "Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", @@ -69,7 +69,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "b8a0a37b5a6bd2e03054b2131f8afbca" + "c475c64c4ac5759766139cad49821083" ], [ "Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", @@ -81,7 +81,7 @@ "refinement_interpretation_Tm_refine_1e068ce857e1bf578a12a06697989d54" ], 0, - "a1a80d03656cc5db2616433ce0b1004c" + "8b90348be04fc4e7b1dd3d0ba0373c69" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", @@ -90,7 +90,7 @@ 1, [ "@query" ], 0, - "b5bd75ccbe37aadfc822729dc9dde5ac" + "b8ab710f79caf4b5cad9c8e47c5d68db" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", @@ -99,7 +99,7 @@ 1, [ "@query" ], 0, - "95c138f9dc3482a8b852e8c9459d660d" + "c7fc411b1c10fdc016f0feb7c0554459" ], [ "Libcrux.Kem.Kyber.Arithmetic.int_to_spec_fe", @@ -154,7 +154,62 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c72709f50c4ae9ca41d022f9a38053d5" + "b98d2d2ec26921651d1856af647b7143" + ], + [ + "Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.v_FIELD_MODULUS", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "5f9822e323be37e60e27dceacce92e49" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -180,7 +235,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "53a7afa892400e9db9ade3d02be0fc3b" + "475cea37f0a2eb41eea8bdba6ed67188" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -221,7 +276,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "38b6e3ea023a22c5881b3202dc60d290" + "9843f05efa44342163aac4dedaf16a27" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -240,7 +295,7 @@ "typing_Prims.pow2" ], 0, - "41faa5cd1e8745b41ad78f2c6fb96c98" + "bf66fd2e1dfb7b73fb871cf5a77d5517" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_post", @@ -281,7 +336,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "915f899e1460bb39be5a03e33d98be11" + "62ef2da42123a2d7310340e9b6aa8a4f" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -301,7 +356,7 @@ "typing_Prims.pow2" ], 0, - "d92571fe4fddba2a3e34e66cd8379df3" + "7b6775300478331749785ce45270be94" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -326,7 +381,7 @@ "typing_Prims.pow2" ], 0, - "34a045722ea77d2338d4be13dc12bd09" + "ffa276f51e775be346f210b306092af3" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -388,7 +443,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "96c4e01f64709b9ce3e841e733dbf8b2" + "9076d404666aa3dd3d5b22d5a31278f2" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -408,7 +463,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "963ef621c4bb5f9e0812977745794bbf" + "1e882870f28a8e31e8ce9d6718e0b3aa" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -446,7 +501,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9e801d727357bbcdfba5f319b3a030b2" + "7a4f3ed0e2e9c9c73925b3ea20a52a0d" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -484,7 +539,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "90f90c7163bbe42a6a43726729d3048b" + "4b19cf0c9c50b0c01bdddb3b7fb48a8a" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -509,7 +564,7 @@ "typing_FStar.Int32.t" ], 0, - "6c322458453cd337103704fd5a83867c" + "11166e91812c860c2213f57f62a33239" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -547,7 +602,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2c3f42164195c7efcc58720708afb7c4" + "92e1ec091bbafeeb20fa9470065d2274" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -585,7 +640,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "e524b6f0b95c86b4363613fd55d457a8" + "0b77eab8ed7f3399bb9ffdac0577cabd" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -623,7 +678,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ae3cefb2a3b9538b0e2fd26fc0e88ce8" + "d26a726d527cd56accf8d4fc17304908" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -661,7 +716,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d016137a73b6a1d0ff28fd43447b1f55" + "f9526cb4a0408d666f14771318b4942a" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -689,7 +744,7 @@ "typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b" ], 0, - "88f7d190ba8345fc555b61a2c4199536" + "5eb40c033924c2c836bff053a1d8bb07" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -727,7 +782,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3ce66b75aa85cb7566b34b888e740a1d" + "115ab9a3fd8e2b237760be8cad22ff7a" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -765,7 +820,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "24fcd8228f5faec71549009776e9e9cc" + "47efc7749065d75426ff751896250663" ], [ "Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", @@ -816,7 +871,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "04d82458061d6ee53b8e54dd0aff7405" + "202c7cb035f005ec03b924dfee640698" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -895,7 +950,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a39a09ee8e52544dd8d4d9fda2f40449" + "8250ec903fb741ac1f201dbaaa7bc00b" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b", @@ -929,7 +984,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "b40ff323f1d6587dda1697d0996f765a" + "1fa0b9206483eb299cebe2b961e5e4f0" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -963,7 +1018,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "2bc58385579f5717c9c8715ae147e316" + "4eaf4d2484609a3720153189091f1b4a" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", @@ -1042,7 +1097,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "aec6e8731792158e398514af6eee1a12" + "93b83c2f1f2da4b378f3f373f84a803f" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_vector_b", @@ -1086,7 +1141,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "af0f5d8499ac1b4ee24a63d6634217c8" + "6459677d9cf4a7186dd56aec66a920f3" ], [ "Libcrux.Kem.Kyber.Arithmetic.poly_range", @@ -1162,7 +1217,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2950b0055924138f94c42645772c90a8" + "9a0010f507d6acd47673328f0a19304e" ], [ "Libcrux.Kem.Kyber.Arithmetic.vector_range", @@ -1207,7 +1262,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1cd41ad7a9b6f455909527c43d57badd" + "8a7d3f0f5ecbf6b5271e4c925cb9cadf" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b", @@ -1287,7 +1342,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "af9643c554b612a90856786acae6a35b" + "6515284f1386bc6656ac938707c6d18d" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b", @@ -1331,7 +1386,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e72e49ea6214d264995f61ec10f8f26b" + "018ba26e71abe5f029dbd78768f883d2" ], [ "Libcrux.Kem.Kyber.Arithmetic.op_String_Access", @@ -1377,7 +1432,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "42337dd8c91938e05f3a98264c4729b6" + "91718ea08343b7cc725794a67ee9fbe3" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_poly", @@ -1456,7 +1511,102 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b8a34faf2d9a3a7e5d2a644ff5490efb" + "c80f5bec2eb60495e8d02839eeed47f3" + ], + [ + "Libcrux.Kem.Kyber.Arithmetic.wf_poly_to_spec_poly", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", + "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.field_element", "equation_Spec.Kyber.map_", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", + "int_inversion", "int_typing", + "interpretation_Tm_abs_1109ec8a6e71e35977bc79a4f4e881c1", + "interpretation_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5cc1cca606a548adee39e38a44999096", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", + "refinement_interpretation_Tm_refine_9a09b8d60f882fd21b3c7c5705154313", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d17b88cb161e2dcda7d74cf193d2fcb7", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.index", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Arrays.createi", + "typing_Rust_primitives.Arrays.length", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "4a93881353dc5831343702e9c87b3f5c" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly", @@ -1531,7 +1681,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4a7a00ae046eeda7b26478b81b40bd77" + "80d6eb07839ff986cccb40e67e2de0c4" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_vector", @@ -1544,7 +1694,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "2237f5b0ebfea6ea885cbe256d77f765" + "03bfa384011d19c03a66f7c344f5b1aa" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector", @@ -1557,7 +1707,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "a624e99ca7db0e580f99766017341958" + "c47a88e0c130fef4eab61e42f2a5e1a7" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix", @@ -1570,7 +1720,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "183bdf712d602e7cfa0fcd4571f2ced7" + "ce9b7733d918be9cd02e7e831c1d5578" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix", @@ -1583,7 +1733,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "2d5d0e5ace22bcc876ac97ab6b47086d" + "4393f8b0db2516873718f82f38fe6caa" ], [ "Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", @@ -1650,7 +1800,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "af2a429aeaec38eedd8a788addcf0368" + "d21d63bd1aebd20eb25d54fdefc77996" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -1691,7 +1841,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c4a55642444fff2d56dd6452beb2985b" + "4aa74060f56a282751ae6df44c1a60eb" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints index 8729e2a41..61971f256 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints @@ -112,7 +112,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "51c15f6a6e8af2dc72bb3e03fc73c7b1" + "3fcf25552a337e0109b1bf6c136be6c0" ], [ "Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient", @@ -134,7 +134,7 @@ "refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f" ], 0, - "997643d9b07b9b02496efec13e1964f9" + "52231a9bac1eebfec3c7aabefd53343f" ], [ "Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient", @@ -241,7 +241,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "5fcb37837e63ab579df13e7a4e314934" + "86d0b619c1919d48525121802dc72e8c" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -303,7 +303,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a180c0875b2d2f79083c9fb9c489af4c" + "e3c4e76377b29eaa8adb3085dd826410" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -315,42 +315,90 @@ "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.add", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast", + "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.shift_right", "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_1896583600abe7c45780fa9268536bbd", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e477cd5567f25e8e57e00f0185fa1ab0", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.U8@tok" + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Int.fits", "typing_FStar.UInt.fits", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.mul", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "62c877a0d96e675179d86b5c0ed37cea" + "e08528bf24168913222ea7c73cd39fef" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -442,7 +490,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a721ee651ec971e32c1d0b93b5808dc8" + "3af12397bb542be99204367a8a0a4757" ], [ "Libcrux.Kem.Kyber.Compress.decompress_message_coefficient", @@ -512,7 +560,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6f7728f244b1f7fe55a41ff4427cfcc8" + "1012075755f329ddf665d09993aab784" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints index ab8316079..77fa0725e 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints @@ -21,7 +21,7 @@ "refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f" ], 0, - "2ac009fb949fbb2738b6839e1b9dc804" + "8c05e430534427d412737c1eaec493f8" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -85,7 +85,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "6facccb801e2f7c636dca8bec56aa28e" + "e1c81aff7f0fe787b3d076b5ec5a2f04" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints index ff69abd42..158e90231 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fst.hints @@ -96,7 +96,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "bf757a8cedc5e0892f9cd779c6180e33" + "09ecbfc7efe2c77697240b54065d14bd" ], [ "Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time", @@ -120,7 +120,7 @@ "typing_FStar.UInt8.t" ], 0, - "292bba9aa30bcbd336ab0bef83af1b81" + "015ce96d492b9706b4d16e0d1dc4052d" ], [ "Libcrux.Kem.Kyber.Constant_time_ops.compare_ciphertexts_in_constant_time", @@ -233,7 +233,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "124986828210bfdc995c85b19c6a0534" + "667c7074c780365e4f7e2a48896df1b7" ], [ "Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time", @@ -282,7 +282,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "78c7478c7587be54189c0781b0ff7537" + "0d721c969f1b50e9dc91d53a399d8091" ], [ "Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time", @@ -442,7 +442,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "242f77f2291a016082648390ed9add65" + "2a94efd3f1f12da9e3f83b9a20f88099" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints index 32a233a53..69094542a 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constant_time_ops.fsti.hints @@ -23,7 +23,7 @@ "typing_FStar.UInt8.t" ], 0, - "9acc741880953195efc6c9aaf3e98391" + "b1d5da54fd13fbfe797a463d9e1cc05a" ], [ "Libcrux.Kem.Kyber.Constant_time_ops.select_shared_secret_in_constant_time", @@ -72,7 +72,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "914c8270c54ab59570760334b9ceb664" + "844f5978d09ebc4e7901c7296c1fa782" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints index 29d17ec90..3f55832c5 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Constants.fsti.hints @@ -37,7 +37,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f15641905a172ae9e591d152f9c96d6c" + "2ccca6d50fa42c88525da2a8714f6e14" ], [ "Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", @@ -75,7 +75,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "47d1fcdd9b9a891ddd9d5189294e1a11" + "92872cdfc311e2f8cb9e4db831d019c9" ], [ "Libcrux.Kem.Kyber.Constants.v_BITS_PER_RING_ELEMENT", @@ -120,7 +120,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "51dd5bf561247cdffd3d5c23fb955022" + "06b26553678d0318731d8621a32872c4" ], [ "Libcrux.Kem.Kyber.Constants.v_BYTES_PER_RING_ELEMENT", @@ -163,7 +163,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "96fc4186b10707302ab4b72932cea661" + "f99f9a93db1cd6c6717b48072e0932fc" ], [ "Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE", @@ -201,7 +201,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b0b0e8d4a076a6cb79f9ff8cf2268dae" + "1089300a691515198a9bbfad3af04f41" ], [ "Libcrux.Kem.Kyber.Constants.v_REJECTION_SAMPLING_SEED_SIZE", @@ -245,7 +245,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8c118bf1f93b3be468797f30e5f4e89c" + "6cf935d8a2aeb522cdbb6217e65cda61" ], [ "Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE", @@ -283,7 +283,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bb37f46fa9e261e3b2281a3dc3d145c0" + "f6fc4f0b582f57b6e169eb1babf6807e" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints index 3b1c7e4f2..c1b858be7 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fst.hints @@ -38,7 +38,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "424f51ce2afaa60006e68464a1817e0e" + "c3898719d9111eb9b13089ced6449a85" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_G", @@ -76,7 +76,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0a8b8daca19ab55a1c36273cb635de28" + "ee149743e1d622ae3eb9dfa5bfda336c" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_H", @@ -115,7 +115,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2259a304060a6b11285cddbcf15a1b7e" + "1559cc8f2e4b659d2c42a44817e22a32" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_H", @@ -153,7 +153,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "28729d43abb5581ea330deb821337893" + "4b262cd264339ac6961c4f9282ebee56" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_XOFx4", @@ -204,7 +204,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "4eb0f409f728ac1da3363ba0e07f69b2" + "212f4818b9bd8207fb34e4692d46e285" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_XOFx4", @@ -214,7 +214,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -222,27 +224,77 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equation_Core.Iter.Traits.Collect.f_into_iter", + "equation_Core.Ops.Index.in_range", + "equation_Core.Ops.Range.iterator_range", + "equation_Core.Ops.negation_for_bool", + "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Hax.impl__index", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40", + "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2", + "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", + "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f", + "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", + "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", + "l_and-interp", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_Item", + "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_IntoIter", + "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter", + "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_Item", + "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", + "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "refinement_interpretation_Tm_refine_08126773a0ec43652fb7d75527aeafb2", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "token_correspondence_Core.Iter.Traits.Collect.f_into_iter", + "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains", + "token_correspondence_Core.Ops.Index.in_range", + "token_correspondence_Core.Ops.op_Tilde_Dot", + "token_correspondence_Prims.op_Negation", "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "1b9f8e1e049dbb3b3f3be3b6f010ad66" + "32c81201712ea482da4cdea699644caa" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_XOFx4", @@ -332,7 +384,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "13fc9c35bc530e5c7d9181e652676548" + "6e79cfb1e7d7bb8225fba245af449e06" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints index abd7569c9..91e0d50e1 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Hash_functions.fsti.hints @@ -38,7 +38,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "543170cc5562719525c42f907396b084" + "fab022463f1e61fb6c138a5c321a9093" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_H", @@ -77,7 +77,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "fcdd8dbeda3b3219304d46811ded18c5" + "7ea5885f51173b8a93f92fc48d4207a6" ], [ "Libcrux.Kem.Kyber.Hash_functions.v_XOFx4", @@ -128,7 +128,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a98ebc15720ee01edfd12d37b4058933" + "dc3975a75dd7cc8cc0dbdd1f76252368" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints index 9ea5abd4f..5d7de6739 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints @@ -47,7 +47,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f5d82786a12d058bd6169a673c9dfe39" + "0d348d30d445b1dffc7a5f70da6fb5b9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.into_padded_array", @@ -140,7 +140,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "46f170e1c4519b8b728250d43f7cc2a2" + "56d78bfd944e350be2ef79cd7b21634d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.acc_t", @@ -181,7 +181,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a31d15eb299c2c5ad348a19212bd79d9" + "12c49b090a4d076753491a6ff371ecf2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.wfZero", @@ -193,7 +193,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5359d27105b6e5b608bf9eb837f52a7d" + "f2f1ef79b63dde403cf093f75ab8373a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.etaZero", @@ -219,7 +219,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3ddd4a69ea8abb98c1a078bc2a4033ca" + "a180e32d11ce7f0727ca81656095ef5c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -303,7 +303,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "7fc5eb5c3809ee10b95d7fd77a7bd0d2" + "571a034f1bb53cb36eb82d827fdcfab8" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -313,7 +313,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -321,27 +323,97 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple3", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Core.Slice.impl__len", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.gte", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple3", + "int_inversion", "int_typing", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_303f3ed7da7fa515960d4d09b7f6f790", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.UInt8.t", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.gte", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e4f8935b5c4cf6f29acd403006a841ad" + "7f0b367bf84b597a361301833f16405d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -451,7 +523,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3c04eaabca4ee28a59d699dd07fba3e2" + "362563e470d689fe20673f0228a12a28" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -531,7 +603,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "00c631d3d02e629a355ac09c7d953562" + "b23fb4305c249829925435a340a5e363" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -541,7 +613,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -549,27 +623,108 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple3", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Core.Slice.impl__len", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.gte", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple3", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", + "fuel_guarded_inversion_Spec.Kyber.params_", "int_inversion", + "int_typing", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_303f3ed7da7fa515960d4d09b7f6f790", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6429d8e304d352f05a83669146e6cacf", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d9709c468a55d1c148eb4fc0d0233e6f", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.UInt.fits", "typing_FStar.UInt8.t", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.gte", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_ETA2", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3e92ded985cd7f31d01cb1b4ee38ff1a" + "305581cd7fa48c8d4b56d8f3df7c896b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -688,7 +843,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "31aac3b3662de6d97ded9a613dac7345" + "315304047df9944acc196e7a821129b3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -752,7 +907,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ec30557ba772ea45e48a3170d97c2b04" + "8ca16d93f3647fe5af6a9e6495557c5b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -885,7 +1040,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c3dbc59b7d0fd8789af08b0c0f477203" + "38a46c54c9563f81aff5c28d726b514e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -935,7 +1090,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "0648e0eb4d8aa9dac4fffc48f7a1ccdb" + "cd2d80c8e47359d4cbd64695be4421c8" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -949,7 +1104,7 @@ "refinement_interpretation_Tm_refine_257ddf45d97229b8c327236723913127" ], 0, - "a0d53ab46855dcdba04f85b59a1a69fe" + "f62a34b342827a68028c49a96e3827a3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -970,7 +1125,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "90522bb98a8a8c12b13bd252b296f028" + "63f334c6c3ba6087911b3be734fb1b16" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -991,7 +1146,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d068aa27db85ce3aa8b2db83b0ef7450" + "de5c671fb5d0b3a59a884774230b05f8" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1028,7 +1183,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "5a7b42d85c5121cd4adc8dd0412d25d6" + "a26c3a24f07bfdb3df210ab0e03342ca" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1064,7 +1219,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ed0d37ed257421f307ea13dc0f4e60a0" + "7089f5129d9dda8143cab74f3a21c023" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1120,7 +1275,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "6e7c578dbfab310235161ee49892888f" + "679dc5024e33a3d1b0a2d05069c6b6f4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1200,7 +1355,7 @@ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE" ], 0, - "6f5392cef8b94a877fd37bb4102c7de9" + "5965f1f1618b27944601033adbf60692" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1253,7 +1408,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "47cdeeadb1cdf9a50ac2703142d34713" + "8d1ef68521bcb4f2f1bca0b5a3c43c9d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1293,7 +1448,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "69ccad123e4dde2687331d928faebfff" + "7953a0b07fe142f027cd73433d4e1103" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1343,7 +1498,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "5740c53b845b04ec629b9d16138ec157" + "25502e97923814a0ea48be7e89553b84" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1398,7 +1553,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c28f8d2ebab01017283dbce1f57a3197" + "efa9bb00a6b86d27696500aa7628d16a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1464,7 +1619,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9a876bef6c7e023558928b7eeaade812" + "395d932b7d6633bf4839e36cd165228e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1477,7 +1632,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "b0642417b20101cf891dcf24d2377f72" + "61297d1437063895a5841ed444021cb7" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1564,7 +1719,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "79bf17f6aae9528d02597b5d8b30c586" + "361c5f2d85c5b61a6e4788104eb47765" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1576,7 +1731,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "c49eb0a8c2984cf00c1a193288fd8627" + "c275a596a36ce707e03e1d46569d2746" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1585,7 +1740,7 @@ 1, [ "@query", "b2t_def" ], 0, - "29e7a050bcb322f3ebad11a09218ec0a" + "b62306100215cad61cbd994bedb33229" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1628,7 +1783,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "6e91cde2cf129e6c05f3deb6612c4d5e" + "1ec9506a4b465674fea967994f772695" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1641,7 +1796,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "a9d1dcdd519e3bdc1ea053ec4116d56f" + "8dbc136e936f322d5a4b01d5f7f3af6c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1712,7 +1867,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "ea84e6feac9f0a61ec31901e710ed34a" + "541cbd39fe267428dfafee5b457eee11" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1726,7 +1881,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "f99a02a82813420976bbbdbdafbe5f0a" + "1e633e99f941bf403eb9ebf32a21dd09" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1741,7 +1896,7 @@ "typing_Rust_primitives.Hax.repeat" ], 0, - "1086ebcb2e78b17fcd834de630663a67" + "8d6a9118a5e78fe208c782e798d98a93" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1755,7 +1910,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "187003252e0423572f5aa5cc6965607b" + "d707787ac5970aacfc5156aac317a253" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1764,7 +1919,7 @@ 1, [ "@query" ], 0, - "94c7c5ff3573650a98e32a1a553473f8" + "f2365d26f533e9c92f6c770e4775b8ba" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1799,7 +1954,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "63adf77b49b957f85568ae1782ee8210" + "3d532f975d88081c5c699fa861854bc4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1852,7 +2007,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "625d9db81352cb458104394c2a2c48ef" + "b173468ae9e5d401325e4f15ed979eed" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1883,7 +2038,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "f46b276c31f0e851625e654d8142a32c" + "e6c88e79fe8793808e841789390e758b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1905,7 +2060,7 @@ "typing_Spec.Kyber.v_C1_BLOCK_SIZE" ], 0, - "4db9fc552df44be63ce1d061060017b8" + "e461e47430d5dea56300e24df4305839" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1927,7 +2082,7 @@ "typing_Spec.Kyber.v_C1_BLOCK_SIZE" ], 0, - "07b4d3a74479228580523c902abd7317" + "2674ea7d4e061dfcf008df4fd9cec8b3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1982,7 +2137,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8022a8c74278f44ea49449b801189549" + "3b0ba87222b11f9f076cf0eb8f1ce658" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2007,7 +2162,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "134a395903ecd7f0f065a08b12fe3f23" + "e9b26ab236ddb3bf5f92869892b2e35e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2024,7 +2179,7 @@ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688" ], 0, - "824bec19679bf2f71fcafc1686a64e6b" + "cc665f8e0e6ec9dbb3d31db1e390bf94" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2044,7 +2199,7 @@ "refinement_interpretation_Tm_refine_e2e762f87b9fab3208089befe760c551" ], 0, - "8a24e40b8479131ea53f8af276a02e4f" + "8e2fc2e6741ff8005e5b3606c4c78f0a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2071,7 +2226,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "0711dd03fc55a77c050522f9c7be3d8a" + "51d1cd91fc4f3f7bd3770f0f59813ab9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2087,7 +2242,7 @@ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178" ], 0, - "7490217f8ccbd777da633c33cbe25e6a" + "0dd78ccd82c947b9e371df71af88bf05" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2103,14 +2258,14 @@ "equation_Rust_primitives.Integers.usize", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", - "refinement_interpretation_Tm_refine_2c21fbc891ed88ece0f7cbd3426a8a63", + "refinement_interpretation_Tm_refine_1152491a9a408dbb2a69fa5eb7c3eea1", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v" ], 0, - "f9b0516209228ba45b220855c3935c35" + "342e92e6e769e006ec71f616e1ba8085" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2119,10 +2274,10 @@ 1, [ "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3228273f48688dd5bc6a47cc71b63644" + "refinement_interpretation_Tm_refine_1780e3e3423d75725ae206b5df95a0a6" ], 0, - "7d91de0a587ea5a88799f5bd788eb131" + "f18f5bbb3bf32ff632fed17c30db3236" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2131,10 +2286,10 @@ 1, [ "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_5c9c497c51ef2bfd23dc566251e18cd1" + "refinement_interpretation_Tm_refine_bb4a6fcea4effb263c4c9aec6fa6b2f7" ], 0, - "c738719fa6e58069acbc529deead9104" + "64f503f9c4df5287376060d68dcebf62" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -2218,7 +2373,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "2f238c17396411e65eaa9c43f5219a98" + "25dbaed95e9cbc9c8ee2683b67058f9e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -2355,7 +2510,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "82e36ab3ca3960079569913edd26d723" + "e92274ceece7244bd5e54b1ab1df516d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2405,7 +2560,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "80ad170912a78323267f8cd17c23d546" + "5db994cf85b2bac15a42a91622af3ca3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2419,7 +2574,7 @@ "refinement_interpretation_Tm_refine_04d1a41375cb265cfbd8785ad22877c0" ], 0, - "c8fa97a63f96d9d6e26f8a6553c46f96" + "100c9c4299a9c9667b6f6edbc8a45480" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2456,7 +2611,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "15b13bc7de64dd7c0f1b7b993dd93b2e" + "5164fdff491f97f854c5f6bb0dcd3be8" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2510,7 +2665,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "41a658a1156a94e26687e239671540b9" + "e5e2fb57a884da4b9ed534641609d613" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2522,7 +2677,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "3c4d3c67e95bf2753a7d8009218a6864" + "5e8cd6169a20a141c4fd30ca7721e2e0" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2531,7 +2686,7 @@ 1, [ "@query", "b2t_def" ], 0, - "3988ac529e447122123eef67fc04c247" + "dc8f6101419d680916ff59473b7d61de" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2568,7 +2723,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "95b4a1d2ca2767e3fea5b50068428b68" + "76f66276f5949bd6e5f2ba11c05301f9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2644,7 +2799,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "d1232bdefa22388137446c092d7ab89e" + "6901de6dfc1e3b78221177613b9fee8c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2656,7 +2811,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "3e5b8e3da43177ef9aa3d0b11c877ec7" + "fe537b8f97ec03bca8630e0803861b11" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2671,7 +2826,7 @@ "typing_Rust_primitives.Hax.repeat" ], 0, - "79d0ba3045d8f5f3d2e655860a14bb14" + "f6c2a5bbc8a28618b8e85195511daa41" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2683,7 +2838,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "70a26e1ffc64e4941bae35e9ac4d1fbb" + "3d1d7dbbc5e63695a7f7523dfc6d83cd" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2692,7 +2847,7 @@ 1, [ "@query" ], 0, - "eabe5ee1a4e90b71f4f181f13a177759" + "da3144df74891aa33ab64bdb4433e5ef" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2725,7 +2880,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "314ab0636a88b7a09757b3a029ef6f7e" + "9b6e9d2d6dc059c7b14a106c002e8fea" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2776,7 +2931,7 @@ "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.valid_params" ], 0, - "5c2710a29d4deb31f0ba07a0d48a1ddb" + "5b206f38d41273a5a659a5b06b652b13" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2799,7 +2954,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "c2df478091f1995541fbc9fad74c4d53" + "e99c21ef8bcb95914bcf34434129b105" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2821,7 +2976,7 @@ "refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9" ], 0, - "1dcba185b5fca17c9a34454f93da1855" + "5d3e1eca4f4fd6a466d9309d5b850814" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2841,7 +2996,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "54c997e90cdf1d6530a2cdd97ef2ed86" + "314719c67c85a7d21db9a85d18482513" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2867,7 +3022,7 @@ "refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9" ], 0, - "698d330b6d133741572cb1b0ad84378e" + "e6a16962d9c12b4f1b01329ad1305bc6" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2883,14 +3038,14 @@ "equation_Rust_primitives.Integers.usize", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_2a445ee76d816ee5dc6456b15866fd0d", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_a2ce4182f623d51af4f01507dbac81cf", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v" ], 0, - "03155974d3b0769d9dd8cc4a2d74d09c" + "a209b0426eeb4cc5454a992d63f708d1" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2899,10 +3054,10 @@ 1, [ "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_d2d32f632f378aa1e2fe5b24c42ccb20" + "refinement_interpretation_Tm_refine_91aef11d36a5ef4d927e7ba47e560947" ], 0, - "262099b3c813961bdd25bb5df5465e73" + "5f5f5135d3e157dec16a875bf399a975" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2911,10 +3066,10 @@ 1, [ "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_729eb4d164a2255861c24fbe8bcd08ac" + "refinement_interpretation_Tm_refine_584f0eb673831c31e84c27dd07e5ce0a" ], 0, - "620d6760dc3efd07574d6ab512f7f39a" + "d1905fccd05205683ad0affc57e3f0dc" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -2974,7 +3129,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "61ac361099f3cefa7d06552113c45d81" + "011edc326ce97b5fdbc901a13920a966" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -3111,7 +3266,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0299d54f8da6d660e67fef0b24181481" + "f05846026fa629ca903d5c81a0f39961" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3182,7 +3337,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "de9184e9cc63d1debaf39092a6cd0a15" + "a5e3318595c47bde1b12d5e6a9939883" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3192,7 +3347,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -3200,27 +3357,181 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Core.Array.impl_23__as_slice", + "equation_Core.Ops.Index.f_index", + "equation_Core.Ops.Index.in_range", + "equation_Core.Ops.Range.impl_index_range_from_slice", + "equation_Core.Ops.Range.impl_range_from_index_array", + "equation_Core.Ops.op_String_Access", + "equation_Core.Slice.impl__copy_from_slice", + "equation_Core.Slice.impl__len", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.to_spec_poly_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Ind_cpa.wfZero", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.slice", + "equation_Rust_primitives.Arrays.split", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", + "equation_Spec.Kyber.ind_cpa_encrypt", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.sample_poly_cbd", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "fuel_guarded_inversion_Spec.Kyber.params_", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "function_token_typing_Rust_primitives.Integers.u8", "int_inversion", + "int_typing", + "interpretation_Tm_abs_0cb90ffdaac009e5428b856a53fc2c98", + "interpretation_Tm_abs_4bb6412701dfeac9ce6df5500b93361d", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", + "interpretation_Tm_abs_c383c10040deb921f8edacb536247c52", + "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "l_and-interp", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_FStar.UInt8.vu_inv", + "lemma_Lib.IntTypes.pow2_2", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", + "proj_equation_Core.Ops.Index.Mkt_Index_in_range", + "proj_equation_Core.Ops.Range.Mkt_RangeFrom_f_start", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", + "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", + "projection_inverse_Core.Ops.Range.Mkt_RangeFrom_f_start", + "projection_inverse_Core.Ops.Range.Mkt_RangeTo_f_end", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0a1fc74b53c69a41eceb9d7368f73b62", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_1d1f1ecbbef37067035a7c7f276e4e21", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d26fa327c2c1ff0a9633e2624291cd2a", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_ed95cbcc65ce70ece9e84ad5f1db743e", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Core.Ops.Index.__proj__Mkt_Index__item__in_range", + "token_correspondence_Core.Ops.Index.f_index", + "token_correspondence_Core.Ops.Index.in_range", + "token_correspondence_Core.Ops.op_String_Access", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.Int32.v", "typing_FStar.Seq.Base.append", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.upd", "typing_FStar.UInt32.t", + "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Libcrux.Kem.Kyber.Ind_cpa.wfZero", "typing_Prims.pow2", + "typing_Rust_primitives.Arrays.length", + "typing_Rust_primitives.Arrays.slice", + "typing_Rust_primitives.Arrays.split", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "9295d30481de5a82e34858191a751466" + "faaca9264a5f365c60fabc98bfdf93f2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3412,7 +3723,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "cc446721e441ddb27cdc460ebdba2b78" + "1c4305afbac8855b0f934757942c81a4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -3466,7 +3777,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "62b9628713a4e0acd9a8a6587d756c48" + "49db2a27c21146deba4c7ae09075c795" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -3617,7 +3928,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b2c2c8cf965711c26d2957a8d515c03c" + "7a1592394855606338b224c6c00648b2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -3687,7 +3998,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ed68da75b36bc8b834a05c8ea130f70f" + "59bc8335ecfb6c355b845df7239feed5" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -3813,7 +4124,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c0f47a05e2de187a43f1d645ed24c9b5" + "532a4fe698a83e89bdd4260f21900548" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -3850,7 +4161,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b9a029874497ce347734521f54bfadb7" + "ebdc96675e21abcc9e3b94223eedd648" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -3962,7 +4273,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9651c0b89c98a54c29417957482fc0f9" + "ae5c4aa8bea8bba2b7769edfa390e6b2" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints index 45f64c730..9c0c122c3 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints @@ -47,7 +47,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "46374f0fbf1d9f7d58a113766f953d75" + "a2864dcdcfd4e3f9433f357645d211e2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -132,7 +132,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "8d9b6b20767f2919cbbed0cfb879bc12" + "cbbe57134c69f94740f0f2ac5b035c8b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -211,7 +211,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d1cbf319aa1cb6648393f35ca7c767a4" + "df6f04ed8c3ec5ab3f7ff0affd6cea12" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -275,7 +275,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e75a553725bc59d233e349156be53f1b" + "3a2a23fbfd0b78ee4914e27126fdf3d7" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -343,7 +343,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "eef8404afdef48b9f50c07e7ef47c454" + "f14d0d223fdfa0d3d8934a31d8f79e29" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -431,7 +431,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "7d5832fb3e1f3622a610f26fc9fa2e68" + "883df3824b4d343482883a2bfede793b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -495,7 +495,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "1f515cbb315269b679e569d5be5fea68" + "a6cca08f1b72466854563cc5a82063c9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -555,7 +555,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a4935ae135d9acb1877b66d74f7ed6c5" + "701e4c3f583908c3584edbffed4d9fc1" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -626,7 +626,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "0bb59e8ec28acff8237047a40770e0dc" + "5eab150b79c5368eddbb095287b4ffd3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -680,7 +680,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "27068b859652ed84e1e1d4ea241d6b50" + "4b035d40ced6fccced2f42620f82da98" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -750,7 +750,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "be4244631a08bfc7a26e9038611bfc44" + "6e736742e8f0499d4163fffdb6d57ea9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -787,7 +787,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "5dff4f5f9172343f0e88d9d6649e0e66" + "ad65278c9afba3ec0d012243751c186f" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints index a78f91a86..4ebe0ce48 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fst.hints @@ -40,7 +40,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f9d7e870d75451e9fda40ae9a6794a42" + "541e9050a5fdb4db4a93fd468c5c0df6" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA1_RANDOMNESS_SIZE", @@ -94,7 +94,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "5c2b8e6ea82f25ec7b00d0a59e5f500e" + "23c542c1b6a81441e01126649225b3f5" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA2", @@ -135,7 +135,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8ab1aa1a62025cdd9459a4127d63977d" + "45dd91a616a5400c4fdf8da48c06ddc2" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA2_RANDOMNESS_SIZE", @@ -189,7 +189,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "f33c0e6d30e405a025bbf5d189312212" + "7e68d738cee193573ec5bc4482aeb8df" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_RANK_1024_", @@ -228,7 +228,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "923a56669e1227678616bde86f4aea89" + "e4406709b7f108335cfea9aa8dff2748" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_SECRET_KEY_SIZE_1024_", @@ -288,7 +288,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "1b6e11a85829a871ab32e28f3ac3c596" + "cf16f962175659625fc8b03bb586b542" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_RANKED_BYTES_PER_RING_ELEMENT_1024_", @@ -347,7 +347,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "3c0232eb7c79f3b983927605adb182c8" + "febac0f402e84b7c4a5e87a1ae643559" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_T_AS_NTT_ENCODED_SIZE_1024_", @@ -407,7 +407,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "1e91b3fdc79a06d2c84f9a4207c87581" + "1e195314580f09301aea86da6b96ee8b" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_", @@ -472,7 +472,7 @@ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE" ], 0, - "7c5854d3632f12b7f6161ffd8dfa7364" + "6ec49faa252af5b33490216fee42427f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_", @@ -494,9 +494,10 @@ "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_", @@ -547,7 +548,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "38a14b5936b093cac85b4f2dd5a0c3c1" + "439843412ca27d7ad10558c09c420987" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_", @@ -574,9 +575,9 @@ "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Libcrux.Digest.Algorithm_Sha3_256_@tok", "equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Libcrux.Digest.digest_size", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Digest.digest_size", "equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE", @@ -630,7 +631,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "fc7b55372d8323f4d3aee0af1a2549dc" + "30624ff43256a936443687fbc9c84be5" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_", @@ -712,7 +713,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "ee63d7dc3289e401ba71a2e349188b0e" + "edf42f41c1948fb25aee8b76e5a469d1" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_U_COMPRESSION_FACTOR_1024_", @@ -751,7 +752,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "fd7e044ae2cab749a2a3aedbbeac0856" + "3af59bb1b90236616898465a3150138a" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C1_BLOCK_SIZE_1024_", @@ -808,7 +809,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "57653cfdc92442e61f637dc70c73e6f1" + "76282440741f5b1f14609c44dc20ce81" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C1_SIZE_1024_", @@ -875,7 +876,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "4f0f4cb3ecb18b5062dcb922331077a6" + "2ddf1c190c7f83e7f471b158aae98e7f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_V_COMPRESSION_FACTOR_1024_", @@ -914,7 +915,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bb3cbad87dbdf53e5860bb723af93bba" + "6e9e4052d81592f69656c7d22e81aad7" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C2_SIZE_1024_", @@ -971,7 +972,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "2c2c6f75219eb0c259db41e3a86cd54c" + "0b75a181cd612c31a90ab895762a7812" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_CIPHERTEXT_SIZE_1024_", @@ -1048,7 +1049,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "fc9fc4f32c9ea62a724ddd9fa7d6b8b6" + "16dd24f3fad574689dd09785afe94a3f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -1125,7 +1126,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "a0ed8f9bebdaa296e3cea523129c146a" + "9f1c4889b6ac39e9f6e8bd6f9945e2da" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024Ciphertext", @@ -1164,7 +1165,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9e876369dfce574683491b9768693c55" + "96f22d3e794088bc1e527cf5d6df862d" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PrivateKey", @@ -1203,7 +1204,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "245818d44634e1020482ea80eb3dfb5c" + "e92f9c8326065f12162f808dbe6d54b5" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PublicKey", @@ -1242,7 +1243,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1d3ea4c2e84da4ebc0a511b4bbc20cf9" + "a093dc1a40d239a1b48565f728abb5b8" ], [ "Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_", @@ -1280,7 +1281,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "331d472daf8f0086cd406aab81f624d9" + "69ec0d10fec2c5a6c94c20ee75651c1d" ], [ "Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_", @@ -1290,7 +1291,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1298,27 +1300,92 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber1024_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", "int_inversion", + "int_typing", "lemma_Lib.IntTypes.v_injective", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.add", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "47ffa48b284ed7cbda3996ebe3cbfd7c" + "e6c2e08bed6728c309c6579d1b8e628e" ], [ "Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_", @@ -1422,7 +1489,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "754c0e88051dc2da9fe9467c4c16bab4" + "bf5bc9189ddb12202ad553e254f7cdce" ], [ "Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_", @@ -1460,7 +1527,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "5164f1072bad4915bbc3f69244152e2e" + "b15548bf53410612b8c5c71bba3f1618" ], [ "Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_", @@ -1470,7 +1537,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1479,26 +1547,82 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber1024_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e78499fd470134433b44b0130dafd7e3" + "c578acb0b937086812c50bba7b1014f4" ], [ "Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_", @@ -1593,7 +1717,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0d8b87ebe5c41e07ef1a2663ea846791" + "58a3a66637f743c8e8aa5ba2a0576dcd" ], [ "Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_", @@ -1632,7 +1756,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "fc06954cd4c3e8517a03d7445f73093f" + "02c3ce76b6baa7d16336fd6de3b1fedf" ], [ "Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_", @@ -1642,7 +1766,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1650,27 +1775,66 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber1024_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber1024_params", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "01bde0961cad3e72014735bfb00cf103" + "fdd8b8f54b27b5142ceb693eb763a59f" ], [ "Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_", @@ -1748,7 +1912,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "a60faf25196fc564f58cd279479c426a" + "71bf966aa7f536c84ce0f7ee38a138a0" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints index 49b61d4ce..4369037e3 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber1024.fsti.hints @@ -37,7 +37,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ffe2a1b6bf9e100c151c883659b8729d" + "5ee0c6527ecbddae5f78d850e87b8c21" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA1_RANDOMNESS_SIZE", @@ -83,7 +83,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "0082b1f921cb8e3e9d3ef0e06fa6869e" + "6f1a3d13bd08f271a74ffa8e266522a4" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA2", @@ -121,7 +121,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f2251612a626594e9d534d69d04782eb" + "89aa166050788aa07047541864b31524" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_ETA2_RANDOMNESS_SIZE", @@ -167,7 +167,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "1d8e591fdc80d05184be44b9467f37a0" + "b1bb492a5a3cfeaa04bf241cab15febf" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_RANK_1024_", @@ -205,7 +205,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d2138d63ff4ef135fd6fe6458353ade2" + "bb1d7addede1d4316bd3ce57317fbe2f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_SECRET_KEY_SIZE_1024_", @@ -263,7 +263,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "2100c1bee48d3cc70d8ff311443f375d" + "900d9048b1b6628a16d410c5527dba55" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_RANKED_BYTES_PER_RING_ELEMENT_1024_", @@ -321,7 +321,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "0d3ff33e3d14c74d1a2e9ec4e8b3443b" + "572cb2dbd37834d6184a0ed6047ed596" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_T_AS_NTT_ENCODED_SIZE_1024_", @@ -379,7 +379,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "d73bb340eb53c2874aa56376b84632fb" + "dbdb4625a51a414b118687d0a85b24b9" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_PUBLIC_KEY_SIZE_1024_", @@ -442,7 +442,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "87c9b686cdb5d8baf512931206783897" + "d06b32a478d73c58759ff149e42bff89" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_SECRET_KEY_SIZE_1024_", @@ -523,7 +523,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "08f4fac21275977a2078c9ec26ec184d" + "2c616e014799f29fcc3f65e8b3a92d2f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_U_COMPRESSION_FACTOR_1024_", @@ -561,7 +561,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7c23e09cee4f504af76d1ce1597a879c" + "a7b5bb4ed1aaeeba60b35a697fe996ca" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C1_BLOCK_SIZE_1024_", @@ -617,7 +617,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "075474bc24edaa327769ca9a1d278953" + "69147969574892400f539979635e401b" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C1_SIZE_1024_", @@ -683,7 +683,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "4af5c8ebee447c0b4bf7fedfba119401" + "4612128d255d2dd13ca7b96e1f90088f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_VECTOR_V_COMPRESSION_FACTOR_1024_", @@ -721,7 +721,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "47280cc2328c633aeb7e2be08ef88b35" + "4525317c5e80b34b4813b1b07143e074" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_C2_SIZE_1024_", @@ -777,7 +777,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "adacd225e5c923b218dfb646b5502507" + "3672d3d798980407512a774d948f1c4f" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_CPA_PKE_CIPHERTEXT_SIZE_1024_", @@ -844,7 +844,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "fb3b04f012f89d1b7a4a5e802a532d03" + "c78fd58a22dc53ba46243499d01c2f70" ], [ "Libcrux.Kem.Kyber.Kyber1024.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -916,7 +916,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "47f190d2e8dea329f4e10f79a49881f9" + "fb07bcf64c48334d86fc46bddcd3cc41" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024Ciphertext", @@ -954,7 +954,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c44484bd73367ef96b6b47237e88cdf7" + "15167fb4283b57dac32ecc86e20ae89f" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PrivateKey", @@ -992,7 +992,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1ff4b930694d81392cd40d1c1bd9bfd3" + "a82cab568a9d0c8ab58b6c30299e1768" ], [ "Libcrux.Kem.Kyber.Kyber1024.t_Kyber1024PublicKey", @@ -1030,7 +1030,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "87df4e3ea0852ee34104f16ee0833311" + "d915e55b735f49347b04ab2bd8790cde" ], [ "Libcrux.Kem.Kyber.Kyber1024.decapsulate_1024_", @@ -1068,7 +1068,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bd400dfa36df989c506ab5a46503a56f" + "673647cea8e0d31b7f6fad328a00a08c" ], [ "Libcrux.Kem.Kyber.Kyber1024.encapsulate_1024_", @@ -1106,7 +1106,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "144861e696f5cffc6e297fcf75f37c1b" + "1bd4291531b213d4db89d97be6c15a5e" ], [ "Libcrux.Kem.Kyber.Kyber1024.generate_key_pair_1024_", @@ -1145,7 +1145,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "be72f60b0c79de14a22f09d796ec1143" + "398199c9dc2b19b0900cc6c930016260" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints index e7b178a2a..7b16a20f6 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fst.hints @@ -40,7 +40,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a2262631289adc8cbb6afe63def356ec" + "b73ed56355508687c62ceb125aa2f5c7" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA1_RANDOMNESS_SIZE", @@ -94,7 +94,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "afdbd858a7b3408ea2d48c0155730d2c" + "102a848eb0b56d2893afb3fe85ef731c" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA2", @@ -135,7 +135,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a9822d209e9f75a838b30cd09f2e03f7" + "c3e8c6b78affb25424aeab05845ac515" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA2_RANDOMNESS_SIZE", @@ -189,7 +189,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "7b15834298fa56ccb6526a4dcae5f96e" + "3377c38dfda4873219a3175c4c129e73" ], [ "Libcrux.Kem.Kyber.Kyber512.v_RANK_512_", @@ -230,7 +230,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "37d0d20b42d5b31db16fb8400dfdaff6" + "134ff5a9e13602b56262f17efa723cd3" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_SECRET_KEY_SIZE_512_", @@ -294,7 +294,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "5183e47d11bd1e6507c99e1f0a7dcd6a" + "a97c75782118ed9585d8b4eec41f9a6b" ], [ "Libcrux.Kem.Kyber.Kyber512.v_RANKED_BYTES_PER_RING_ELEMENT_512_", @@ -358,7 +358,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "57bd4a468324206aff5e3af8b54e7413" + "63146c94f53d2733b5271427ee1e644e" ], [ "Libcrux.Kem.Kyber.Kyber512.v_T_AS_NTT_ENCODED_SIZE_512_", @@ -422,7 +422,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9484e9b5e85fdd2b6c2c03fa5fd273c9" + "bbf746be6223de75297d253270e1e84f" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_", @@ -487,7 +487,7 @@ "typing_Spec.Kyber.v_SHARED_SECRET_SIZE" ], 0, - "89256b0cf97d0e7bb8908a25a8fdaedd" + "26310847e7a1438576b2e1b715a5b953" ], [ "Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_", @@ -509,9 +509,10 @@ "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_", @@ -563,7 +564,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "cf5f9e281d5e5481209f5477409aa298" + "2012eab9ef460ae50973a9b14c9ff96d" ], [ "Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_", @@ -614,8 +615,7 @@ "equation_Rust_primitives.Integers.usize", "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.v_H_DIGEST_SIZE", - "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", - "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", @@ -646,7 +646,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "052c8a6004d4368c484033b77055b7a3" + "018bf2e65fefb2f38d042e89f06dd81e" ], [ "Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_", @@ -672,9 +672,10 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Libcrux.Digest.Algorithm_Sha3_256_@tok", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Libcrux.Digest.digest_size", + "equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Digest.digest_size", "equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Constants.v_H_DIGEST_SIZE", @@ -729,7 +730,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "4a2f90a4bb0d3539b14e014adf0b52f2" + "23835f79e0c47471dab12a1f6691d402" ], [ "Libcrux.Kem.Kyber.Kyber512.v_VECTOR_U_COMPRESSION_FACTOR_512_", @@ -768,7 +769,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c28d181a9948ceec5fcfa68dba2c95ce" + "6591763fd0a2905ebc7641e0d021a682" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C1_BLOCK_SIZE_512_", @@ -825,7 +826,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "b3dc43bdf00482673ef7e1d71fd42855" + "2212169017039d967585c9cbafb07b9a" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C1_SIZE_512_", @@ -896,7 +897,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "cfb631a802e560054aa6a227364f5ea2" + "a4f3dc0c2d34921c6543bf11253a4faa" ], [ "Libcrux.Kem.Kyber.Kyber512.v_VECTOR_V_COMPRESSION_FACTOR_512_", @@ -935,7 +936,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c98bfd9dbd039bee833f22f8441c4082" + "9369aea6558823273d55cb0d83b405bb" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C2_SIZE_512_", @@ -992,7 +993,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "2760fb5be62545ff840e0caeb3bd0977" + "fb8bfbb43b51e65692ca0cacad0b5a7e" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_CIPHERTEXT_SIZE_512_", @@ -1065,7 +1066,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "1c56d7db20878202a6e7b02ff7c69a9a" + "87835225df3b289c0b0539bd88906a72" ], [ "Libcrux.Kem.Kyber.Kyber512.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -1143,7 +1144,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "734a513a4b61fad415a57ca9bbfd8d68" + "5b98256a0b87f03b81b8f0e489e35ce6" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512Ciphertext", @@ -1182,7 +1183,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9fd223e9fe004716ea3f97f922b5e6ca" + "3ba6953098aaa8e4a3ec3cc9514127ad" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512PrivateKey", @@ -1221,7 +1222,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "25f2edaecc3da5720b31972fbd28b38e" + "b863142d653a11fe0556e6d571d22e55" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512PublicKey", @@ -1260,7 +1261,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7f313c50f7140ecf8a729bbb010b7382" + "028726431d36cc211fc9f406ca39e587" ], [ "Libcrux.Kem.Kyber.Kyber512.decapsulate_512_", @@ -1298,7 +1299,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b53c655cd01deff208d1ec6835fbe3b8" + "5037d225f3306f27cafbe8537ac567ef" ], [ "Libcrux.Kem.Kyber.Kyber512.decapsulate_512_", @@ -1308,7 +1309,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1316,27 +1319,96 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_Libcrux.Kem.Kyber.Types.Mkt_KyberCiphertext", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberCiphertext", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_769d89d2adb5ba14177e537ed06ba341", + "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "91e8a96ac275d88ad3dd8337c041bab8" + "0821f6d72cbf905a6000470ef20551e0" ], [ "Libcrux.Kem.Kyber.Kyber512.decapsulate_512_", @@ -1445,7 +1517,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "12c38e27825fc7a30748a1723835082e" + "b2e78c3be696f9e6c4dbb19a649b9918" ], [ "Libcrux.Kem.Kyber.Kyber512.encapsulate_512_", @@ -1484,7 +1556,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "414a16de85e9a69711b8a63195ea526c" + "052203a817a4cad24c731bee1fae13d7" ], [ "Libcrux.Kem.Kyber.Kyber512.encapsulate_512_", @@ -1494,7 +1566,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1503,26 +1576,79 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber512_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_769d89d2adb5ba14177e537ed06ba341", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE" ], 0, - "214b07d64d3b9e4f647bc98e976841c2" + "951e29637cf0c95f408f7a98d8637f8f" ], [ "Libcrux.Kem.Kyber.Kyber512.encapsulate_512_", @@ -1615,7 +1741,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "f0f72587621621e831768763379adfda" + "23afb342ba4dce72911478e5625c8d62" ], [ "Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_", @@ -1654,7 +1780,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3392d5e1cf4275b625b6f9c3c3f4ea39" + "b7ed9c99258a9ca8cadcfa9e8cdc8908" ], [ "Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_", @@ -1664,7 +1790,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1672,27 +1799,64 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber512_params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber512_params", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "01bde0961cad3e72014735bfb00cf103" + "a2e964f38d16accc18cdbf434168bd39" ], [ "Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_", @@ -1768,7 +1932,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "4711e93618ffacef35418b8fd6756026" + "8bd8a1f8d8c2327c37bc9ad733f41119" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints index be5c320d4..0b60ea92d 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber512.fsti.hints @@ -37,7 +37,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f643af25a005832c5dc7a4ec77534860" + "700a0c1f50539a17f8d01b27a3dd2d34" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA1_RANDOMNESS_SIZE", @@ -83,7 +83,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "a798a09561a38ebe9e3d30f53a1624a3" + "4ca90695fc0dfca3bca0a671bdf9c337" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA2", @@ -121,7 +121,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d6b9411e499ec1056723c9b7a704ef58" + "1c5ef3158052a63db14e2fdebde7e623" ], [ "Libcrux.Kem.Kyber.Kyber512.v_ETA2_RANDOMNESS_SIZE", @@ -167,7 +167,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "20dc6aa3398c30cf844b94b991729905" + "d1de9a8bd10505db30ce79742fb1a2ad" ], [ "Libcrux.Kem.Kyber.Kyber512.v_RANK_512_", @@ -205,7 +205,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a02eea15ed06eeb1b4375eadfbc43022" + "119d0b2c92d1b8535abbdec573dfb4b0" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_SECRET_KEY_SIZE_512_", @@ -263,7 +263,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "788caf79bef18ca865db6ed28489b395" + "42f234ebeee900b672267b4eaf138509" ], [ "Libcrux.Kem.Kyber.Kyber512.v_RANKED_BYTES_PER_RING_ELEMENT_512_", @@ -323,7 +323,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "dd51e3fb52b2a84bcfb5e3e4345ee51d" + "5142dc824a2257a3c95b8e20ebd21754" ], [ "Libcrux.Kem.Kyber.Kyber512.v_T_AS_NTT_ENCODED_SIZE_512_", @@ -382,7 +382,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "bb5d71a16672c873033c24cf86a1561f" + "68f4d5bdac5be2ef37383f6d2d368689" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_PUBLIC_KEY_SIZE_512_", @@ -445,7 +445,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "8a7b9c51a6e00568c0f0187bf51c81cf" + "edb8ffc5e46a7c9b6359d03c38f32083" ], [ "Libcrux.Kem.Kyber.Kyber512.v_SECRET_KEY_SIZE_512_", @@ -525,7 +525,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "302ee4a7f73625897c6984441d9a01b0" + "4c2e737e56ab7f52237a00d23a38bab1" ], [ "Libcrux.Kem.Kyber.Kyber512.v_VECTOR_U_COMPRESSION_FACTOR_512_", @@ -563,7 +563,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "970f2e1f2c0e778b871fb127dae60b30" + "f231124768e5156cc8c479cb933608c2" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C1_BLOCK_SIZE_512_", @@ -619,7 +619,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "d8df0c1cf15abfba48e243d3d2bf8df1" + "44777921dd49d49fa821d57190837391" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C1_SIZE_512_", @@ -685,7 +685,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "fb5285ad40b1dcd6fd10a5a50b9c7b81" + "c874fd59272048154dd6ff6d2d69ec30" ], [ "Libcrux.Kem.Kyber.Kyber512.v_VECTOR_V_COMPRESSION_FACTOR_512_", @@ -723,7 +723,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "33c68a6b36fa6c7f0074a0ca035a0579" + "fc213c4ae2ea0ed55770b1caaf8625aa" ], [ "Libcrux.Kem.Kyber.Kyber512.v_C2_SIZE_512_", @@ -779,7 +779,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "252774e4212788843eca27ac87d90188" + "92d5a78ed1818521f213ae7479eedc22" ], [ "Libcrux.Kem.Kyber.Kyber512.v_CPA_PKE_CIPHERTEXT_SIZE_512_", @@ -846,7 +846,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "e19f57250d414963f0d3cd1bfbf46f35" + "cc3ff479e20ed4d68a406c9f25cc61c6" ], [ "Libcrux.Kem.Kyber.Kyber512.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -922,7 +922,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "97aea39f4984e1e90f64ea813682c4e6" + "349a12e28bfff4ce79d45ea3cfe92ffe" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512Ciphertext", @@ -960,7 +960,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bb7090f941cae6d606cc3e6a3a961197" + "77d2562039fc666b1f359133c3f5a7ed" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512PrivateKey", @@ -998,7 +998,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f7d5a6e5dbf0fa3c2656b1f6f91cbb81" + "9e729f1f699295683108ab2ef17034b6" ], [ "Libcrux.Kem.Kyber.Kyber512.t_Kyber512PublicKey", @@ -1036,7 +1036,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bde6725300e657cff5570bd22cd32cc1" + "9590bb93eafea5a85cf5b9dd0145cddf" ], [ "Libcrux.Kem.Kyber.Kyber512.decapsulate_512_", @@ -1074,7 +1074,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "423260315baf8fc2ce56fa68aec6736c" + "07f97c5c1f5d06c2d0a2fb944b89995b" ], [ "Libcrux.Kem.Kyber.Kyber512.encapsulate_512_", @@ -1113,7 +1113,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f5ad920aa87d0162200d09a2f0ed9238" + "b77f37fa7df9f90e5bcb0c8d281063b5" ], [ "Libcrux.Kem.Kyber.Kyber512.generate_key_pair_512_", @@ -1152,7 +1152,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "544d1b5e690ba39d1813de1d78e8a8d2" + "2e4b351854d277ae06d4bca2299b8d65" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints index bc4bd1622..9be6eae67 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fst.hints @@ -40,7 +40,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f9d7e870d75451e9fda40ae9a6794a42" + "541e9050a5fdb4db4a93fd468c5c0df6" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA1_RANDOMNESS_SIZE", @@ -94,7 +94,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "0f4fdc587f387ff53ca38176c32ff0f1" + "c2758d6f0d34f887b854fc8f5c885626" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA2", @@ -135,7 +135,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d895b078aff884875e245fefccd1adc3" + "d36cce2e1f36911e98141a3d319130ad" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA2_RANDOMNESS_SIZE", @@ -189,7 +189,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a5d485f6930ff41c55f22e375518c861" + "c74b230b3bf0a80a21bd535fa7bae451" ], [ "Libcrux.Kem.Kyber.Kyber768.v_RANK_768_", @@ -230,7 +230,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9bf06006c91f1aced3a3a8938567707d" + "e021fc13d25d1b3c7cc1ebeb542e394e" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_", @@ -293,7 +293,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "cc1bab74c6f99a3a4e57b90280a65f8f" + "a2e0ebc68dbe1950b5ef310deece9288" ], [ "Libcrux.Kem.Kyber.Kyber768.v_RANKED_BYTES_PER_RING_ELEMENT_768_", @@ -353,7 +353,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "94f5d4be384f791293f080b46745e2d2" + "6c926cd50b2db20e3e6ecadeb97ebb39" ], [ "Libcrux.Kem.Kyber.Kyber768.v_T_AS_NTT_ENCODED_SIZE_768_", @@ -416,7 +416,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "688d6fbfe8466b01f0d758683be43d3b" + "b77f402b6a4cf8d8adcac71a51f65481" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_", @@ -478,7 +478,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "686a932102c8304ff349f356eed709cc" + "d0c16fec4e6639a17045e30635c0c62a" ], [ "Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_", @@ -500,10 +500,9 @@ "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.UInt.max_int", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_", @@ -538,15 +537,10 @@ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e477cd5567f25e8e57e00f0185fa1ab0", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_BITS_PER_COEFFICIENT", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "typing_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_", "typing_Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_", - "typing_Libcrux.Kem.Kyber.Kyber768.v_RANK_768_", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.mul", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", @@ -555,7 +549,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "4e6be58aba3f4c0d1b17047c619b5db2" + "e94af2e3d2a7cca106c37fc107d3d5eb" ], [ "Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_", @@ -606,8 +600,7 @@ "equation_Rust_primitives.Integers.usize", "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.v_H_DIGEST_SIZE", - "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", - "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_typing", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", @@ -638,7 +631,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "ca037a953c1ced095852a8705d8c2a21" + "10da19c6aa9670e5ece7098cd999a8e6" ], [ "Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_", @@ -721,7 +714,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a726cf76e4d89ca72016f8f192b1dc24" + "c6f6005ccff9f45848fe969305a5f96c" ], [ "Libcrux.Kem.Kyber.Kyber768.v_VECTOR_U_COMPRESSION_FACTOR_768_", @@ -760,7 +753,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "613d58229cb215accf91aa723e807747" + "311f23abac501033b5a772ba4a0f49aa" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C1_BLOCK_SIZE_768_", @@ -817,7 +810,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "7894565fdf471e20f0b7655915ff6248" + "5729bb73d9bb3cda0b3997edc15efac6" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C1_SIZE_768_", @@ -888,7 +881,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "74a3a8060b1d6e5ad16b2b606bfe32e3" + "e7abbce5979671529c25a70a99f5ca21" ], [ "Libcrux.Kem.Kyber.Kyber768.v_VECTOR_V_COMPRESSION_FACTOR_768_", @@ -927,7 +920,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "01d9f6d89443745e3e39f5e87f25815e" + "11aeee28608b3a69900bbd6dc6164eaf" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C2_SIZE_768_", @@ -986,7 +979,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "bcece07fa41b7ef4b17f532922598ca6" + "f3f368cf0e92bb77e0d2c448b67460eb" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_CIPHERTEXT_SIZE_768_", @@ -1059,7 +1052,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "36c4070cd1fbdc37a19e86305ce61173" + "b2231d972be64fb015707b54f2b6fe78" ], [ "Libcrux.Kem.Kyber.Kyber768.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -1137,7 +1130,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "ae069e23b9643ab2a8c82f7cd88091b1" + "0af8b9e81d142473508476bb64ea697f" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768Ciphertext", @@ -1176,7 +1169,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "cf1d60079e3882f3ded5441b88875055" + "a1dae7a7519f5e91182f1b4e7977cade" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768PrivateKey", @@ -1215,7 +1208,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b15fe1cc78bb0a9436a037f9f0618d3a" + "ae115b763f08f95985c3712751f9d007" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768PublicKey", @@ -1254,7 +1247,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "376c0e3e5ef8b99eca79f35b85640df9" + "82c635b26398b2855d362e29def5535f" ], [ "Libcrux.Kem.Kyber.Kyber768.decapsulate_768_", @@ -1292,7 +1285,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9a81e57180ab552a0dcbcd1b79c032c0" + "96fc23cc7393bfeb01bfef6be4fec069" ], [ "Libcrux.Kem.Kyber.Kyber768.decapsulate_768_", @@ -1302,7 +1295,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1310,27 +1304,92 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber768_decapsulate", + "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberCiphertext", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberPrivateKey", + "int_inversion", "int_typing", "lemma_Lib.IntTypes.v_injective", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberCiphertext_f_value", + "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberPrivateKey_f_value", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_790ef91134217408f1ba2895d20e36c7", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Rust_primitives.Integers.bits", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_e99b3044abed213f37871149ff318e44", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "typing_Spec.Kyber.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "47dcf3b6558b804379b931789a4e49a2" + "21c3658232488bb584636fdc54bb0d19" ], [ "Libcrux.Kem.Kyber.Kyber768.decapsulate_768_", @@ -1434,7 +1493,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "52b60087f37343541abb85dbdad59481" + "c79866f6299aca76c07206cd83f79eb5" ], [ "Libcrux.Kem.Kyber.Kyber768.encapsulate_768_", @@ -1473,7 +1532,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "21412c8c9c93aeeb057ba7bf327ea0d7" + "8701e8b4c81230e75181c9ba4ce0d767" ], [ "Libcrux.Kem.Kyber.Kyber768.encapsulate_768_", @@ -1483,7 +1542,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1492,26 +1552,86 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber768_encapsulate", + "equation_Spec.Kyber.kyber768_params", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.t_KyberSharedSecret", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_C1_BLOCK_SIZE", + "equation_Spec.Kyber.v_C1_SIZE", "equation_Spec.Kyber.v_C2_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_ETA2_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "equation_Spec.Kyber.v_T_AS_NTT_ENCODED_SIZE", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Types.t_KyberPublicKey", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Types.Mkt_KyberPublicKey_f_value", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "proj_equation_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA2", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_U_COMPRESSION_FACTOR", + "projection_inverse_Spec.Kyber.Mkparams__v_VECTOR_V_COMPRESSION_FACTOR", + "refinement_interpretation_Tm_refine_0e1d8acba93710c332370f20ed925486", + "refinement_interpretation_Tm_refine_117f68d1f96cf8c1d2700eebe70084e5", + "refinement_interpretation_Tm_refine_2684b5609986811a544b67627d3f8aa8", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_C1_BLOCK_SIZE", "typing_Spec.Kyber.v_C1_SIZE", + "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "979dd9765d144c6c3e02a9081a15449e" + "96a6212d6d999f3b4a86c56d8ca37cf8" ], [ "Libcrux.Kem.Kyber.Kyber768.encapsulate_768_", @@ -1609,7 +1729,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9f593e3d40fed22b953c4a23f6263cf8" + "6b6724adae5f7b9879e1e9493b1b1eae" ], [ "Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_", @@ -1649,7 +1769,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a6852f73ee01ecce4821a2d1b0b440c4" + "18d0d552c98acf50bff6e74cae2ee310" ], [ "Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_", @@ -1659,7 +1779,8 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1667,27 +1788,59 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.kyber768_generate_keypair", + "equation_Spec.Kyber.kyber768_params", + "equation_Spec.Kyber.t_KyberPublicKey", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_CPA_PKE_PUBLIC_KEY_SIZE", + "equation_Spec.Kyber.v_CPA_PKE_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_ETA1_RANDOMNESS_SIZE", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "equation_Spec.Kyber.v_SECRET_KEY_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", "int_inversion", + "int_typing", "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.Kyber.Mkparams__v_ETA1", + "proj_equation_Spec.Kyber.Mkparams__v_RANK", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.Kyber.Mkparams__v_ETA1", + "projection_inverse_Spec.Kyber.Mkparams__v_RANK", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8958f2388129bdac6873f4cda807036", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.kyber768_params", + "typing_Spec.Kyber.v_RANKED_BYTES_PER_RING_ELEMENT", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "01bde0961cad3e72014735bfb00cf103" + "f8e8082f252de7038c2c4386dc475832" ], [ "Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_", @@ -1758,7 +1911,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "a48a6177df2c3318e82dd0a2b90ef4d2" + "8b4f90d2a655569a10f79af5c8a4ac0d" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints index f261d424c..59945fa9a 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Kyber768.fsti.hints @@ -37,7 +37,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "56208c412b9de42479751b700fa92b28" + "8ea5ec7baa3130e3af95e6c2fb61c6fc" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA1_RANDOMNESS_SIZE", @@ -82,7 +82,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a65e24d9cbb541bb7097e9879edc3b53" + "71c2e892aa0a9a967398a5d9b406306d" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA2", @@ -120,7 +120,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a98b0e2d698762f3970bb7830cb26b1f" + "b1036532c5c0f65af7f7707124064ef6" ], [ "Libcrux.Kem.Kyber.Kyber768.v_ETA2_RANDOMNESS_SIZE", @@ -168,7 +168,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "67805a52dc5efab0caf26e658e34690e" + "14a627bc9b3598e6e26cfe8b57e4b913" ], [ "Libcrux.Kem.Kyber.Kyber768.v_RANK_768_", @@ -206,7 +206,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ca8a47f0580cb8708a94f80f6499058e" + "830653279c8ec451b40b736855769581" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_SECRET_KEY_SIZE_768_", @@ -264,7 +264,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "f4fd19359dd793ad55995ae8f242498b" + "110a3bd85db5cda1f9b14a767112d02e" ], [ "Libcrux.Kem.Kyber.Kyber768.v_RANKED_BYTES_PER_RING_ELEMENT_768_", @@ -322,7 +322,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "d275bc70a224cab676dd896fb93acba3" + "904b6ee23baaaec234545c5dc8274b8e" ], [ "Libcrux.Kem.Kyber.Kyber768.v_T_AS_NTT_ENCODED_SIZE_768_", @@ -381,7 +381,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "f8bf8969a9f04d3e2e4a66e58cdcc484" + "8b39c786f76defbd4b8c6e8abfb9b9bc" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_PUBLIC_KEY_SIZE_768_", @@ -444,7 +444,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "31cfd379c1863fd690dff7d3cfd8d1f8" + "c7ab219ef44fd9fed630087af3f01729" ], [ "Libcrux.Kem.Kyber.Kyber768.v_SECRET_KEY_SIZE_768_", @@ -526,7 +526,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "faf83eba5619d9918cf11e3808472e50" + "0aa760eafd24c15118a377219d340399" ], [ "Libcrux.Kem.Kyber.Kyber768.v_VECTOR_U_COMPRESSION_FACTOR_768_", @@ -564,7 +564,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0ba5a01132c210a13116e8ff43be4581" + "89d15d2afb4a7e35483d85f8bffdd5bb" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C1_BLOCK_SIZE_768_", @@ -620,7 +620,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "17117215d7323aed9edac5f416ccb387" + "9d17efdd713db7d409d1dce6da8623f3" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C1_SIZE_768_", @@ -686,7 +686,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "2667663faf5d8ad8f59dd112756d3e8a" + "e143ea15a392bd0a27a97b1175b034af" ], [ "Libcrux.Kem.Kyber.Kyber768.v_VECTOR_V_COMPRESSION_FACTOR_768_", @@ -724,7 +724,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ade4c0d8278f478a1cf4bbf3f2ba9bbc" + "9373846a1eb17adc32b946cc5bed7405" ], [ "Libcrux.Kem.Kyber.Kyber768.v_C2_SIZE_768_", @@ -780,7 +780,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "09f79ee3cd5b5f7fa7b35cd54f5a25f3" + "4ce95cac359078a2c200ca69f87428ae" ], [ "Libcrux.Kem.Kyber.Kyber768.v_CPA_PKE_CIPHERTEXT_SIZE_768_", @@ -851,7 +851,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "5913f4c24758433aaa231577d26eb79e" + "c29c1a33460bc4e2b6661a05d018f4f2" ], [ "Libcrux.Kem.Kyber.Kyber768.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE", @@ -927,7 +927,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "a1b52630c2fec507e94c86e2b899b603" + "1c917a12248f00ef7a6df5b1c2a72d3f" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768Ciphertext", @@ -965,7 +965,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8bce0631e37ba7075007e654528acb21" + "c49746abef44f84b3819eb79de65823d" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768PrivateKey", @@ -1003,7 +1003,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "85306f73d8c89c465128fa0856221917" + "3926b188d0d64db60c03cfff5e0a826b" ], [ "Libcrux.Kem.Kyber.Kyber768.t_Kyber768PublicKey", @@ -1041,7 +1041,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ba497f97df6ab65d3d74baf038fe67fb" + "8e94edea74f5bbbd050428e90d87438e" ], [ "Libcrux.Kem.Kyber.Kyber768.decapsulate_768_", @@ -1079,7 +1079,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "6f62c5b8784d674752c86d14ce0185ae" + "34ad49f7873920f266f3b3a8616307bc" ], [ "Libcrux.Kem.Kyber.Kyber768.encapsulate_768_", @@ -1118,7 +1118,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "298be40bc8121472a80ec91f8aebd730" + "b2728ec12cb4af5c675d855a37a952b2" ], [ "Libcrux.Kem.Kyber.Kyber768.generate_key_pair_768_", @@ -1158,7 +1158,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7c0744280258a7716cc56ce5f74c52cf" + "97b20e3016cc0f338bb37356bb8b225a" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints index 4ba1ca852..6f7f25267 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints @@ -60,7 +60,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3feed56d4cd53ef92aad181a34839260" + "d6d0a57d08646ea59ddbf9527fe666f2" ], [ "Libcrux.Kem.Kyber.Matrix.compute_As_plus_e", @@ -118,7 +118,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "3e6edb931138967770665dad5edd2e14" + "7be4e5d2476063c1081c7cdcfdd1f8d1" ], [ "Libcrux.Kem.Kyber.Matrix.compute_As_plus_e", @@ -297,7 +297,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "53a0fdc3955101f0cdf61505dd0c086a" + "04860a2e8fa693a6842573d60f4577b6" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -344,7 +344,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "f97cba69ebbb744c9fd9d04849076e99" + "e0a91119d3ad113e9df99655fed7d645" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -510,7 +510,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "27c92a8cc43462263c1b6f370d54858d" + "c1f5180122b245a5570fdd550ea4d0a0" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -557,7 +557,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "5e57dcfbeab41c0103f5c6472838099c" + "855ee46c889f6a9d8b5298ca345e2d8a" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -723,7 +723,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "69ed99e941ca0c804f383a805f83a804" + "6c1254564a45696374d9e651651f82af" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -770,7 +770,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "d26eee00f4e195a8642a6d20bc3dbea6" + "39b91bb9c659cdcee3c39da69962429f" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -959,7 +959,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "0cd700817290affd1cd2d3a06193b866" + "06563eea66be3ce0068c5d0658e94753" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1038,7 +1038,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "0f55551acc718bd19bd400640a077f4c" + "ad36cb26141cee6b05ef3fd50ac007cd" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1048,7 +1048,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", @@ -1056,27 +1058,84 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Core.Iter.Traits.Collect.f_into_iter", + "equation_Core.Ops.Range.iterator_range", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.valid_params", + "fuel_guarded_inversion_Spec.Kyber.params_", "int_typing", + "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40", + "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2", + "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f", + "l_and-interp", "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", + "proj_equation_Spec.Kyber.Mkparams__v_ETA2", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_IntoIter", + "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter", + "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "refinement_interpretation_Tm_refine_08126773a0ec43652fb7d75527aeafb2", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Rust_primitives.Integers.bits", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "token_correspondence_Core.Iter.Traits.Collect.f_into_iter", + "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.__proj__Mkparams___item__v_ETA2", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "04d07d2119e2c1770309c60843115a20" + "b35a151a746d043e11be9e265480a0d9" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1173,7 +1232,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "a00e422dcd0141371c539b81db72f331" + "e17f56d8f9c09e4ae0be3f08407e6895" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints index 90bfd481e..89e098e0b 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints @@ -57,7 +57,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "4734187037118e4d8d5be46be29c3652" + "1f24f0bc3fb93658de04c57d3bc7b878" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -76,7 +76,7 @@ "refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e" ], 0, - "55ca5cee44d92bf47f7e6ae8607405cb" + "97b5eca4ceb16b701b1c14ca5b6abd5a" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -95,7 +95,7 @@ "refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e" ], 0, - "a1b90a294b595d1f261ca4e066d03a00" + "336bdb990231387f8034d9e0b1a5da10" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -142,7 +142,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "01d3589e869a0d94d8f82d713cc45c93" + "81e8f9058b584b321c28bbcf9c393254" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -221,7 +221,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "eb2914af3cfe815432dd68284d7a6778" + "a6d3da798ab49f66f7fc0923f19c9a44" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints index c81a4b327..ca91f49c7 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints @@ -1,5 +1,5 @@ [ - "g$f63\"AP!2S", + "\r\u0001w>\u00105vj5", [ [ "Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R", @@ -73,7 +73,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "50b0b90d327b6b0c8e73a928c0838c4f" + "2133e942d7a928943fc375f2554be2af" ], [ "Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R", @@ -164,7 +164,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2ce8881d2681172f19ec13d23fa5cf9c" + "22f51a80f932c5a853915a9a91a7e8b2" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_multiply_binomials", @@ -229,7 +229,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "abe55f38f1027418dda3c40796b0270f" + "c31894204867c49773f76ccc7fa301d6" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -251,7 +251,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "bc8dbe6ecf40c1520b1409b0ea33dfee" + "9dd4fb999295ed193627b94ac679d3fa" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -259,21 +259,105 @@ 0, 1, [ - "@MaxIFuel_assumption", "@query", "bool_inversion", - "equation_Prims.nat", "equation_Rust_primitives.Integers.inttype", + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equation_Core.Ops.Index.f_index", + "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", + "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Hax.impl__index", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.unsigned", "int_inversion", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", + "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", + "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", + "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8df96e43ae266c076dc3f473846d2cdc", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a98b317897b1e4c2837553dddb4b95a2", "refinement_interpretation_Tm_refine_b094c95ff178317720d7295ce1fdcbef", + "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06", "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6", + "token_correspondence_Core.Ops.Index.f_index", + "token_correspondence_Core.Ops.op_String_Access", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Int.fits", "typing_FStar.UInt32.t", + "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "99392cf2c5f12ec6d00062216e1b53ea" + "96fef98d5d02afdd6de8786add8cf3a6" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -379,7 +463,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "239ec6fbd9f0b2f2117f844cc392881f" + "2f0e4b0fbdf3979ad2ea5e2c8dcecc56" ], [ "Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr", @@ -408,7 +492,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "4f374a7ce8f6b752b785e34c49fb2e8c" + "e370f197f41c41b3abe44011400b4e83" ], [ "Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr", @@ -466,7 +550,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "f7bb73ab18f5e5effd513921e132437b" + "d96d1c6d89b8c5f5136610309c9d626d" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -484,7 +568,7 @@ "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6" ], 0, - "d4bca7f5ce2fc8e66f29cd862ca45e5f" + "c6485e8a18a84f615b7dcb2af38367e4" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -492,11 +576,132 @@ 0, 0, [ - "@query", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxInt_proj_0" + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equation_Core.Ops.Index.f_index", + "equation_Core.Ops.op_String_Access", "equation_FStar.UInt.max_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Hax.impl__index", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.div", + "equation_Rust_primitives.Integers.gte", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.sub", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Rust_primitives.Integers.usize", + "int_inversion", "int_typing", + "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", + "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", + "lemma_FStar.Int.pow2_values", + "lemma_FStar.Seq.Base.lemma_index_upd2", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_43453cb4d924052da16edc30727cedb1", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b094c95ff178317720d7295ce1fdcbef", + "refinement_interpretation_Tm_refine_b44d5c1f88f048774ee7f4587bf43549", + "refinement_interpretation_Tm_refine_b55456d17f7702005ad46ac39eb6ff1f", + "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", + "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c6e59d564177cec47542202264fb74df", + "refinement_interpretation_Tm_refine_c943115eee9824e31978d2201ce69912", + "refinement_interpretation_Tm_refine_cdb746ef12ad546404e15996fdd7203c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6", + "token_correspondence_Core.Ops.Index.f_index", + "token_correspondence_Core.Ops.op_String_Access", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_start", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.add", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.lte", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "5e73baae075d14083d8d83619cdfa321" + "b44795730226e091bcd566b63c340286" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -652,7 +857,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "9cab8738eccdf5fcd9802929e305ed7b" + "96801c896da02c4693769415b6a0d0de" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -665,26 +870,13 @@ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1" ], 0, - "8cacd779b12f7cbea7dd77fde73cfcc5" + "116a994d49262707af1ddaed86fad4de" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", 2, 0, 1, - [ - "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Multiply", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1" - ], - 0, - "fad437f9147b9b263bdf8e5b6f6d0744" - ], - [ - "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", - 3, - 0, - 1, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", @@ -713,10 +905,10 @@ "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.size_t", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_FStar.UInt.max_int", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.size_t", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", @@ -724,8 +916,7 @@ "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", "equation_Prims.eq2", "equation_Prims.logical", "equation_Prims.nat", - "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.bits", + "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.div", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -766,7 +957,6 @@ "proj_equation_Core.Ops.Range.Mkt_Range_f_end", "proj_equation_Core.Ops.Range.Mkt_Range_f_start", "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_f_coefficients", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", @@ -781,7 +971,6 @@ "refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1", "refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f", "refinement_interpretation_Tm_refine_4bb22e36e30d68c2db3a3c9c632a2fcd", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", @@ -795,9 +984,7 @@ "refinement_interpretation_Tm_refine_c525f4bc3aa418afe0bd65cc4d0f6cd8", "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb", "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", "typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", @@ -818,33 +1005,157 @@ "typing_Tm_abs_6dff373001dc1d906d6042062048722d", "typing_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok" + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8a7d00174b2a2a7d70c93dc325cd68d6" + "f988d53e727df0d9066420f7c4699995" ], [ - "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", - 1, + "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", + 3, 0, 1, [ - "@MaxIFuel_assumption", "@query", "bool_inversion", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.unsigned", - "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "88e7d2c21c0349a0047be6f82cf7d5f3" - ], + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_20f40d9ee1256a2a68373ae4ecd3f1d7", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_cc42e9585ff647700033da40cc9a7026", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.Iterators_interpretation_Tm_arrow_3eb481ea9c18f8e60186c8a373e66673", + "Rust_primitives.Iterators_interpretation_Tm_arrow_983b3ba85e9317f2f487483cb7071e8b", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", + "data_typing_intro_Core.Ops.Range.Mkt_Range@tok", + "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "eq2-interp", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.size_t", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", + "equation_Prims.eq2", "equation_Prims.logical", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.div", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Lib.IntTypes.size_t", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.Integers.usize", + "int_inversion", "int_typing", + "interpretation_Tm_abs_6dff373001dc1d906d6042062048722d", + "interpretation_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36", + "kinding_FStar.Pervasives.Native.tuple2@tok", "l_and-interp", + "l_quant_interp_3524d72b7e55c1565267a3ae64984311", + "l_quant_interp_f40cf458c0341f143affa4bb088a3ae2", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_0a1fc74b53c69a41eceb9d7368f73b62", + "refinement_interpretation_Tm_refine_1774adebc4a11b344df7bc2ecbb2e9b4", + "refinement_interpretation_Tm_refine_1cc075782412c91ec7de7e656d2b474e", + "refinement_interpretation_Tm_refine_3073dbb1695e5d5c87e62d3770f0bf8b", + "refinement_interpretation_Tm_refine_3399a824ff354d64b8173aab366396cb", + "refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1", + "refinement_interpretation_Tm_refine_4aa066355e9384aa98eb2ace9b0d012f", + "refinement_interpretation_Tm_refine_4bb22e36e30d68c2db3a3c9c632a2fcd", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b44d5c1f88f048774ee7f4587bf43549", + "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", + "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c525f4bc3aa418afe0bd65cc4d0f6cd8", + "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", + "typing_Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.div", + "typing_Rust_primitives.Integers.gte", + "typing_Rust_primitives.Integers.lt", + "typing_Rust_primitives.Integers.lte", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Rust_primitives.Iterators.foldi_range", + "typing_Tm_abs_6dff373001dc1d906d6042062048722d", + "typing_Tm_abs_ef39b3242808b90baaf8441dcc8c7e36", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok" + ], + 0, + "ea2ed77f4d74540406c8d11e796f0326" + ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", - 2, + 1, 0, 1, [ @@ -859,7 +1170,95 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "e9aaca3dadf8ca157791faa13ab375f8" + "3e3bb1610b13563b9844a87660d82d86" + ], + [ + "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", + 2, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_4dec773fe9b7ed3c95b1326ceaa3ab75", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3", + "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Int.fits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "21c78ba5f6798130658d1ec4b207600a" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", @@ -945,7 +1344,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e38f634f5b2d49f8dbb82fe7dd895485" + "e35b2a97aac61473ed10189ce68d6f4c" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -964,7 +1363,7 @@ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3" ], 0, - "fb0451a17bd18b1f965a120996520bef" + "5112c2c0f71829f07b3927c3ebe22bb8" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -972,11 +1371,176 @@ 0, 0, [ - "@query", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxInt_proj_0" + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_6b574e907f7e629d541dba716cf842c8", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_d261ac4a865360e5423e441478620aa5", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_e459e54a957e11470f0dae0b667e53fe", + "Libcrux.Kem.Kyber.Ntt_interpretation_Tm_arrow_ec16ca589400ddab2e4dc33550b57e9e", + "Rust_primitives.Iterators_interpretation_Tm_arrow_3eb481ea9c18f8e60186c8a373e66673", + "Rust_primitives.Iterators_interpretation_Tm_arrow_983b3ba85e9317f2f487483cb7071e8b", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equation_Core.Ops.Index.f_index", + "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Hax.impl__index", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.div", + "equation_Rust_primitives.Integers.gte", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.lte", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Rust_primitives.Integers.usize", + "int_inversion", "int_typing", + "interpretation_Tm_abs_270ada60bfef4b2b4637b8e7dfa256e9", + "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", + "interpretation_Tm_abs_99f3c02610693e81d614723104d77c28", + "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", + "kinding_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b@tok", + "l_and-interp", "l_quant_interp_2d1e48269a3bfc46924a64aa24c65441", + "l_quant_interp_8adb376c57f5ba6d816784eaa3aec8ec", + "l_quant_interp_9229f3ec7efe6449082b5b465532a55f", + "l_quant_interp_f6f5d988ac86313e18fdfdb63844e0b7", + "lemma_FStar.Int.pow2_values", "lemma_FStar.Int32.vu_inv", + "lemma_FStar.Seq.Base.lemma_index_upd2", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_Core.Ops.Range.Mkt_Range_f_start", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_start", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0958ecb529068e0c597be1e8c0b332e7", + "refinement_interpretation_Tm_refine_1774adebc4a11b344df7bc2ecbb2e9b4", + "refinement_interpretation_Tm_refine_1cc075782412c91ec7de7e656d2b474e", + "refinement_interpretation_Tm_refine_221edc532b512849362f091b0318b99d", + "refinement_interpretation_Tm_refine_3073dbb1695e5d5c87e62d3770f0bf8b", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_3399a824ff354d64b8173aab366396cb", + "refinement_interpretation_Tm_refine_3c83aab0f3ed58858f3edd0aef5b02c6", + "refinement_interpretation_Tm_refine_3feb4186f64b0773dea35af0afb6f3ea", + "refinement_interpretation_Tm_refine_45f1c8700346b4c5f08a6246edcd69b1", + "refinement_interpretation_Tm_refine_4dec773fe9b7ed3c95b1326ceaa3ab75", + "refinement_interpretation_Tm_refine_51327043faa516b5685376abdec710bd", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_64d867a2413c4d634f87fcc53fdd1fae", + "refinement_interpretation_Tm_refine_6d2a49e79155844e6a44ebd281e78342", + "refinement_interpretation_Tm_refine_72aa4e9a333138ff40ac71e01700883b", + "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7ab4c08e82642b7b946f13776623927e", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_85f37737fcaee5faaf970c3740562c64", + "refinement_interpretation_Tm_refine_8ecf99b1cfd2713dd412eccfdc2ae3e7", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a8dbbf15b8d53fa1d8c3021449bbf7b6", + "refinement_interpretation_Tm_refine_b1bbc26c188ac642e23787f17d05a6d8", + "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_dadee4515473017568390482327a5b06", + "refinement_interpretation_Tm_refine_db34f85ef93bcb2d34b943688dde22bb", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e01cc15d0a06443a7c241193033ff5d0", + "refinement_interpretation_Tm_refine_f19379f9495f73ef08ae00f02cadf0d4", + "token_correspondence_Core.Ops.Index.f_index", + "token_correspondence_Core.Ops.op_String_Access", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_start", + "typing_FStar.Seq.Base.upd", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", + "typing_Libcrux.Kem.Kyber.Arithmetic.add_i32_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "typing_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", "typing_Prims.pow2", + "typing_Rust_primitives.Hax.Monomorphized_update_at.update_at_usize", + "typing_Rust_primitives.Integers.add", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.gte", + "typing_Rust_primitives.Integers.lt", + "typing_Rust_primitives.Integers.lte", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Rust_primitives.Iterators.foldi_range", + "typing_Tm_abs_270ada60bfef4b2b4637b8e7dfa256e9", + "typing_Tm_abs_99f3c02610693e81d614723104d77c28", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "55f9d22d49904a8d77ccde8c8cf917f7" + "7df1e7a4e076911d21cc39ef1aa3dfc8" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -1136,7 +1700,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "f89f3a8cfe23178b3bd474b575f5a04c" + "1581a4eb31862bbc37bdc1eb9679e2a5" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1152,7 +1716,7 @@ "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb" ], 0, - "6453acf7c7f1dbbe7485c50408fc3533" + "a55d5158cacd57e6694b1e4482749867" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1160,11 +1724,67 @@ 0, 1, [ - "@query", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxInt_proj_0" + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fe8a5913ed94f71637d2f85f8f4953cc" + "730991e97a3b5bf15a8e18480c693648" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1232,7 +1852,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "31e52ef25acc77131dcdec19dcda9547" + "f76a334901ca767c86fbf13c77e718d1" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -1248,7 +1868,7 @@ "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329" ], 0, - "5e8cd391f3b07709f5526563fb58c346" + "b177ba589638b78269d83eca2ec960fb" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -1256,11 +1876,68 @@ 0, 1, [ - "@query", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxInt_proj_0" + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_76fe0a5f9f84ad272d74fac166aa55fe", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_f10d9518a75d6adcaee3453a23814005", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2bb8db56edea4d0bb02fb4df0eb1d58a" + "287a1bf45cb64df355394d22ab0c339e" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -1329,7 +2006,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "953d15ec87cc81a2e957d2427086540f" + "8c0c29e10361a2b487722207d33d1956" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element", @@ -1477,7 +2154,7 @@ "typing_tok_Lib.IntTypes.S64@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "9834cf64fc8e1c814912996dbaa0eb33" + "ca71fada018105a675bf6a76c63951ac" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_multiply", @@ -1582,7 +2259,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9f122bc3fe91acb27b558591c578b75c" + "885283dceaa353c91813bc868d63e2a5" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_vector_u", @@ -1703,7 +2380,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "d7110524d30e95609605e710a4e644b1" + "39d29397a27f6af4bc2f6d48464a1516" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints index ee586b27d..f67bb6bbe 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints @@ -54,7 +54,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fe5ca2e81f1b1092d21729cd6783381f" + "b75e11aa463a26b006c46fdd11914558" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -72,7 +72,7 @@ "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6" ], 0, - "694e02a9f82b4fae74d0d64d5b573107" + "e6b6cbd6ef173f98c898649e583305fa" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -85,7 +85,7 @@ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1" ], 0, - "e201f83e53e79f381e063ada9bb70f7d" + "50779697ce4e5a4d2fb553c1699c83af" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -104,7 +104,7 @@ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3" ], 0, - "65462661929a00494f5a69658e677a39" + "89978c56ff03a7f83509387434919a24" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -120,7 +120,7 @@ "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb" ], 0, - "ed7de5f6bb062d73633b30c7ce097560" + "c093632c44b14e1865995e40340a47e4" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -136,7 +136,7 @@ "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329" ], 0, - "ecbce2e7af002c54bf711b6631c9362e" + "c5e9aad36242f26ecdd95a7140f5635c" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints index c9d3538aa..c9473cab1 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints @@ -1,5 +1,5 @@ [ - "+d -?\u007f(X)P", + "%[\u0003_V\u001b)\n0]\u001f", [ [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_2_", @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e494df984d02c875eec6ac35758231ca" + "856d960afcad45c373826315bf67483c" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_2_", @@ -238,7 +238,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "85b3c40300fc50f04d443da25823e768" + "a823c2f920712d535f7306b58728ad4d" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -308,7 +308,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "05f26b2f8b82f04cf76566f70213a679" + "d68a5b93a6090701e6b799c039f7b2fc" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -472,7 +472,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d1c6289f506ebb085a9c7f08d3a19b9f" + "a1d235dc66f221d4fbbd5affb6a245de" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -542,7 +542,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "2555a127ce51fd413c62be028a2b18d5" + "b4da0d1e03a120640b858714b44cdbbc" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -632,7 +632,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8c14bcc151803fdd207a1e370fa83bdb" + "92cee1717d4024ed9ce36a0f76b644a8" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -670,7 +670,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "482ef029521adfd6bc2ab208603063c2" + "c1d45356ca5332c131349d71e4658734" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -680,2619 +680,10 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "267860fefee09d21384e24de091cd264" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 4, - 0, - 1, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.unsigned", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "c47d1c9e94561ec005844fae50cb8c13" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 5, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", "int_typing", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "fa8017151e3d8e75164423ba12747222" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 6, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", "int_typing", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "9d44be87a98264c225403efcef6fab76" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 7, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "3e3d985b942bcf503a66016cb29ccd32" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 8, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_827bf57e8124de12749af0ef2606190d", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "43ac32aad31f13f65d3cb8224eb53683" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 9, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.unsigned", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "d88c14ff51fdf5a4a2313fe3872dfa05" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 10, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "0d3882a468fea2f659489d925c6fbade" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 11, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "bool_typing", - "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Prims.eqtype", "equation_Rust_primitives.Integers.usize", - "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "function_token_typing_Prims.bool", - "function_token_typing_Rust_primitives.Integers.usize", - "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3", - "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", - "refinement_interpretation_Tm_refine_653f92d03090e1262e36d306191c30aa" - ], - 0, - "cd980704b81efe047162bc98f37581ec" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 12, - 0, - 1, - [ "@query" ], - 0, - "a8951fec91672be9fbd8e5fde29d5f88" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 13, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "bool_inversion", - "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "function_token_typing_Lib.IntTypes.byte_t", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "typing_FStar.Seq.Base.length", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v" - ], - 0, - "3d64da3d74d0a16925a638e4128dbbf4" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 14, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Lib.IntTypes.byte_t", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", - "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" - ], - 0, - "c7b62e2eb0e9c890e1efcb86a46a7994" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 15, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v" - ], - 0, - "4474a978419745d960fb1a2d6b462b00" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 16, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" - ], - 0, - "a557d6a3d1ab996b3123e2349d006c12" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 17, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "1a3adf09898aa912f6dc0bab037a27e1" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 18, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a7a18b3d2bbe32ad1d7773e62663094f", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" - ], - 0, - "da98050454bec4bc18c6ddd9312d2053" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 19, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_58b08ee6d3705c72cbf8dd19e56fb235", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e0708a3637ec59f8fe2b5ad4ff97a293", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Rust_primitives.cast", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "da994f2546f758bd42bc9ed9e81805a8" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 20, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_58b08ee6d3705c72cbf8dd19e56fb235", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e0708a3637ec59f8fe2b5ad4ff97a293", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "ab200db03b0389a40bda981b1eef632f" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 21, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_90b99f160de9cbf4eaeaa5b9e7bfaa27", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c2aa097d9a475c761626af9eff4f1f24", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Rust_primitives.cast", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "84f362ad8efd473de5c7eddee1c7e7dd" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 22, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_90b99f160de9cbf4eaeaa5b9e7bfaa27", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c2aa097d9a475c761626af9eff4f1f24", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "e88a1e429f5d100e66dc61e9849c6688" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 23, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d7d21f76736b7c8c8b0b99ca5e01e87", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Rust_primitives.cast", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "89dd964f51729524939aa59287a953fe" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 24, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_9d7d21f76736b7c8c8b0b99ca5e01e87", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "8369a955ff25f0ed21f8875b9d1463c9" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 25, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "528ca13362bb661b4677aa9434f744bc" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 26, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "ed4e73e9c5df20335880bfe17f7ad4ff" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 27, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "equation_Prims.nat", "int_typing", "lemma_Lib.IntTypes.pow2_4", - "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" - ], - 0, - "363d913f59b8133dbfd7aa6a98a93284" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 28, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_Lib.IntTypes.pow2_4", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.i32_inttype", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "1eeac7b43211a95b4b4d2c6836548591" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 29, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_Lib.IntTypes.bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_Lib.IntTypes.pow2_4", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "47e8c0ab8e91fc0d0bc26e6c2c4def9e" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 30, - 0, - 1, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15" - ], - 0, - "5eb78a98d614e3cd385e9c6a2e19fd08" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 31, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "dbdbf607ec4460f3c2407bb2d9e6be38" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 32, - 0, - 1, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.S32", "eq2-interp", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sub", - "equation_Rust_primitives.Integers.unsigned", "int_typing", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "21095c30329b6857c52b864e35568984" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 33, - 0, - 1, - [ - "@query", "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "projection_inverse_BoxInt_proj_0" - ], - 0, - "170d75c54c889cb6c49b6d74e836344a" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 34, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1" - ], - 0, - "1c5870cabe6c0f3a97b5305d023b6b8d" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 35, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1" - ], - 0, - "9376798d3396209bd79be063d02c4db2" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 36, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a7a18b3d2bbe32ad1d7773e62663094f", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e3e88c78705eb62ab8369ef37656c18c", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "7b55c34f02bfb6e78f85263209227770" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 37, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1" - ], - 0, - "e62167743b05c0b48f2e282d45ec9253" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 38, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1" - ], - 0, - "394708e979983fd0747d505843e7a560" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 39, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_4b9f0a6a391cac6a0b080c6155bcd0bd", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e3e88c78705eb62ab8369ef37656c18c", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f45f1e836de41f4e5a2f921540111cab", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits", - "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "f6a3e641e6e7e2f1974db931bee2ade8" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 40, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "primitive_Prims.op_GreaterThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a" - ], - 0, - "cac19b69f02ab246d2a072a64ec1830d" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 41, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "ef3c97befdad7910fcd5429b3b883609" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 42, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", - "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "8602c8f2cdaadb2fceed7c02f8a26ddb" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 43, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "94e5c17b287203fd6ebaed0ca507b1d4" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 44, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "789f854d983951e2c8ed21cdf5d5fd9a" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 45, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "05d233be1330eca3616dbe3e44609436" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 46, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "48757a9cd50754d3cdf5014b0e5bcc5f" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 47, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "a95a89121d25f41025509323761455ab" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 48, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8" - ], - 0, - "1d5bda4f809eb2344cff24521abb4a42" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 49, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.shift_right", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "refinement_interpretation_Tm_refine_063ec48009e52a064638385b47d95b20", - "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", - "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5f35e30711c76515c55198a2dde79146", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_b5c55529d37572a7b01b0f8e001ddc85", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_bb8d1b3aa61870cb61354afc1130ca4e", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", "typing_FStar.Int.fits", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "17c7643be1a9edc35ba0a94301ffaf21" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 50, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v", - "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_063ec48009e52a064638385b47d95b20", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_5b24c7d148a11c49aacbc082a46571aa", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_884de081b19c5db7b81f9c21396cfef4", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "26158206b655c1c0c97e34da80f00bac" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 51, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1" - ], - 0, - "732c9de83666ebebe605a9ede49aec3a" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 52, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" - ], - 0, - "5eac7515038e8f605286bb5e53e3b36b" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 53, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" - ], - 0, - "4d5207a5da27485fd8521eb70ef87a72" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 54, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.usize", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_d58853078dd12c963b813b6cb23cea8e", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v" - ], - 0, - "9304effaa11890dc248bd2289aadcdef" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 55, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.v", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1", - "refinement_interpretation_Tm_refine_bdfacf55aff50f6fc19e9daaca98d84a", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da" - ], - 0, - "56e09c68b85f97ffae259afe25f4fd8a" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 56, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.v", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThan", "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4", - "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da" - ], - 0, - "b5884530c9f0b05a8e7f46ec7d5c84ee" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 57, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Rust_primitives.Arrays.length", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.usize", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "refinement_interpretation_Tm_refine_2bdd78644e9034780bac04dcc0d776b9", - "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v" - ], - 0, - "2345aabfd00c00fae9a709ab5c80e056" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 58, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", - "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Arrays.t_Slice", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", - "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", - "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4", - "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v" - ], - 0, - "66e56ca6db00111916ef51a5a8eb70b4" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 59, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Arrays.t_Slice", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4", - "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_80234e287e61e2f0a8d7416b6660d349", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.lt", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "19f2c5b597742b684528fc3705baaa61" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 60, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", + "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4", "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Core.Ops.Index.in_range", - "equation_Core.Ops.negation_for_bool", - "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.eqtype", "equation_Rust_primitives.Arrays.length", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Arrays.t_Slice", - "equation_Rust_primitives.Hax.impl__index", - "equation_Rust_primitives.Integers.add", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.i32_inttype", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.u32_inttype", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", - "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", - "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "function_token_typing_Prims.bool", - "function_token_typing_Rust_primitives.Integers.usize", "int_typing", - "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", - "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", - "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", - "lemma_Rust_primitives.Integers.mk_int_v_lemma", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", - "primitive_Prims.op_Subtraction", - "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", - "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", - "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", - "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", - "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", - "refinement_interpretation_Tm_refine_1d007db99195351c712a6db73e8bf314", - "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4c7e12f0dc6b10b578e0a0d4bdc11af4", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", - "refinement_interpretation_Tm_refine_5341c982f5a57af61ab33cb52950b09e", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1", - "refinement_interpretation_Tm_refine_80234e287e61e2f0a8d7416b6660d349", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", - "refinement_interpretation_Tm_refine_96872c249f535960f67bfd243d7c504d", - "refinement_interpretation_Tm_refine_a0ad16e2d6246a9d7b3c7da49833ba6e", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_b8446936360146f8748471e28bc51024", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_d3c00e1782637cf4f2c36066ee60018b", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", - "token_correspondence_Core.Ops.Index.in_range", - "token_correspondence_Core.Ops.op_Tilde_Dot", - "token_correspondence_Prims.op_Negation", "typing_FStar.UInt32.t", - "typing_FStar.UInt64.t", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.lt", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok" - ], - 0, - "179ba63cc032bdf533da7b03c539e021" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 61, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_f537159ed795b314b4e58c260361ae86", - "Rust_primitives.Hax_interpretation_Tm_arrow_77de5982ed6885d94da0664a4a3face8", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", @@ -3315,24 +706,27 @@ "equation_Core.Ops.op_Tilde_Dot", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.pub_uint64", "equation_Lib.IntTypes.size_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", "equation_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Arrays.length", "equation_Rust_primitives.Arrays.t_Array", "equation_Rust_primitives.Hax.impl__index", "equation_Rust_primitives.Hax.repeat", + "equation_Rust_primitives.Integers.add", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", @@ -3341,134 +735,138 @@ "equation_Rust_primitives.Integers.max_usize", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.shift_right", + "equation_Rust_primitives.Integers.sub", "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.u32_inttype", "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.usize", "equation_Rust_primitives.Integers.v", - "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", - "function_token_typing_Lib.IntTypes.byte_t", - "function_token_typing_Lib.IntTypes.pub_uint64", - "function_token_typing_Lib.IntTypes.size_t", + "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "function_token_typing_Prims.bool", "int_inversion", "int_typing", + "function_token_typing_Prims.bool", + "function_token_typing_Rust_primitives.Integers.usize", + "int_inversion", "int_typing", "interpretation_Tm_abs_43f231abb4a58902146ee87bdacad696", "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "interpretation_Tm_abs_bc0ae3740b8cfb7a7b7143f61a432dbc", "interpretation_Tm_abs_d027d0a4a67962b5384e61b6f46c3b21", "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", "lemma_FStar.Int32.vu_inv", "lemma_FStar.Seq.Base.lemma_index_create", - "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", + "primitive_Prims.op_Division", "primitive_Prims.op_GreaterThanOrEqual", "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Negation", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_Core.Ops.Index.Mkt_Index_f_Output", "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_Output", "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", "projection_inverse_Core.Ops.Index.Mkt_Index_in_range", "projection_inverse_Core.Ops.Mknegation_tc_op_Tilde_Dot", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", - "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "refinement_interpretation_Tm_refine_0f35fb90aa51b4bf32da5f52f8ace9ce", - "refinement_interpretation_Tm_refine_1d007db99195351c712a6db73e8bf314", - "refinement_interpretation_Tm_refine_28704633277f63d4c4b2ee0fce0ac1c3", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", - "refinement_interpretation_Tm_refine_41fecc648ab1aa1eb38fbafbeff0c8f1", - "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", - "refinement_interpretation_Tm_refine_4e2d44263173bd37eb6a0bf7fe84afae", - "refinement_interpretation_Tm_refine_50a2a0e13370bd3ac1a1c5fac47b5815", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", - "refinement_interpretation_Tm_refine_63ef1ac87ba8b2bd5aaee61a9350276b", - "refinement_interpretation_Tm_refine_6c28c42ef317ec98f0f0ac37a57fd1a1", - "refinement_interpretation_Tm_refine_8a30f32ac6faf7e0bc8b89dca7e1414a", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a7ed78aa7e3623de595c68512d89c3cc", - "refinement_interpretation_Tm_refine_ae088b609204e032b97ba5aef2efdb95", - "refinement_interpretation_Tm_refine_b39a366443fe086d42a0f62d5fc033d0", "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", - "refinement_interpretation_Tm_refine_b6614e2f1efdb74e2f5be09aab12bed7", - "refinement_interpretation_Tm_refine_b67ac003e5311a4bbe56ba40d9c56968", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c52f7940616711efe853dbbbf8dc6dc6", - "refinement_interpretation_Tm_refine_c5ebc3e64ed033fba5a8e49ccfe83502", - "refinement_interpretation_Tm_refine_dc2e931d3b75fc75fb63ba4afd5721da", - "refinement_interpretation_Tm_refine_e5701009a75a284c77f794f100e01149", - "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", - "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "token_correspondence_Core.Ops.Index.f_index", "token_correspondence_Core.Ops.Index.in_range", "token_correspondence_Core.Ops.op_String_Access", "token_correspondence_Core.Ops.op_Tilde_Dot", "token_correspondence_Prims.op_Negation", - "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.Int32.v", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.pub_int_v", + "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", - "typing_Libcrux.Kem.Kyber.Constants.v_COEFFICIENTS_IN_RING_ELEMENT", - "typing_Rust_primitives.Hax.repeat", - "typing_Rust_primitives.Integers.bits", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v", - "typing_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U64@tok" - ], - 0, - "78e9d8cf94c9a013558e4230ec9f8b26" - ], - [ - "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 62, - 0, - 1, - [ - "@MaxIFuel_assumption", "@query", - "data_typing_intro_FStar.Pervasives.Native.Mktuple3@tok", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Prims.eqtype", "equation_Rust_primitives.Integers.usize", - "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "function_token_typing_Prims.bool", - "function_token_typing_Rust_primitives.Integers.usize", - "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b5aa0bd7a167bb16b89e2a0e4ee0dcd5" + "f3b01456a69ce552b9ef2c3988f768b3" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", - 63, + 3, 0, 1, [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Rust_primitives.Integers.usize", - "refinement_interpretation_Tm_refine_44ffa952d9c0d6b2d71840439d6f3a7a" + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "775f0b39329e23ce25fa24de6344cfeb" + "1c9c37dd9b8ea3e6815626746b7feca7" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints index e25b08757..18db31211 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b8783ae6fcec03d86139a1a64d2a2d02" + "f3ddd1b1a32170fdb07bb38b30b863aa" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -137,7 +137,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "79ad7f3ea830a38eb7619b5208af35ba" + "6489272086bfbb2c592494113f5dfec9" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -206,7 +206,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "3b1ae8778ed9fdaad9c4123d83b3a1a0" + "1950456460913734bfc2d0fe29ba48c4" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -244,7 +244,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c115e8a53b80c5965c15822641ae4a1f" + "fc42efc7e05faa9dc99fb78ff796ad6f" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints index f5ed9e0e7..f5f8028b9 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints @@ -1,5 +1,5 @@ [ - "!}\u0014U Date: Thu, 1 Feb 2024 08:35:59 +0100 Subject: [PATCH 14/19] revert dcdaf1a6328353b10f908565bfe800aef2a61fa4 --- .../Libcrux.Kem.Kyber.Arithmetic.fsti | 11 --------- .../Libcrux.Kem.Kyber.Serialize.fst | 23 ------------------- .../Libcrux.Kem.Kyber.Serialize.fsti | 4 +--- 3 files changed, 1 insertion(+), 37 deletions(-) diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti index d31a6f31a..6cf0c1f10 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti @@ -57,11 +57,6 @@ let int_to_spec_fe (m:int) : Spec.Kyber.field_element = m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS else m_v -let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = - if v m < 0 - then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - else v m - let to_spec_fe (m:i32) : Spec.Kyber.field_element = int_to_spec_fe (v m) @@ -193,12 +188,6 @@ let to_spec_poly (m:t_PolynomialRingElement) : (Spec.Kyber.polynomial) = assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); p -let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial - = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in - introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS - with assert (Seq.index p i == Seq.index p (v (sz i))); - p - let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = to_spec_poly (derefine_poly_b m) diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index 24d5006fd..a589ee2da 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -1322,21 +1322,6 @@ let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = in re #pop-options - -module A = Libcrux.Kem.Kyber.Arithmetic - -let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) - : Lemma - (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) - (ensures p1 == p2) - = admit () - -let eq_rw #len (re_poly: t_Array nat len) - : Lemma ( - - bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) - ) - = admit () #push-options "--z3rlimit 100" let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = @@ -1378,13 +1363,5 @@ let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPoly in serialized) in - // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); - // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); - let re_poly = A.wf_poly_to_spec_poly re in - assert ( - bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) - == Spec.Kyber.byte_encode 12 re_poly - ); - admit (); serialized #pop-options diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti index 91eceeaa3..df3b6b7ee 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti @@ -188,9 +188,7 @@ val deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) (ensures fun _ -> True) -module A = Libcrux.Kem.Kyber.Arithmetic - val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) : Pure (t_Array u8 (sz 384)) (requires True) - (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) + (ensures (fun res -> True)) From 78de92a50e53dde567acc0c426027b8bfa08a897 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 1 Feb 2024 08:52:07 +0100 Subject: [PATCH 15/19] hints --- .../Libcrux.Kem.Kyber.Arithmetic.fst.hints | 4077 +------- .../Libcrux.Kem.Kyber.Arithmetic.fsti.hints | 220 +- .../Libcrux.Kem.Kyber.Compress.fst.hints | 14 +- .../Libcrux.Kem.Kyber.Compress.fsti.hints | 4 +- .../Libcrux.Kem.Kyber.Ind_cpa.fst.hints | 172 +- .../Libcrux.Kem.Kyber.Ind_cpa.fsti.hints | 24 +- .../.hints/Libcrux.Kem.Kyber.Matrix.fst.hints | 24 +- .../Libcrux.Kem.Kyber.Matrix.fsti.hints | 10 +- .../.hints/Libcrux.Kem.Kyber.Ntt.fst.hints | 58 +- .../.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints | 12 +- .../Libcrux.Kem.Kyber.Sampling.fst.hints | 18 +- .../Libcrux.Kem.Kyber.Sampling.fsti.hints | 8 +- .../Libcrux.Kem.Kyber.Serialize.fst.hints | 8279 ++++++++++++++++- .../Libcrux.Kem.Kyber.Serialize.fsti.hints | 32 +- .../.hints/Libcrux.Kem.Kyber.fst.hints | 22 +- .../extraction-edited/.hints/MkSeq.fst.hints | 32 +- 16 files changed, 8764 insertions(+), 4242 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints index 56d50b987..85626639f 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fst.hints @@ -390,7 +390,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5de39354a8cb875a34395fc70e5d3dbd" + "0ec8abf1930330f65b4059c939a8c108" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", @@ -470,7 +470,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "ec51290e68e3259f24f87c6da9c3bc94" + "8dff7c5883c6219ac1780cd2503472d0" ], [ "Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", @@ -628,61 +628,6 @@ 0, "16b234ecc784afab8b09dda84685ba62" ], - [ - "Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", - 1, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "equation_Spec.Kyber.v_FIELD_MODULUS", "int_typing", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "962a30307052cf341e2fe6e71a27dc5d" - ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", 1, @@ -693,7 +638,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "5763fa3537bd6fb9c0acb422ed0c6efd" + "b311f29a6dbb07e8dd48ff8417025169" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -705,7 +650,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "96ef339d45266f72aa9f9de87f47a583" + "75ca9c65e4510e5f3fe708518553309d" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -721,7 +666,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "de8de109c2e1de075907d82af9d5513e" + "db19cfa1e5783314ff023f1b2b82ab00" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -737,7 +682,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "6695c8609b67f103a8e7caa1b995d3f1" + "89a41c06d80bdb9bbd2917bf0c165693" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -749,7 +694,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "cc05062612bd79f970e64614ac8a02c2" + "38e2562203d662f0953b5019d075df63" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -761,7 +706,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "064d9bdf95a32fd5253accf8c8aa208e" + "6b4be3cd080af9d9acfd9d2c10d1f73a" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -777,7 +722,7 @@ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df" ], 0, - "1dc7fa937bf3d8900a15d693813d9e8e" + "7a4a1370199528e13a34fef671e98c26" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -793,7 +738,7 @@ "refinement_interpretation_Tm_refine_c1a7d9a33f6eb5e647f30c5da8bd80df" ], 0, - "dbf4c459630bc09d8f1894aac8e6815e" + "ca9362a5a4471be39244f7263faa2096" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -810,7 +755,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "6413e158b6cfa74c0c4fb194fa862352" + "b987ee172b9aa04a3d39ea2ac8547784" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -822,7 +767,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "48fa649f127f11f34255a40fd52fc397" + "4195cfcafb0bfac403b7fd35c3348a2b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -834,7 +779,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "2cad29857489773536c849a442fa0dc9" + "69100f2b27e4638d57fea05a4fe010e8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -846,7 +791,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "4ee675b5a65068f2713c520461f9125a" + "e328e977a8b43c2ac77eb0f5de9a90df" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -861,7 +806,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "9c89a03cac77b612b179961be6ce1c6b" + "24a86a07364dcd694db7c9964d9534db" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -928,7 +873,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "8f37404b7f55deab2028cd76048345ac" + "baf51f24f8d11c2a55d83a9744b9770e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -940,7 +885,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "d6253539a3319ed6e1027dca6fae8049" + "ddee053eb6eebaa6d9edd5f037be34b8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -952,7 +897,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "7fa4c523b5093dbe21a853fdc25a2cc6" + "b51bfe674e9abf064a75ffff07481de1" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1004,7 +949,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "2ce7f0c438769403ed4023452005995b" + "3bba13c27e772271e2203f3a063b2809" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1016,7 +961,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "49c86c505598d80742ff4b99b047d750" + "0170fe8e6a0b83807d912b3f2d26a9bb" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1071,7 +1016,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "112713a032486b9c4aa36a91914af334" + "addb239b0d1671bd65694992f5468a08" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1096,7 +1041,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "abaa89fd484937d856b442aea6dd7e45" + "b5c4e1e6842a75e44e566131b2685f9e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1128,7 +1073,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "9a98181345bb76e161eab398f575d1d5" + "76d61a1c1ebe55f19a2aa4bf412db017" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1140,7 +1085,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "bfe6b782321e443afed0b796e7ec5631" + "126b3cadc77c79e2dc26f34a046a2ed3" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1153,7 +1098,7 @@ "refinement_interpretation_Tm_refine_e3fe9b7b2b1f21f6c8f47835047505be" ], 0, - "14348cd83f20a0353d4aca8a9ea8978c" + "feb91ada329549a7cbf3ac71decf0099" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1168,7 +1113,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "cf687f70b3162ed783a933f6327711e8" + "d68bb3683a39069a5bcdebff0368afdd" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1180,7 +1125,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "e1dee05891851bd3d7b4851e127fe025" + "718bc617038d3e637415d34f28a1ba5d" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1192,7 +1137,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "399f1fc6ec7b524d5fd2c9619f5df1d6" + "13d463a2f87c74999c582cfe843317bd" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1246,7 +1191,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "7261ad8e5e1430f6a9d847ec224035dd" + "6fc455492ba2c04992deccd5ee4bc7df" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1271,7 +1216,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "778d0df2f1750885dd80cdb856e50f47" + "a26a7f93f017940e70e9412570857f9b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1320,7 +1265,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "0114b40ab222f8bef5488555c1e04723" + "7049bbc2474f1feadaecf92118be7874" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1332,7 +1277,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "baa22c08861357d8772c5823d4ba5c59" + "68b18510d3a5c0b25972476989654f10" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1347,7 +1292,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "fca12837003ea3d1b2c4aaa59a9171da" + "12c9425948d79dda0c635b32657ca5d6" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1372,7 +1317,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "a681bc54d2356b5b3e7025cf67def161" + "00c4edd08b3eff35f4803dee7570c139" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1385,7 +1330,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "93151cbab7327e920c4cc4910f82345f" + "96f10736962bbcb840b2d195076f7a52" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1410,7 +1355,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "79969d67ff8d094ff022e763329f83e3" + "4ea41be76cd59f3c690d99c76e6f2e20" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1422,7 +1367,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "ade9840751d4dc1f8d3b3c620ff2dd53" + "21c88ae18639f6bdc3eeda32eaa33289" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1437,7 +1382,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "65c0e05d392fca2aeb495ee9c5742ca5" + "c9eefee48fbf45eb86e4b95d755ba3b5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1462,7 +1407,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "57146214395f06026a1d753094ff218d" + "d0917f17b2a70648e406a44c253077a0" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1502,7 +1447,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "5e5864948afdeada420325b79143a91c" + "54abed678ebe672414a14a1f669cf4bf" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1514,7 +1459,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "a4634dc6ebcfcbd63df1870946816cb5" + "faeba5d1e936d55b5629aae3e634091c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1527,7 +1472,7 @@ "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34" ], 0, - "666ddde2de31aabf4f9c4d182a91b3b5" + "f9996db052809c52431c65b6fda52263" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1542,7 +1487,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "41fc478e9ab9e336652f1f7acaf6417e" + "0c22a99c2afb22ec603047c004f0f164" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1567,7 +1512,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "4da8451231b582b5b1cb43e9f05a7e2c" + "cc54ae4cae4b941a685b3e14dd35d7c5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1580,7 +1525,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "3b2f71620ab50517fbfa437e8e8291a1" + "baeec75fb0795723b55f369eac63625a" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1592,7 +1537,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "92365046921da07c96e83682f3d0e09b" + "ad3115770876627f1ad78431509008d0" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1607,7 +1552,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "4537f5fb8c22a8ca53d2dc7d52d98199" + "ef5b4e6cc7422107c7fb30d157bd0f4e" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1620,7 +1565,7 @@ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e" ], 0, - "fb2b36e86d0b5e3086cec86c7518ea87" + "1179fc228755ad4de5d9c80bfd5ce268" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1645,7 +1590,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "f233e3e1570d5ccc847782a5c783dd0a" + "6dee917eae53050bffd100ebd226aab6" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1657,7 +1602,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "9e133bff4350d22206f788f7b1053ab5" + "a988aa4174cf7a5948ffe46605a4f1b1" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1672,7 +1617,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "c0a9d665b35184cafaae3ef883c42208" + "6f44d9fb7d88951b602e2b0efe4e3b3b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1697,7 +1642,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "4f0da2af7b1d09dace61c5d000fe7735" + "8c2f1453589098f7bf6f1da8e55654ee" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1710,7 +1655,7 @@ "refinement_interpretation_Tm_refine_fb1c28ee85d5f1790627f05ada419592" ], 0, - "d8aa32bc9ba67e8e1d91399da34e627a" + "766e756436207c19e6ddcee120eb52a4" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1722,7 +1667,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "4cb8362ac40da8da555bbdcb74b8b6f9" + "27cafa272034d475692f2d3d2539626c" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1737,7 +1682,7 @@ "refinement_interpretation_Tm_refine_806a87d48cb3833a16a9f7d4f6750785" ], 0, - "2016f07e8f21f9c1c1fcb13a8f10d476" + "077742117d762ede0209eb4b7e5babeb" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1750,7 +1695,7 @@ "refinement_interpretation_Tm_refine_bb48eb6c77e49e9cd30a94dbf9b2ae7e" ], 0, - "0d034a6874d3299189bbc7f0c05ea7ca" + "8dfce732fd4f066186ce8c98375a28e5" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1776,7 +1721,7 @@ "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" ], 0, - "271c3db43f35bd21d78d5fd10d1054af" + "da916f663bfb41fe65a4b7c4ad1cbca8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1789,7 +1734,7 @@ "equation_Rust_primitives.Integers.u32_inttype" ], 0, - "b6bb31ce053898fe8664e556da2ab137" + "2ddf388e30580e3e97540c289d125586" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1828,7 +1773,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "d1a0d8f9b6457d6bc498909394647ee8" + "50847051fd1b43c53a25a3b5f3f9f322" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1840,7 +1785,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "1d945423302214eabc74a83e13b18c9f" + "049a529a783253fdec60709ddc8c9895" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1852,7 +1797,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "e75c54c651b3c202c0cd528221c660b7" + "51f8a20e10882224c822ed513654e3dd" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1896,7 +1841,7 @@ "typing_FStar.UInt32.v", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "0c083eadf3cc3f85cc3c383c91a71a9e" + "b4ce2e102dee28b510b7b0c273f5dd11" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1908,7 +1853,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "4b581cc525a201f2dd879c580b864737" + "08a3439cdcb5a7cce1dc97416f5a4880" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1920,7 +1865,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "d29db944813816d3aba40408cf4e9772" + "c8bedc5ff0c468937ee49ffec421b35b" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1980,7 +1925,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "67085c67b222f14028379eb44cb5c6aa" + "ac447018c827196fe4c5a96037ab7ed7" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -1992,7 +1937,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "9dc2bbce89ff2afa62735a0c6a764f9f" + "4e8c7050d4b8df83a91b626996b87878" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2004,7 +1949,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "e39807ca54fc33fa35cba89228a7b998" + "f26a80b665475fb7c98289abf657f989" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2016,7 +1961,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "ca35e35f06b11258c433f40f24301ad5" + "2bf298555d36f7c4ec0fd7c220c5bac7" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2031,7 +1976,7 @@ "refinement_interpretation_Tm_refine_456b84c18ac29e6b940ba25902afa9fa" ], 0, - "ad20d344db199f3ef9034e87b5aed6cb" + "0f3c7e74941b0d89843aef00bf3606d4" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2049,7 +1994,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "9403cf17d69292e493a1181ca5a9939e" + "645cd4d945ae347e89215e6ab2fe7ab8" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2058,7 +2003,7 @@ 1, [ "@query" ], 0, - "86f0ff87990b6f9224b37338fa51b2dc" + "8bdc538d271969318498b4dbefcff61d" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2070,7 +2015,7 @@ "refinement_interpretation_Tm_refine_654a196bc9f685aac047ab4dd7c22761" ], 0, - "a4aeb472c87afc706d298739496ded77" + "48f02744b72d3511b4cd7eee0da4e24f" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2087,7 +2032,7 @@ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e" ], 0, - "b2d3b3cb476bee2fad16d1df2205db1c" + "5877666924e298ca6764cfeb672d05ed" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2108,7 +2053,7 @@ "refinement_interpretation_Tm_refine_948ff553951d7fa3b6aa3bceb324368e" ], 0, - "3960808320cc75aec9263f39daa961af" + "ebc6adeac2202968a2c457f967dd7935" ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", @@ -2123,7 +2068,7 @@ "refinement_interpretation_Tm_refine_e52b4600b58a10f95ba9a5252b69d191" ], 0, - "70b4120b5772fbc07fec81dcbe4f3531" + "4032f5283b06bc418ca893abcd00a2b4" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -2162,7 +2107,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "80e10294f79555b51022b6b419552df4" + "b64e994fd66a180556ba9f35a9ffe782" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -2175,7 +2120,7 @@ "refinement_interpretation_Tm_refine_da29c9b9e29d9389ae9376ed75fe59eb" ], 0, - "e63da65a0925d630c299999e2dc024d6" + "1b613170449b50d365286188e9b8cfdf" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -2196,7 +2141,7 @@ "typing_Prims.pow2" ], 0, - "407edf4a361d89506acaf65545ded579" + "379ae486e10f528a9ae284af561923e3" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -2304,7 +2249,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "9626e2a5d0d330e588e195319f98a913" + "83e44ecc44f698be0eeb7f705680b2ab" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -2383,3592 +2328,90 @@ "refinement_interpretation_Tm_refine_81e7ac04fa2afbc21cde2ad84d87ec7b", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "token_correspondence_Core.Convert.f_from", - "token_correspondence_Prims.pow2.fuel_instrumented", - "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", - "typing_FStar.Int64.v", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.S64@tok" - ], - 0, - "066b9b7179ef6757f10597805926edc0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_post", - 1, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype" - ], - 0, - "058df56cc5c52c8806e014e923437757" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 1, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.v", "int_typing", - "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2" - ], - 0, - "968e08d34f1bacdb3874d90d6d13bc56" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 3, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_GreaterThan", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "ba77c3a308570bf7236f899934f5c353" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 4, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.U32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok" - ], - 0, - "5bdeaea9c44473a3d8264351c31c717e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 5, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "d447ff8cc120c711c91c732fc2ce13dc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 6, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "fb3d507d13b28b2b86b968a9f85b1ba5" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 7, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThanOrEqual", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "38bc4a4ea0ce9783f4572d3fd7e1f91f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 8, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Rust_primitives.BitVectors.int_t_d", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u32_inttype", - "equation_Rust_primitives.Integers.v", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474" - ], - 0, - "04b4398e08e30b643c96d15b0095839c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 9, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34" - ], - 0, - "2a036aa311254ca36c2341478ae61b47" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 10, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_GreaterThan", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "cd5199120326e525cee7fe0741d991ba" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 11, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6576e6c09a03745344f633d265cb3f26", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b04592758f973c958406cef575d95452", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "f76bcb9688b78cdd770f5dbd8cb193fa" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 12, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "963258e1f76b0226ff09d7c44654dbab" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 13, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "f217caebfe355d55260cf17d8810e324" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 14, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_cd82abf5ed469bbb90bb940041fe6aba", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_FStar.UInt.fits", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "62e8f61c4f25671ac24c1002c55797c7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 15, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "b7bfb0899d681d400f84489389946207" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 16, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.mul", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_cd82abf5ed469bbb90bb940041fe6aba", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "0a47960822e20ce339d2b4ac150bc8c1" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 17, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Lib.IntTypes.bits", "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "f3953b68dbc67c54634446e8aef79af4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 18, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "a3de3a53e2c9aad4d9bf06e9b2727eb6" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 19, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_764849c938889431b4d45a3a5ebd0d20", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "eb012749b3555275058ff6b0baa9b82c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 20, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", - "equation_Rust_primitives.BitVectors.int_t_d", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u32_inttype", - "equation_Rust_primitives.Integers.v", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f" - ], - 0, - "138560ced56e75b0a871828da803dc6b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 21, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_GreaterThan", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "0dcf0564d629b233f17c9863d5354430" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 22, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S16@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i16", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_inversion", - "int_typing", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.cast_mod", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "a8460531f29128620cd5ae67a6ce78aa" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 23, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f435cf2ef93d65c28d874fd7b4631719" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 24, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "e081f87b25489f5ef048152928e26919" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 25, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "2bb4528a9b6fb9c68c843406d8d8c4fa" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 26, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "be74a100ed80ca1b238bd1e5e4e8395b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 27, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "e2105387a89c8d891bb6f4f30318105f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 28, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "c062740a98b19c9fbfd056376c419967" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 29, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ebf14173d3bae744cd3a4a9381af807b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 30, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "e163f39f07f218abf5ea4c947638b0c9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 31, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "75c0377c4362213377f38c49a2989524" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 32, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "3870321a51d139fc0bb65384e69a4ce8" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 33, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "1dfe05932775d4f0c5e54698f164aa0d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 34, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "d8cc7e72344efb8be534f46ef73ec7fc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 35, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f4eec549826a524442963ba39f2bb475" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 36, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "5fe76b2e93ea63a6499c91fc28398602" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 37, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f4ee2432009221548bd2f1eefdacc531" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 38, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "26a224caade97ea4346bd4f30380daf1" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 39, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "a36425b015cdd40e93656c64fcca651f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 40, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S16@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.cast_mod", - "equation_Rust_primitives.Integers.i16", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "equation_Rust_primitives.cast", - "equation_Rust_primitives.cast_tc_integers", "int_inversion", - "int_typing", - "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", - "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "projection_inverse_Rust_primitives.Mkcast_tc_cast", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5f7fa9b529eca53c4df25c4a759eb466", - "refinement_interpretation_Tm_refine_6d682983791da2c4664c5528218ce247", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_91328468f4440a8bf8d3581ecc377b34", - "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "token_correspondence_Rust_primitives.cast", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.cast_mod", - "typing_Rust_primitives.Integers.modulus", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "d22e13687149a74588f09e0d54719d03" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 41, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_1b065e36c75eb80aaac7221311953753", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5f7fa9b529eca53c4df25c4a759eb466", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_a1fa7d8a85bee6a297f4123184b84ebf", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "df05a2826f86b458f4ab31bd333db9ac" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 42, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "d17f13e0b41af02b02df62807c4a4396" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 43, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "d1fed4410b2e05be6e2fc410d48df276" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 44, - 0, - 0, - [ "@query" ], - 0, - "5fdc1bda1556ff619ddedf1c333f0c02" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 45, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f31e879c7ac598e76b12d0fe7e008cd8" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 46, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "d4484951be4f8e4bb833cb5da7596500" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 47, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_3d634d9126feef2181d7b74928a5cdcd", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_7f3469ba08ad1df3f35d31dbce3845c3", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_cd00f128e06f90e942810ff77aaa9ddf", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "70c8f0745bc73f7df94893bfdc71211a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 48, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "c3da03f013b4481388b7ef3b78f466dc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 49, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "678c9c672ad696e079190eabd8037389" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 50, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "87b22dd7af34a2b929751d48f8bcfb0f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 51, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "6b28cce9abad116884b0851058f53542" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 52, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f9d3ea70a04a0d78121431b3945659b0" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 53, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "cf18c894035da65ce4fa3d61336e87b3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 54, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ce91c4bc4aad2c24d448fd986f9b6fc8" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 55, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "58508e7fa95e2e72ee658a331e648c78" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 56, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "369c8e89fe38241c9b870b868273a101" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 57, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "8949ffb4deac97a84758a73f56850535" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 58, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "cedcf6fc42f13695aa17daf05bcb8caa" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 59, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ef3cd4e41419df8d56571e1c52b4b20e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 60, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "6b29a5d7c61e3aac6a8df3412c2b1bfe" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 61, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ec751320455df37e09ffd8200aea983e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 62, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "1b9eee56feeb5935685b4ce7a3dd6d82" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 63, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "708e890d877fc8608da3eec932ebaa63" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 64, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "d2fe97e97bacff0c357397ad0209496f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 65, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "f3e49e7aebb52a45a672f498f10e7b91" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 66, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "bd1eac6eb3fe42fb75d34581c859c92f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 67, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "2376c97e7a6d9df67220cff7d1b16c02" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 68, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "288cce2a69787ca2805a1be7378727f7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 69, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "c96620395f91007efc6bc2103e6bb41d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 70, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "c7284b207b3a7d81db4bcb3c76590569" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 71, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ae89827d513d85fd2283a1242b851047" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 72, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "5d63a64617c70d558b9ddc57cdc815da" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 73, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "3c04be1ded83884135e5f4664e77a783" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 74, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "a11abf998373ede6b64661767a78bd04" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 75, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "77efaec2f148478bde575332446355af" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 76, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_7cc7c724c397498f3947c652abdb267b" - ], - 0, - "c80ae7b08446bd936383e463240ba986" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 77, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "5bb641087316265efb832d749de36967" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 78, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "5e6d2660ea23020917cc58495c28752e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 79, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "e7a49add86bd8c94eb7f3323d6063294" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 80, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", - "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c" - ], - 0, - "e77a5757cb6dc45fb96dee6e29e61764" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 81, - 0, - 0, - [ "@query" ], - 0, - "06a453a8360edac3c4c8a476d91a29dd" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 82, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877" - ], - 0, - "be33f676c8da83b5e4ed160444418524" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 83, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "a21f340121d9f1fb46a7601605e780db" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 84, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1" - ], - 0, - "ed8c17e219707792ce2633a6089091f3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 85, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Addition", - "primitive_Prims.op_Equality", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0" - ], - 0, - "00c58ce7f10d8441a2dd3dd04a54b639" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 86, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R" - ], - 0, - "c9a6d6abf563852a89262359140a31eb" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 87, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.modulus", - "equation_Rust_primitives.Integers.op_At_Percent", - "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_left", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_GreaterThanOrEqual", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_9a12fcaca914d2eece947e1efebb6b3c", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "ae81e89a1e8124787488cf68ebf82f7e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 88, - 0, - 0, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f" - ], - 0, - "018cb4d04f593341b1f475c4c5238430" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 89, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_GreaterThan", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "a5f4c95ddb5c78483bc702ebb31d60f2" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 90, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "2f40d543594fa705e47888594a373938" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 91, - 0, - 0, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok" - ], - 0, - "95e22417a453004a6a5ce5010e01750d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 92, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df" - ], - 0, - "61a24830da088a34c172ce0fde5c4d82" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 93, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "5a5df4851fe88d1ee9975ea021c6320a" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 94, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "1dc17764849f242a32be4b3caa021874" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 95, - 0, - 0, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Prims.nat", "equation_Prims.pos", "int_typing", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2" - ], - 0, - "030a3204b0cfdb20ee0bb03451a0ad72" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 96, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "33a117b90917ad38aaa2eb30d1c3deff" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 97, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", - "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.u8", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "7ea38bb1a764b0b080ce406adf451f8b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 98, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", - "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", - "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "f64ffda8a6269bdaeca2b54b21bb7366" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 99, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "60cd195cafae237c850825bcd1b455e3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 100, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_right", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "int_typing", "lemma_FStar.Int32.vu_inv", - "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_022afc646c86a2c3ebe1e9e2457828a2", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "489560ca02335b247d350e516ea849d4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 101, - 0, - 0, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Prims.nat", "equation_Prims.pos", "int_typing", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2" - ], - 0, - "4d433cd6b961eccf496e2def6d9f4a9c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 102, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nat", - "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_6990c7652f46e2c49e748c5fa474730d" - ], - 0, - "96ebe4a6c74cb5272ce70df15a761f9e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 103, - 0, - 0, - [ - "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Prims.nat", "equation_Prims.pos", "int_typing", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2" - ], - 0, - "4d433cd6b961eccf496e2def6d9f4a9c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 104, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "f34bb244c28a2a99cca0ab8ee0545164" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 105, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "ff71ca5678278439a63461344a5c6345" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 106, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.u32", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_aaac857f816224501d4f86c58a6c05e1", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.v", - "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "a047833030c68242f465c9a1127a2a76" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 107, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "cc6924c64e4fbfd3c8c94dd718cca68e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 108, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "d8bc6e80a51da5536456125c5edbc049" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 109, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_right", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_76f76d8c58a153fe127ee79ea9243e3b", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", - "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "6d88a05c2aab29481722f81889510d42" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 110, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "55310797d498327244863d7bc3ccf17e" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 111, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.range_t", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87" - ], - 0, - "2d9b765cd97cc11ba3ae326adfb9095b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 112, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "primitive_Prims.op_Addition", "primitive_Prims.op_Subtraction", - "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "6cee2a82ac99dc892b8beb95a47365ce" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 113, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "ea83d3952ccd9d720f08b68c0ada3587" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 114, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "07824d58f484bb33554f6b117e957565" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 115, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.range_t", - "refinement_interpretation_Tm_refine_6fcd03f0c12381b64db38d32618a58aa", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" - ], - 0, - "0776c76249af1867c571eccd2e237726" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 116, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "equality_tok_Lib.IntTypes.S32@tok", - "equation_Rust_primitives.Integers.range_t", - "refinement_interpretation_Tm_refine_10ea5e92051011afe0e422930947f59c", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0" - ], - 0, - "327f73d726409109668cdabc33a70851" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 117, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2", - "refinement_interpretation_Tm_refine_4787d0a0d97065c6a181a66dcc5cb837" - ], - 0, - "effe23d029a187e78d1e35d24438b765" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 118, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.mul_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_right", - "equation_Rust_primitives.Integers.u32_inttype", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", - "refinement_interpretation_Tm_refine_9d1b816da7077db463e73321431a64f3", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", - "refinement_interpretation_Tm_refine_b9efbdd0e268f19c46ae5e7ca1d011df", - "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "c8ef812202960e86cf28f0c3fe90a232" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 119, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.pos", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" - ], - 0, - "1992e18a0dc4ae5c18146a4e8fead3dc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 120, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" - ], - 0, - "d9b1ad33868042e39d9cad21dbaa512d" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 121, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.shift_right", - "equation_Rust_primitives.Integers.u32_inttype", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_488beea0f739cfd175419847fa0f26c8", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_b81aa9d1c8765adaa5b56bbba8162877", - "refinement_interpretation_Tm_refine_be62cacabd5983e81bb66a32d8c6aeeb", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c56d8ede0969fab520d1f0f6aa6f313f", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", - "refinement_interpretation_Tm_refine_f09966661b8f2316c4f2bdb54834d474", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "50bdfab4d265e9f534917e7f22d557f4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 122, - 0, - 0, - [ "@query" ], - 0, - "3c9d0dbc3beae165fa2318b8a0c6b922" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 123, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "f6b6123911059de0af5bb79a3e81348f" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 124, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "3f242e1b457efab6f2a1f2bbcf02bc9c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 125, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "a301b4364d092098c3cf618670046eb4" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 126, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "9f8eaaf07363d46328f21b8fbb41718c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 127, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "af6f46391df5412b593407cfb14ba2f6" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 128, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "bc511ebb5c9abbede5a625f3f05ce599" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 129, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.pos", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" - ], - 0, - "21e175dbeffc8164622542e2ddffaffc" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 130, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" - ], - 0, - "2a680aa44921f81363327035a5fd0720" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 131, - 0, - 0, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5b3a72f93aae452e4bb0618cf003159c", - "refinement_interpretation_Tm_refine_6bfcf7db4f48bbf372a8d2dfa74e15b5", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_891cf327b2a58324b2af048eda42d114", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_cee45baf9a63db1c89fa378a39be1dc0", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "a6728b6b65fbb7461826b147ded96636" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 132, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "81259c86cbc67756eab7659838d2df18" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 133, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "fdbc2d2b4a82dfc55cd300acb7e82cf9" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 134, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.nonzero", - "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33" - ], - 0, - "f01ec75d9d6836bfa79ee458c37d5a03" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 135, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "10a727cdf7fa784ef083698f80a15a23" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 136, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", "equation_Prims.pos", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" - ], - 0, - "dedc5700fa235df0a8940ad85c8b1cb5" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 137, - 0, - 0, - [ - "@MaxIFuel_assumption", "@query", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec" - ], - 0, - "797457e6ace6e6a5a41ec91a672a0c9c" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 138, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0" + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "token_correspondence_Core.Convert.f_from", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int64.v", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.v_BARRETT_R", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "903c18c89eec065cf6c16f189b970118" + "5cd283354e9a57e6fb03205a864cf15d" ], [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 139, - 0, + "Libcrux.Kem.Kyber.Arithmetic.montgomery_post", + 1, 0, + 1, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", - "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", + "lemma_FStar.Int32.vu_inv", "lemma_Rust_primitives.Integers.pow2_values", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", - "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", - "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", - "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" - ], - 0, - "18357c9327f8fe00808d32db03f1a3a7" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 140, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" - ], - 0, - "d16874d93f57fe4c2eb66e495d416e54" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 141, - 0, - 0, - [ "@query", "primitive_Prims.op_Multiply" ], - 0, - "6285a08979d4b96dbb30a974cbb2113b" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 142, - 0, - 0, - [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" + "typing_Prims.pow2", "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ecde0207ab1ceb978908b64573f70eb4" + "aff931f93c12ef122538a2fa1fba8686" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 143, + 1, 0, 0, [ - "@query", "b2t_def", "primitive_Prims.op_Equality", - "projection_inverse_BoxBool_proj_0" + "@MaxIFuel_assumption", "@query", + "equality_tok_Lib.IntTypes.S32@tok", + "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Integers.v", "int_typing", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", + "typing_Prims.pow2" ], 0, - "91c96933da10c7f51776c659c68a42e2" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 144, - 0, - 0, - [ "@query" ], - 0, - "f380bc5f7792d7464a3a6e5c1dc390d7" + "b41d164f99a1d878a55e99e5ab7b8301" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", - 145, + 2, 0, 0, [ @@ -5977,11 +2420,14 @@ "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S16@tok", "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", @@ -5989,53 +2435,99 @@ "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", "equation_Libcrux.Kem.Kyber.Arithmetic.montgomery_post", + "equation_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Arithmetic.shr_i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.sub_i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.v_INVERSE_OF_MODULUS_MOD_R", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", + "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", "equation_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", + "equation_Prims.nat", "equation_Prims.nonzero", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i16", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_left", + "equation_Rust_primitives.Integers.shift_right", + "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.u32_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.v", - "function_token_typing_Prims.__cache_version_number__", "int_typing", - "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", - "lemma_Lib.IntTypes.pow2_3", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_09274165c5a70fc322c881338ab414f6", - "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", - "refinement_interpretation_Tm_refine_14329be9effbeac4ecbc93847164da33", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", + "refinement_interpretation_Tm_refine_1daee8813a3c3a43cb6d97492a88c3a2", "refinement_interpretation_Tm_refine_3062f7cc617d10a50c0935cbe1373469", - "refinement_interpretation_Tm_refine_443715b95b52c40b08e892e330553198", - "refinement_interpretation_Tm_refine_44604c84c63ee58c0896e8c0eacce778", - "refinement_interpretation_Tm_refine_541e398c52ba6518839d0d2e527ebeec", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_36bd0c9bdac71b110d1ff6fe22fb9d91", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_a8c0851e35ca12b3666f32e612d99a87", - "refinement_interpretation_Tm_refine_aebc05e73087dbb328fc20e012bb7a9b", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_ce57a561ef50362576e7de471f03bbfd", - "refinement_interpretation_Tm_refine_d30b094c6e9cba7da47a33b554179da6", - "refinement_interpretation_Tm_refine_de15ed6daae1a4612b4429c085933864", + "refinement_interpretation_Tm_refine_cee45baf9a63db1c89fa378a39be1dc0", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.bits", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.v", "typing_FStar.UInt.fits", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.range", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" + "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_R_INV", + "typing_Libcrux.Kem.Kyber.Arithmetic.v_MONTGOMERY_SHIFT", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S16@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "780fbcb15274ae161aae862f6f943fdd" + "296286f05b3c82ed64e47e71da75bec0" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -6081,7 +2573,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "5206a369285307d41a22aeea42613878" + "7eedbc6e59035e2e2f38cfd207cf0864" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -6098,7 +2590,7 @@ "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" ], 0, - "cb59db9f94edc299ddfa59a67dd4aad1" + "1d1a4d25082593781e92acb944bcbdf8" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -6172,7 +2664,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "cadaaeedf554ff469f839431eb9e83e6" + "87396f8ad959249ca5395cfaf5dd7f45" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -6232,7 +2724,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "eb338e46240c350e7ed107a303e34e0c" + "0ee2a545d9dc14e938fce7f3d1cc4fec" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -6252,7 +2744,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "786ad69db7c889697a77838a2a10bff0" + "d9d9bb7ee00d0d182f660a29fddf0304" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -6359,7 +2851,7 @@ "typing_tok_Lib.IntTypes.U16@tok" ], 0, - "c6a4925316b279df98ae4b6517396c3c" + "3338a0f0de9695c67cffa84f18af65dc" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -6397,7 +2889,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2745e87d8de80c4fe4569e03fee9c1b1" + "c15684bf96f9de5576932e72f8d60e95" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -6435,7 +2927,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "017d25c2a5300f5ed5e41d8aac679941" + "2c37abab5e40dbbd56166e80f6577042" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -6460,7 +2952,7 @@ "typing_FStar.Int32.t" ], 0, - "3bc0197edb1d0f0b26aecd921b14ef34" + "c400030890969130fb6001c6766acd01" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -6498,7 +2990,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "eb707080091a4e692f6b7c4507ee9933" + "b92269903359daffc5ff0af49f1c9b01" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -6536,7 +3028,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b101c98b9c8f34dba7d5cf8a4971019b" + "eccd6ae77b0d64bb912f7650e8f687f7" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -6574,7 +3066,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a3b9b7e512bf319bea0c4a2dc52b3839" + "81573750b4920dcf9a84e9f8a5209896" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -6612,7 +3104,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "43f8a040bdb9e3a7f8eb64b87937a2d4" + "0e9fbbdc0b6a6f4bd60b629beed30c1a" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -6640,7 +3132,7 @@ "typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b" ], 0, - "c2bd8772f94ac8f5bb5f7f853c6782d5" + "6d3379e3dc1deb1c1c863f0583903b24" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -6678,7 +3170,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ae30db03759999ed23d6e347710bd62d" + "49040f02eb11928faeb9e2e8bb29161d" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -6716,7 +3208,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0d251f157908baf34cdc373db319655a" + "e9b6d4dccf905ac8a1b1c1cd177dbb76" ], [ "Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", @@ -6767,7 +3259,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ec1e48e3014c6cdc6ff628204d37046f" + "455463324ee7d2863959b3062560ca26" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -6846,7 +3338,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "aed2d6f9f4959b37ade8487df23d7a5b" + "b13ddf98cdbaa230e6b301013f2218e1" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -6970,7 +3462,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "87812bc4c0459ecbafba7964910802c9" + "5107b7fe76c17b62cd259601818978ad" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b", @@ -7014,7 +3506,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "c132a12436bbabacd12077f11b68e8b4" + "5867092ded5974bbc53393c6ed525125" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -7048,7 +3540,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a71aefeaa10bb3c1575d447411abc157" + "0fe5175cdfbb12b3db958316aacfca0f" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -7092,7 +3584,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "841cef0782dd2bbf647afcb8c16c3c3a" + "ee3338c8df2b452460a822ecefd34880" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", @@ -7276,7 +3768,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e7bb2f1cf9367752840b189a5fec1ee7" + "bb7774b440377939089733c46cd82589" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_vector_b", @@ -7320,7 +3812,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9559c6901dcc8bdde1cfc23a5f435281" + "a53f1bc08cf35eb243024e7fa2f02985" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_vector_b", @@ -7397,7 +3889,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "59784667ed0bc53aec4e78b7e828e60e" + "7a9a71aecaf9e9d90527b2475dbe9185" ], [ "Libcrux.Kem.Kyber.Arithmetic.poly_range", @@ -7518,7 +4010,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "53e9a2b0e1f268a5fe467a787fbfa5e5" + "24c87ded66a7a2dacb229844d5de7e17" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b", @@ -7703,7 +4195,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8b8ed1c62d70b71897571af66a82572e" + "5987574b41b6acac0856eb2a510ca2a3" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b", @@ -7747,7 +4239,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7db1384c05f624d206f7da850e1ad382" + "e33ae52dd8c0bc5b0ea09c10ab49a75f" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_vector_b", @@ -7826,7 +4318,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "a2505f7bd7a6cd3a759cbee200a526df" + "e8c9f992e365fe4a7ee7a8cd846fb637" ], [ "Libcrux.Kem.Kyber.Arithmetic.op_String_Access", @@ -7872,7 +4364,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6e4b286597db17868ee587384265e649" + "6cbd1561b6303d362ba28120abf8e03a" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_poly", @@ -7951,102 +4443,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "396064e12c39de6e7b64849b57a442ef" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.wf_poly_to_spec_poly", - 1, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", - "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Spec.Kyber.field_element", "equation_Spec.Kyber.map_", - "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", - "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", - "int_inversion", "int_typing", - "interpretation_Tm_abs_1109ec8a6e71e35977bc79a4f4e881c1", - "interpretation_Tm_abs_78dc169a59feec7cb469cb14355db3c4", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5cc1cca606a548adee39e38a44999096", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", - "refinement_interpretation_Tm_refine_9a09b8d60f882fd21b3c7c5705154313", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_d17b88cb161e2dcda7d74cf193d2fcb7", - "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", - "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", - "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "typing_FStar.Seq.Base.index", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "typing_Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Arrays.createi", - "typing_Rust_primitives.Arrays.length", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "e68a8e7370cb7ff87042f503ca41a8ec" + "ca2d123af61c0da2f8fa055102fe5153" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly", @@ -8121,7 +4518,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "97e4e66ee9b6b27f59b2cd7a7c458ab9" + "4beac8a4894a529e4355d374336ca8a4" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_vector", @@ -8134,7 +4531,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "b0800288d4da782f9d98e6e824380e84" + "d5c54657332de365a6584574b590bf9e" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector", @@ -8147,7 +4544,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "b283064c4712b399781debcce13b8f5e" + "03eb14c08668b17637f71b3ce01f307e" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix", @@ -8160,7 +4557,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "2cc138bf784e582519132c05dd740408" + "fc7299ce7953d3014f7657a4dc84d75f" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix", @@ -8173,7 +4570,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "bde4bfa3a99d2cfc602145908c068c69" + "d9779e7c6c011bbb65d369b7156b5dcd" ], [ "Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", @@ -8240,7 +4637,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8e64410f9ecfe6a79dd55bbf67fb00d1" + "a8a35f880de4a8bf59aa547504798f00" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -8281,7 +4678,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "04f8395e312bce89a2c225842677954e" + "f721e641c917d45bb5bd64935f8b284c" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -8407,7 +4804,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "97a39fc8d0287d81a820522821c2cc5c" + "f4439ea944490ffc1731750cfc73e140" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints index 9381cb572..bead05964 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Arithmetic.fsti.hints @@ -1,5 +1,5 @@ [ - "+).j.\fi", + "\u001cx:xĨ\u0006\u0013", [ [ "Libcrux.Kem.Kyber.Arithmetic.nat_div_ceil", @@ -156,61 +156,6 @@ 0, "b98d2d2ec26921651d1856af647b7143" ], - [ - "Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", - 1, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", - "equation_Spec.Kyber.v_FIELD_MODULUS", "int_typing", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "5f9822e323be37e60e27dceacce92e49" - ], [ "Libcrux.Kem.Kyber.Arithmetic.get_n_least_significant_bits", 1, @@ -235,7 +180,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "475cea37f0a2eb41eea8bdba6ed67188" + "817e248357530373ff121fa70237d205" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_post", @@ -276,7 +221,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9843f05efa44342163aac4dedaf16a27" + "41a53e9ff6b60c7dadb70fd0600edaa7" ], [ "Libcrux.Kem.Kyber.Arithmetic.barrett_reduce", @@ -295,7 +240,7 @@ "typing_Prims.pow2" ], 0, - "bf66fd2e1dfb7b73fb871cf5a77d5517" + "116abc430847eb0995014f3c874bb2d9" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_post", @@ -336,7 +281,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "62ef2da42123a2d7310340e9b6aa8a4f" + "1976da03f8ae64b31a7cd274cce96cb0" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_reduce", @@ -356,7 +301,7 @@ "typing_Prims.pow2" ], 0, - "7b6775300478331749785ce45270be94" + "3dfb4b1b62562d505a3c842cd2ac4062" ], [ "Libcrux.Kem.Kyber.Arithmetic.montgomery_multiply_sfe_by_fer", @@ -381,7 +326,7 @@ "typing_Prims.pow2" ], 0, - "ffa276f51e775be346f210b306092af3" + "a18f93507cb282f4687118704eb8d0d4" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_standard_domain", @@ -443,7 +388,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9076d404666aa3dd3d5b22d5a31278f2" + "6970d4b3ffbaee1b76a5f122c46fdba4" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", @@ -463,7 +408,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "1e882870f28a8e31e8ce9d6718e0b3aa" + "0b4d22c91c8ce85e958c910b72cf4ad3" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -501,7 +446,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7a4f3ed0e2e9c9c73925b3ea20a52a0d" + "581c478b13b673248973b29041af8b98" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -539,7 +484,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4b19cf0c9c50b0c01bdddb3b7fb48a8a" + "c7759c46fa27e52eee95b326226e22e3" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement", @@ -564,7 +509,7 @@ "typing_FStar.Int32.t" ], 0, - "11166e91812c860c2213f57f62a33239" + "6797ea739480f2a668fcbeca0554d779" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -602,7 +547,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "92e1ec091bbafeeb20fa9470065d2274" + "13c3adf7a321a2990e8ed68429fb9716" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement__item__f_coefficients", @@ -640,7 +585,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0b77eab8ed7f3399bb9ffdac0577cabd" + "7160564061456b18dfc675e4daff5c20" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -678,7 +623,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d26a726d527cd56accf8d4fc17304908" + "3c106b00f51d95865482b71502455a68" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -716,7 +661,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f9526cb4a0408d666f14771318b4942a" + "ad9274617708c09d929d4868afff6aba" ], [ "Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", @@ -744,7 +689,7 @@ "typing_FStar.Int32.t", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b" ], 0, - "5eb40c033924c2c836bff053a1d8bb07" + "3a70fbb276d52c778be648878c07a5fc" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -782,7 +727,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "115ab9a3fd8e2b237760be8cad22ff7a" + "242a45e08fc06b9afae8376e6c555db6" ], [ "Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", @@ -820,7 +765,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "47efc7749065d75426ff751896250663" + "389d255920be81f175ab10d68b4a879b" ], [ "Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", @@ -871,7 +816,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "202c7cb035f005ec03b924dfee640698" + "6591da1dfd1000ad246c0c3619607fb3" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", @@ -950,7 +895,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8250ec903fb741ac1f201dbaaa7bc00b" + "a1cdbee4c91ca4a3a73d895ab998b72b" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_vector_b", @@ -984,7 +929,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "1fa0b9206483eb299cebe2b961e5e4f0" + "84bc421dc6cc0d7da7d288e7f1c561d8" ], [ "Libcrux.Kem.Kyber.Arithmetic.derefine_matrix_b", @@ -1018,7 +963,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "4eaf4d2484609a3720153189091f1b4a" + "8917ad251847b9efddc69364a530da16" ], [ "Libcrux.Kem.Kyber.Arithmetic.cast_poly_b", @@ -1141,7 +1086,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6459677d9cf4a7186dd56aec66a920f3" + "2a17070c639d812cfab5486e27ec9827" ], [ "Libcrux.Kem.Kyber.Arithmetic.poly_range", @@ -1262,7 +1207,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8a7d3f0f5ecbf6b5271e4c925cb9cadf" + "a6f2e2b0dd77137126f772fb0f91b591" ], [ "Libcrux.Kem.Kyber.Arithmetic.down_cast_poly_b", @@ -1386,7 +1331,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "018ba26e71abe5f029dbd78768f883d2" + "d6221e2b6d7a2111e9d9030c845e8ed7" ], [ "Libcrux.Kem.Kyber.Arithmetic.op_String_Access", @@ -1432,7 +1377,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "91718ea08343b7cc725794a67ee9fbe3" + "b9ad7e5e7c8447da197f746087ec5aef" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_poly", @@ -1511,102 +1456,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c80f5bec2eb60495e8d02839eeed47f3" - ], - [ - "Libcrux.Kem.Kyber.Arithmetic.wf_poly_to_spec_poly", - 1, - 0, - 1, - [ - "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "Rust_primitives.Arrays_interpretation_Tm_arrow_6f5d461f72cbd41f28adedecb28bae4c", - "Rust_primitives.Arrays_interpretation_Tm_arrow_de8d1f471f13fc5f0e023de9ccd0e729", - "b2t_def", "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S16", - "constructor_distinct_Lib.IntTypes.S32", - "constructor_distinct_Lib.IntTypes.S8", - "constructor_distinct_Lib.IntTypes.U1", - "constructor_distinct_Lib.IntTypes.U16", - "constructor_distinct_Lib.IntTypes.U32", - "constructor_distinct_Lib.IntTypes.U64", - "constructor_distinct_Lib.IntTypes.U8", - "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", - "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", - "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", - "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", - "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", - "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.int_t", - "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.lt", - "equation_Rust_primitives.Integers.max_usize", - "equation_Rust_primitives.Integers.maxint", - "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", - "equation_Rust_primitives.Integers.sz", - "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "equation_Spec.Kyber.field_element", "equation_Spec.Kyber.map_", - "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", - "function_token_typing_Libcrux.Kem.Kyber.Arithmetic.wfFieldElement", - "int_inversion", "int_typing", - "interpretation_Tm_abs_1109ec8a6e71e35977bc79a4f4e881c1", - "interpretation_Tm_abs_78dc169a59feec7cb469cb14355db3c4", - "lemma_FStar.Int32.vu_inv", - "lemma_Rust_primitives.Integers.pow2_values", - "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Subtraction", - "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_0f191a22e875f87cda4aa66ae18cac54", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", - "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_5cc1cca606a548adee39e38a44999096", - "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_87c84547b1b5a1e7ebe534837a468e34", - "refinement_interpretation_Tm_refine_9a09b8d60f882fd21b3c7c5705154313", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", - "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", - "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_d17b88cb161e2dcda7d74cf193d2fcb7", - "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", - "refinement_interpretation_Tm_refine_fa352a9b1b496f80110c6342c48c06bd", - "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "typing_FStar.Seq.Base.index", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "typing_Libcrux.Kem.Kyber.Arithmetic.wf_fe_to_spec_fe", - "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Arrays.createi", - "typing_Rust_primitives.Arrays.length", - "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_Tm_abs_78dc169a59feec7cb469cb14355db3c4", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" - ], - 0, - "4a93881353dc5831343702e9c87b3f5c" + "fb1a8d26d637562a352f2f9e7953c72b" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_poly", @@ -1681,7 +1531,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "80d6eb07839ff986cccb40e67e2de0c4" + "a59c3100a1fdfd49cf5d71f7e0cfadad" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_vector", @@ -1694,7 +1544,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "03bfa384011d19c03a66f7c344f5b1aa" + "fa5495ce712dce2d517965b827f13e62" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_vector", @@ -1707,7 +1557,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "c47a88e0c130fef4eab61e42f2a5e1a7" + "acb0cdeb0ada9328fc1aff38c1422dbe" ], [ "Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix", @@ -1720,7 +1570,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "ce9b7733d918be9cd02e7e831c1d5578" + "56be73cf53ec3aa6dc0370f22db10547" ], [ "Libcrux.Kem.Kyber.Arithmetic.mont_to_spec_matrix", @@ -1733,7 +1583,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "4393f8b0db2516873718f82f38fe6caa" + "7ed1ffdfab0bf547eaee49060f38a90d" ], [ "Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", @@ -1800,7 +1650,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d21d63bd1aebd20eb25d54fdefc77996" + "38479e7d705cab4b9edab1b3addf13e4" ], [ "Libcrux.Kem.Kyber.Arithmetic.add_to_ring_element", @@ -1841,7 +1691,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4aa74060f56a282751ae6df44c1a60eb" + "96dd8102665a598db0eea7ebc44ea471" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints index 61971f256..e899f0a18 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fst.hints @@ -112,7 +112,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3fcf25552a337e0109b1bf6c136be6c0" + "6a75850c22064278f630d33a12cae12f" ], [ "Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient", @@ -134,7 +134,7 @@ "refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f" ], 0, - "52231a9bac1eebfec3c7aabefd53343f" + "52fb7dd7e933a505c53b820325e3eb6c" ], [ "Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient", @@ -241,7 +241,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "86d0b619c1919d48525121802dc72e8c" + "7d410cf9b8486850d0a56a3b9327eb4c" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -303,7 +303,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e3c4e76377b29eaa8adb3085dd826410" + "a6c587afaf97b12ebc9426f69b86136d" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -398,7 +398,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e08528bf24168913222ea7c73cd39fef" + "8af7f2af4f392060e6d062306cad85c8" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -490,7 +490,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3af12397bb542be99204367a8a0a4757" + "30c0e1d2b214879edf6c47a530c94e1e" ], [ "Libcrux.Kem.Kyber.Compress.decompress_message_coefficient", @@ -560,7 +560,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1012075755f329ddf665d09993aab784" + "b5ca91977d3b864358266b45f3015c59" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints index 77fa0725e..f18ca2e4e 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Compress.fsti.hints @@ -21,7 +21,7 @@ "refinement_interpretation_Tm_refine_d52c8280671922ccb8dd394e8746776f" ], 0, - "8c05e430534427d412737c1eaec493f8" + "0ba8f9f6744261f24af4e1caf5351269" ], [ "Libcrux.Kem.Kyber.Compress.decompress_ciphertext_coefficient", @@ -85,7 +85,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e1c81aff7f0fe787b3d076b5ec5a2f04" + "877339940ab0e7a966ddbb5adce32951" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints index 5d7de6739..b110b7234 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fst.hints @@ -47,7 +47,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "0d348d30d445b1dffc7a5f70da6fb5b9" + "e59a5c323cad2e69ea5165b1915f943d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.into_padded_array", @@ -140,7 +140,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "56d78bfd944e350be2ef79cd7b21634d" + "776e4fb7b7aeec0e75a77324a0befd47" ], [ "Libcrux.Kem.Kyber.Ind_cpa.acc_t", @@ -181,7 +181,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "12c49b090a4d076753491a6ff371ecf2" + "30d35a3c79993000e2fe499566fd9469" ], [ "Libcrux.Kem.Kyber.Ind_cpa.wfZero", @@ -193,7 +193,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "f2f1ef79b63dde403cf093f75ab8373a" + "a08375c17c0f09409f03d28c78dc2929" ], [ "Libcrux.Kem.Kyber.Ind_cpa.etaZero", @@ -219,7 +219,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "a180e32d11ce7f0727ca81656095ef5c" + "7038e8a6ee0911f59c991375a8d63375" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -303,7 +303,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "571a034f1bb53cb36eb82d827fdcfab8" + "f8f75e06fad13a1152f79c4ff674c8d4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -413,7 +413,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "7f0b367bf84b597a361301833f16405d" + "1c47c1bc0aaebdcba9b54031b7086ae5" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -523,7 +523,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "362563e470d689fe20673f0228a12a28" + "f1ae045c299b25ed0aa61383e56e628d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -603,7 +603,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b23fb4305c249829925435a340a5e363" + "dfe624bf8e2313e7b7d22627adcc8423" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -724,7 +724,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "305581cd7fa48c8d4b56d8f3df7c896b" + "8e4901e31dd83747399fd96899bf26f6" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -843,7 +843,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "315304047df9944acc196e7a821129b3" + "7a457d8d6c4785a4c2948e63143ddf76" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -907,7 +907,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8ca16d93f3647fe5af6a9e6495557c5b" + "a37e8e7c5927d6459c6ed473e3c9179a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -1040,7 +1040,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "38a46c54c9563f81aff5c28d726b514e" + "47462c80da4a42028cb648f4ee43f778" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1090,7 +1090,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "cd2d80c8e47359d4cbd64695be4421c8" + "727d6d746a48cc9312a23a8c163eec74" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1104,7 +1104,7 @@ "refinement_interpretation_Tm_refine_257ddf45d97229b8c327236723913127" ], 0, - "f62a34b342827a68028c49a96e3827a3" + "6a024e654630366a75842a950371386c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1125,7 +1125,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "63f334c6c3ba6087911b3be734fb1b16" + "0230d766a36244e4baecdd15765420df" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1146,7 +1146,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "de5c671fb5d0b3a59a884774230b05f8" + "6b141e37465667ae31d1660aa58dd2b3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1183,7 +1183,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "a26c3a24f07bfdb3df210ab0e03342ca" + "dd47652e8c6b1718266bb98131de1ae0" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1212,14 +1212,12 @@ "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", "refinement_interpretation_Tm_refine_84b2ac843dbb7ecfb6a9a7e0dad290a7", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_d87987f504b518e52f51d8b3c3b4380a", - "typing_FStar.Seq.Base.length", "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "7089f5129d9dda8143cab74f3a21c023" + "7d86f7b392c3e605afcb4333e45eb4a7" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1275,7 +1273,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "679dc5024e33a3d1b0a2d05069c6b6f4" + "de7478574faa7a2ff57a80caa8ed1ac1" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1355,7 +1353,7 @@ "typing_Spec.Kyber.v_CPA_PKE_CIPHERTEXT_SIZE" ], 0, - "5965f1f1618b27944601033adbf60692" + "d816926d51c40f79417cbdb3c59d6bb0" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1408,7 +1406,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "8d1ef68521bcb4f2f1bca0b5a3c43c9d" + "59a6195352cffbcdb6a2943ad07af81a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1448,7 +1446,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7953a0b07fe142f027cd73433d4e1103" + "80e82f69a0b33661f9f36581226b55c9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1498,7 +1496,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "25502e97923814a0ea48be7e89553b84" + "3bea21db4db5b9b803cb638c343f8711" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1553,7 +1551,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "efa9bb00a6b86d27696500aa7628d16a" + "ca13fb996285305cfaac912b84f96f13" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1619,7 +1617,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "395d932b7d6633bf4839e36cd165228e" + "84179668e4e0e0fa9e7e88719ea990a2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1632,7 +1630,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "61297d1437063895a5841ed444021cb7" + "da17e3402e3f116d4e5c789375e846df" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1719,7 +1717,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "361c5f2d85c5b61a6e4788104eb47765" + "be3f47e40d94821b2d7aa045a0285d8f" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1731,7 +1729,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "c275a596a36ce707e03e1d46569d2746" + "e032e45a78e08f4cf025652b33cb8e9e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1740,7 +1738,7 @@ 1, [ "@query", "b2t_def" ], 0, - "b62306100215cad61cbd994bedb33229" + "709c6122f8381a7e969ca852fcb861df" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1783,7 +1781,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1ec9506a4b465674fea967994f772695" + "e33c2a66e108c857e6b016ae3fc336ab" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1796,7 +1794,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "8dbc136e936f322d5a4b01d5f7f3af6c" + "9d225169555733e3efddfb32028477db" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1867,7 +1865,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "541cbd39fe267428dfafee5b457eee11" + "f369750674de059e3960adb604d9986e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1881,7 +1879,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "1e633e99f941bf403eb9ebf32a21dd09" + "e1f9b674fe7276c44e637accabe9de94" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1896,7 +1894,7 @@ "typing_Rust_primitives.Hax.repeat" ], 0, - "8d6a9118a5e78fe208c782e798d98a93" + "6be43a954b2777c2ed571efd8974d74d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1910,7 +1908,7 @@ "refinement_interpretation_Tm_refine_e33ef3e91a65929af022db19081d1ff5" ], 0, - "d707787ac5970aacfc5156aac317a253" + "edf96f52ab34ee74ca368a8e3ad21581" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1919,7 +1917,7 @@ 1, [ "@query" ], 0, - "f2365d26f533e9c92f6c770e4775b8ba" + "d6c2eaf50168b9728afc44dc34cfe127" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -1954,7 +1952,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "3d532f975d88081c5c699fa861854bc4" + "a959f45fe15163be004f6136ed1e1b17" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2007,7 +2005,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "b173468ae9e5d401325e4f15ed979eed" + "6f96730ccd379939e20bb20be1746305" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2038,7 +2036,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "e6c88e79fe8793808e841789390e758b" + "5bd964c3fffb53a2309a5fb2b27472c0" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2060,7 +2058,7 @@ "typing_Spec.Kyber.v_C1_BLOCK_SIZE" ], 0, - "e461e47430d5dea56300e24df4305839" + "fcb90648828f91eea47ceac52af397ff" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2082,7 +2080,7 @@ "typing_Spec.Kyber.v_C1_BLOCK_SIZE" ], 0, - "2674ea7d4e061dfcf008df4fd9cec8b3" + "68d1d77e422eb06073da4568d99e6f9a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2137,7 +2135,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "3b0ba87222b11f9f076cf0eb8f1ce658" + "3606f0c6eec3af47b544be99f9d1d37b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2162,7 +2160,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "e9b26ab236ddb3bf5f92869892b2e35e" + "34daa9f858e984e916fc18827fc40189" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2179,7 +2177,7 @@ "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688" ], 0, - "cc665f8e0e6ec9dbb3d31db1e390bf94" + "cd5b2f23ddbbf4734bad598dfd524114" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2199,7 +2197,7 @@ "refinement_interpretation_Tm_refine_e2e762f87b9fab3208089befe760c551" ], 0, - "8e2fc2e6741ff8005e5b3606c4c78f0a" + "4e7a315725ae8039fcd8dba888be7de3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2226,7 +2224,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "51d1cd91fc4f3f7bd3770f0f59813ab9" + "fe98c7edf5ff81b0fff5e687dca2286b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2242,7 +2240,7 @@ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178" ], 0, - "0dd78ccd82c947b9e371df71af88bf05" + "10fdb4193715ee1d60744082a1119dd9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2265,7 +2263,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "342e92e6e769e006ec71f616e1ba8085" + "815ae84cfbd97f414dcb6adb9368aa2c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2277,7 +2275,7 @@ "refinement_interpretation_Tm_refine_1780e3e3423d75725ae206b5df95a0a6" ], 0, - "f18f5bbb3bf32ff632fed17c30db3236" + "60486d7456385e993423a14e23da4f61" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -2289,7 +2287,7 @@ "refinement_interpretation_Tm_refine_bb4a6fcea4effb263c4c9aec6fa6b2f7" ], 0, - "64f503f9c4df5287376060d68dcebf62" + "2517a242089b5054b5a9e1fe36a2228f" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -2373,7 +2371,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "25dbaed95e9cbc9c8ee2683b67058f9e" + "7b1d9e649746b4d90049dae485843577" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -2510,7 +2508,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e92274ceece7244bd5e54b1ab1df516d" + "cd56e7031712c60316df4ac3cb89ad7d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2560,7 +2558,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5db994cf85b2bac15a42a91622af3ca3" + "c3b3ddf2fcc24c180604d8d688181a48" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2574,7 +2572,7 @@ "refinement_interpretation_Tm_refine_04d1a41375cb265cfbd8785ad22877c0" ], 0, - "100c9c4299a9c9667b6f6edbc8a45480" + "e12c93d4471c40153c7ebb2fc169c1bb" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2611,7 +2609,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "5164fdff491f97f854c5f6bb0dcd3be8" + "03e916fc52d2db8ccceddfb824002d65" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2665,7 +2663,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "e5e2fb57a884da4b9ed534641609d613" + "1f7645ba7b1305136d9754d8e1637fdb" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2677,7 +2675,7 @@ "projection_inverse_BoxBool_proj_0" ], 0, - "5e8cd6169a20a141c4fd30ca7721e2e0" + "bab5d9bbcbafd2ee4133325849ba38f9" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2686,7 +2684,7 @@ 1, [ "@query", "b2t_def" ], 0, - "dc8f6101419d680916ff59473b7d61de" + "4f6a8d3f12e89b888df1132f3465facf" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2723,7 +2721,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "76f66276f5949bd6e5f2ba11c05301f9" + "23879d451a0b175208f949f679dcfe9f" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2799,7 +2797,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "6901de6dfc1e3b78221177613b9fee8c" + "e26cc7af6d3739a1eec35aef7e379fc2" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2811,7 +2809,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "fe537b8f97ec03bca8630e0803861b11" + "4a192b3649fa328f29b613d81f949a69" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2826,7 +2824,7 @@ "typing_Rust_primitives.Hax.repeat" ], 0, - "f6c2a5bbc8a28618b8e85195511daa41" + "4e6a2d9e764e5c39371523c522604585" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2838,7 +2836,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "3d1d7dbbc5e63695a7f7523dfc6d83cd" + "0046d4d8bdc6ae72a8f290bb9456d83f" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2847,7 +2845,7 @@ 1, [ "@query" ], 0, - "da3144df74891aa33ab64bdb4433e5ef" + "99f46e9dd41c3c4dc3a8fac877698ead" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2880,7 +2878,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9b6e9d2d6dc059c7b14a106c002e8fea" + "7711a6cf0fa82669498d284d1871a56b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2931,7 +2929,7 @@ "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.valid_params" ], 0, - "5b206f38d41273a5a659a5b06b652b13" + "97e04257863a5862070c95b5a890120a" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2954,7 +2952,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "e99c21ef8bcb95914bcf34434129b105" + "bee8a9764048cb152bab526373531979" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2976,7 +2974,7 @@ "refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9" ], 0, - "5d3e1eca4f4fd6a466d9309d5b850814" + "17bc19c669a0bc9e1f37625fad9f3364" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -2996,7 +2994,7 @@ "refinement_interpretation_Tm_refine_d0dc20bdedceec60adaee00b6c4072ec" ], 0, - "314719c67c85a7d21db9a85d18482513" + "23df95e25d15ad50e35f17268035ce2b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -3022,7 +3020,7 @@ "refinement_interpretation_Tm_refine_feb7e834582289fbd89a200bfbc499b9" ], 0, - "e6a16962d9c12b4f1b01329ad1305bc6" + "88696527b5359a18c6f60f96f4d06a40" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -3045,7 +3043,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "a209b0426eeb4cc5454a992d63f708d1" + "83324114da879bb7a37755c35bedd76e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -3057,7 +3055,7 @@ "refinement_interpretation_Tm_refine_91aef11d36a5ef4d927e7ba47e560947" ], 0, - "5f5f5135d3e157dec16a875bf399a975" + "5afeb1d03dd2ad2720b59def1a48d008" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -3069,7 +3067,7 @@ "refinement_interpretation_Tm_refine_584f0eb673831c31e84c27dd07e5ce0a" ], 0, - "d1905fccd05205683ad0affc57e3f0dc" + "66855dde4b52897477374f1b0f80f87d" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -3129,7 +3127,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "011edc326ce97b5fdbc901a13920a966" + "cd312079bb9459c6faa686a30cbba0b5" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -3266,7 +3264,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "f05846026fa629ca903d5c81a0f39961" + "10c59a6053c9799fa9fbfd1b55a0b71c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3337,7 +3335,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a5e3318595c47bde1b12d5e6a9939883" + "891607c78ff6864f4bc4ed666a25683e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3531,7 +3529,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "faaca9264a5f365c60fabc98bfdf93f2" + "07c194699d4bacf1144d95dab7ac9980" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -3723,7 +3721,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "1c4305afbac8855b0f934757942c81a4" + "101a7ae8a434449d0f371ac5dacf36b4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -3777,7 +3775,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "49db2a27c21146deba4c7ae09075c795" + "ce0d5da893bb2976139844c021b75cca" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -3928,7 +3926,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "7a1592394855606338b224c6c00648b2" + "a047adc38d5af1fd310a200f54ee376e" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -3998,7 +3996,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "59bc8335ecfb6c355b845df7239feed5" + "b404bb38ac71ececa9ec8049363ae3b5" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -4124,7 +4122,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "532a4fe698a83e89bdd4260f21900548" + "a84d618591ceddfc2b8b2ae6f1b2edc4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -4161,7 +4159,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ebdc96675e21abcc9e3b94223eedd648" + "f02a58f4d2d25977bc0a0e18df91154b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -4273,7 +4271,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "ae5c4aa8bea8bba2b7769edfa390e6b2" + "3c1df48304d3337a3c6fe207e3e6982f" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints index 9c0c122c3..891bbbb44 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ind_cpa.fsti.hints @@ -47,7 +47,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a2864dcdcfd4e3f9433f357645d211e2" + "9f758f61350b1360455f6f174c0696aa" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd", @@ -132,7 +132,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "cbbe57134c69f94740f0f2ac5b035c8b" + "d263ac21f92213ab15d9691ea50c76f3" ], [ "Libcrux.Kem.Kyber.Ind_cpa.sample_vector_cbd_then_ntt", @@ -211,7 +211,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "df6f04ed8c3ec5ab3f7ff0affd6cea12" + "affa5a85950e24589138e843ef0d548b" ], [ "Libcrux.Kem.Kyber.Ind_cpa.compress_then_serialize_u", @@ -275,7 +275,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3a2a23fbfd0b78ee4914e27126fdf3d7" + "2686c81df8533b9b6919362196b912d4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_then_decompress_u", @@ -343,7 +343,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "f14d0d223fdfa0d3d8934a31d8f79e29" + "2243d269ee4093014d488b96b025f9c4" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_public_key", @@ -431,7 +431,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "883df3824b4d343482883a2bfede793b" + "65eff9a56116b8bc6dfa681fa23c2f5c" ], [ "Libcrux.Kem.Kyber.Ind_cpa.deserialize_secret_key", @@ -495,7 +495,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "a6cca08f1b72466854563cc5a82063c9" + "9a92b08b061ecd8f7c53353fb33eb476" ], [ "Libcrux.Kem.Kyber.Ind_cpa.decrypt", @@ -555,7 +555,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "701e4c3f583908c3584edbffed4d9fc1" + "ee6f20799269100e15d08dedf9ce9ec7" ], [ "Libcrux.Kem.Kyber.Ind_cpa.encrypt", @@ -626,7 +626,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5eab150b79c5368eddbb095287b4ffd3" + "737de230017e971992fda8e7176906fa" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_secret_key", @@ -680,7 +680,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4b035d40ced6fccced2f42620f82da98" + "0bc5b44bdd469619464e681494b15511" ], [ "Libcrux.Kem.Kyber.Ind_cpa.serialize_public_key", @@ -750,7 +750,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6e736742e8f0499d4163fffdb6d57ea9" + "54bb589d9c33d85e5a74378d504172b8" ], [ "Libcrux.Kem.Kyber.Ind_cpa.generate_keypair", @@ -787,7 +787,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ad65278c9afba3ec0d012243751c186f" + "344cd08f227190d304292f72fb5a95d1" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints index 6f7f25267..01ed82564 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fst.hints @@ -60,7 +60,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d6d0a57d08646ea59ddbf9527fe666f2" + "1d4f0e76fa91b31022ccaa099711f10a" ], [ "Libcrux.Kem.Kyber.Matrix.compute_As_plus_e", @@ -118,7 +118,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "7be4e5d2476063c1081c7cdcfdd1f8d1" + "48468c572146e16bfa7a2840b05e5653" ], [ "Libcrux.Kem.Kyber.Matrix.compute_As_plus_e", @@ -297,7 +297,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "04860a2e8fa693a6842573d60f4577b6" + "491ef94da7d623e46f7287f3d22da1fc" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -344,7 +344,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "e0a91119d3ad113e9df99655fed7d645" + "35af93c30faeb5ca0ac339d9d573abeb" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -510,7 +510,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "c1f5180122b245a5570fdd550ea4d0a0" + "707595d0de70771cdb19be1993e87e99" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -557,7 +557,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "855ee46c889f6a9d8b5298ca345e2d8a" + "eaafb151f1b01e1960f58c3e93fff263" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -723,7 +723,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "6c1254564a45696374d9e651651f82af" + "9f7df60f9ba8281e9228e2f9fdd090f6" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -770,7 +770,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "39b91bb9c659cdcee3c39da69962429f" + "39916bfc380441ce9ae29b99e0716d0f" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -959,7 +959,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "06563eea66be3ce0068c5d0658e94753" + "5154b72bc4a4103c18d9e41c390a75e4" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1038,7 +1038,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "ad36cb26141cee6b05ef3fd50ac007cd" + "cc87b93fe4dc4a1bd200dea715959727" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1135,7 +1135,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b35a151a746d043e11be9e265480a0d9" + "cc07d67fa446757c0372fc101dc95a80" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -1232,7 +1232,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "e17f56d8f9c09e4ae0be3f08407e6895" + "63eeb907e49aadf8d5699f76d869e78c" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints index 89e098e0b..a252b3811 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Matrix.fsti.hints @@ -57,7 +57,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "1f24f0bc3fb93658de04c57d3bc7b878" + "0de7c542d2608c460d0a0c91d043ed78" ], [ "Libcrux.Kem.Kyber.Matrix.compute_message", @@ -76,7 +76,7 @@ "refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e" ], 0, - "97b5eca4ceb16b701b1c14ca5b6abd5a" + "5f50ce2ffb27334996096fa9cc9b05d6" ], [ "Libcrux.Kem.Kyber.Matrix.compute_ring_element_v", @@ -95,7 +95,7 @@ "refinement_interpretation_Tm_refine_91f3e355a68e029a1d9c76dc5b383c7e" ], 0, - "336bdb990231387f8034d9e0b1a5da10" + "58c61e1eb09fc553cb5f234ce43f332b" ], [ "Libcrux.Kem.Kyber.Matrix.compute_vector_u", @@ -142,7 +142,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "81e8f9058b584b321c28bbcf9c393254" + "81c38cbb25011422497761466ff95cd9" ], [ "Libcrux.Kem.Kyber.Matrix.sample_matrix_A", @@ -221,7 +221,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "a6d3da798ab49f66f7fc0923f19c9a44" + "72a3accf7967684e3d1cf87663bed61c" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints index ca91f49c7..0a4dead32 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fst.hints @@ -73,7 +73,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2133e942d7a928943fc375f2554be2af" + "9a1f3b8d09fcfaf4a3a24fef3ae40dff" ], [ "Libcrux.Kem.Kyber.Ntt.v_ZETAS_TIMES_MONTGOMERY_R", @@ -164,7 +164,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "22f51a80f932c5a853915a9a91a7e8b2" + "f355799070db2cbb08a49a94f62c76b1" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_multiply_binomials", @@ -229,7 +229,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "c31894204867c49773f76ccc7fa301d6" + "e74c18347e7f8fc1d7a47d68cc34e876" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -251,7 +251,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "9dd4fb999295ed193627b94ac679d3fa" + "b2cbed5a79bc71f63720498edd48083b" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -357,7 +357,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "96fef98d5d02afdd6de8786add8cf3a6" + "630542eb8e703c877f74166df583266b" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red", @@ -463,7 +463,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2f0e4b0fbdf3979ad2ea5e2c8dcecc56" + "7b79ff0b9a877a468b58e915d45cd2a2" ], [ "Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr", @@ -492,7 +492,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "e370f197f41c41b3abe44011400b4e83" + "dd96cde942ab2885b66a667712488b2f" ], [ "Libcrux.Kem.Kyber.Ntt.lemma_zeta_decr", @@ -550,7 +550,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "d96d1c6d89b8c5f5136610309c9d626d" + "d54da0b50c8afad5b2cc14ad2e2a02eb" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -568,7 +568,7 @@ "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6" ], 0, - "c6485e8a18a84f615b7dcb2af38367e4" + "0ab3362d5883add954a7a399e343ad41" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -701,7 +701,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "b44795730226e091bcd566b63c340286" + "1c8f201419e28f94c72ffeb062c2ffaa" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -857,7 +857,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "96801c896da02c4693769415b6a0d0de" + "0092d44f9ffb043d6ce4c4c42e5eafd5" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -870,7 +870,7 @@ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1" ], 0, - "116a994d49262707af1ddaed86fad4de" + "b1cefa86d697f3a5d50a071f5425e171" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -1008,7 +1008,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "f988d53e727df0d9066420f7c4699995" + "8279f14b619d624718a742d460e358e6" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -1151,7 +1151,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "ea2ed77f4d74540406c8d11e796f0326" + "3ca54cb65d6b42a45281dffafa7f5cca" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", @@ -1170,7 +1170,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3e3bb1610b13563b9844a87660d82d86" + "0b8c94c2c928ef9e172126bd9eb43c56" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", @@ -1258,7 +1258,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "21c78ba5f6798130658d1ec4b207600a" + "6f067ba7292c7ff0f097ee3a0a5b64f8" ], [ "Libcrux.Kem.Kyber.Ntt.mul_zeta_red2", @@ -1344,7 +1344,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e35b2a97aac61473ed10189ce68d6f4c" + "f410488447a6e19c055740112f838068" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -1363,7 +1363,7 @@ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3" ], 0, - "5112c2c0f71829f07b3927c3ebe22bb8" + "8d9fe7c40d71fd0d2250b5e15e49d4c2" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -1540,7 +1540,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "7df1e7a4e076911d21cc39ef1aa3dfc8" + "46ede34b9aa295281ba24927509ef519" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -1700,7 +1700,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "1581a4eb31862bbc37bdc1eb9679e2a5" + "5c90e202a78d92c1bb09ce22e8f7ddca" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1716,7 +1716,7 @@ "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb" ], 0, - "a55d5158cacd57e6694b1e4482749867" + "f3e6dd02221c5de9989cbae47f561569" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1784,7 +1784,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "730991e97a3b5bf15a8e18480c693648" + "d0aea49982d80ba8e81f734f7d7514d1" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -1852,7 +1852,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f76a334901ca767c86fbf13c77e718d1" + "ad3c56fc4ac0ca442588e4f5148b75df" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -1868,7 +1868,7 @@ "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329" ], 0, - "b177ba589638b78269d83eca2ec960fb" + "74a262b668363eee4a2ce4660aa84f4b" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -1937,7 +1937,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "287a1bf45cb64df355394d22ab0c339e" + "6d8a33a9cdd496f12526f2fd366548e5" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -2006,7 +2006,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8c0c29e10361a2b487722207d33d1956" + "c979083a7f359dd444b84ddc02082c43" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_binomially_sampled_ring_element", @@ -2154,7 +2154,7 @@ "typing_tok_Lib.IntTypes.S64@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "ca71fada018105a675bf6a76c63951ac" + "74053562571e680e4601ec3f9bf6729f" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_multiply", @@ -2259,7 +2259,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "885283dceaa353c91813bc868d63e2a5" + "2ef04c3218d99763ccfa86ce826596dd" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_vector_u", @@ -2380,7 +2380,7 @@ "typing_tok_Lib.IntTypes.S64@tok" ], 0, - "39d29397a27f6af4bc2f6d48464a1516" + "b8df67492a729c6e06f690b696a082f1" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints index f67bb6bbe..4945a2d26 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Ntt.fsti.hints @@ -54,7 +54,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b75e11aa463a26b006c46fdd11914558" + "2b3b76579b36ac40142dbe88e92e0c26" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_at_layer", @@ -72,7 +72,7 @@ "refinement_interpretation_Tm_refine_f8174c18c56fd6df717c2f2a2413c1d6" ], 0, - "e6b6cbd6ef173f98c898649e583305fa" + "ad152f65676d4433ae95c559064196b5" ], [ "Libcrux.Kem.Kyber.Ntt.invert_ntt_montgomery", @@ -85,7 +85,7 @@ "refinement_interpretation_Tm_refine_b96c3a91ffd08381895b0572c92ca1f1" ], 0, - "50779697ce4e5a4d2fb553c1699c83af" + "42df19b0dbf785682a59a0939de6bdde" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer", @@ -104,7 +104,7 @@ "refinement_interpretation_Tm_refine_d19e07791df93b4105608038d77338a3" ], 0, - "89978c56ff03a7f83509387434919a24" + "63899756015da60ad11e912eebd6bc66" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3_", @@ -120,7 +120,7 @@ "refinement_interpretation_Tm_refine_9a2bee04172a2f8c14b17f79602284fb" ], 0, - "c093632c44b14e1865995e40340a47e4" + "be162df816b9c933ca736beb61294a1a" ], [ "Libcrux.Kem.Kyber.Ntt.ntt_at_layer_3328_", @@ -136,7 +136,7 @@ "refinement_interpretation_Tm_refine_298356af413859d3c4b76a94198c2329" ], 0, - "c5e9aad36242f26ecdd95a7140f5635c" + "b8260ca9999852a52058e8e9fa1753d4" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints index c9473cab1..aa2bfc5e9 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fst.hints @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "856d960afcad45c373826315bf67483c" + "5df1d90ca2164cc55c3d7d2636f462ea" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_2_", @@ -238,7 +238,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a823c2f920712d535f7306b58728ad4d" + "bae1e88c9d197ce67a01177754e6a506" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -308,7 +308,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d68a5b93a6090701e6b799c039f7b2fc" + "795dd188ec154cd92ce4483969f2b9e9" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -472,7 +472,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a1d235dc66f221d4fbbd5affb6a245de" + "f818123d443b6c516bbb12fd0c3b87d8" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -542,7 +542,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "b4da0d1e03a120640b858714b44cdbbc" + "e1394e38bb279cfed0bae567e34b0f70" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -632,7 +632,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "92cee1717d4024ed9ce36a0f76b644a8" + "7b5142d6da856587f33629ecf1e1497f" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -670,7 +670,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c1d45356ca5332c131349d71e4658734" + "debd39a1a5671e6ae8701571acc1a905" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -828,7 +828,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "f3b01456a69ce552b9ef2c3988f768b3" + "a61777fea43841a50898bf05f732bc61" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -866,7 +866,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1c9c37dd9b8ea3e6815626746b7feca7" + "dcbfd20070b151f9ecef71df5ca5de1e" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints index 18db31211..fa1ae74c8 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Sampling.fsti.hints @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f3ddd1b1a32170fdb07bb38b30b863aa" + "4a4d0ad0f86b72f8b7eff669e16b55d1" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution_3_", @@ -137,7 +137,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6489272086bfbb2c592494113f5dfec9" + "a549904f31962cb464ac5a00ef2412ac" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_binomial_distribution", @@ -206,7 +206,7 @@ "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "1950456460913734bfc2d0fe29ba48c4" + "6ca7728f6b715bff43d571224923f841" ], [ "Libcrux.Kem.Kyber.Sampling.sample_from_uniform_distribution", @@ -244,7 +244,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "fc42efc7e05faa9dc99fb78ff796ad6f" + "ec3598a5f56fc9180715d9dffa1439f4" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints index c14775edd..df552fe88 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints @@ -1 +1,8278 @@ -[ "Di{nD2Ql", [] ] \ No newline at end of file +[ + "\\\u001cY]YUzUM;", + [ + [ + "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a" + ], + 0, + "244835a4702d2db3ee2e98b2d018e4af" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "ee5bec3277b81bcc083a1da0489006a2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", + "MkSeq_interpretation_Tm_arrow_5765cf80a31e12b6cf9294aa374986ee", + "MkSeq_interpretation_Tm_arrow_699c8dd73beae55d251f2f1ab7800f43", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", + "data_typing_intro_FStar.Pervasives.Native.Mktuple4@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create4", "equation_MkSeq.create5", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create4", + "function_token_typing_MkSeq.create5", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_a9b198e31fde8a384087b8239a5e2e08", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_cast", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple4__1", + "proj_equation_FStar.Pervasives.Native.Mktuple4__2", + "proj_equation_FStar.Pervasives.Native.Mktuple4__3", + "proj_equation_FStar.Pervasives.Native.Mktuple4__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__1", + "proj_equation_FStar.Pervasives.Native.Mktuple5__2", + "proj_equation_FStar.Pervasives.Native.Mktuple5__3", + "proj_equation_FStar.Pervasives.Native.Mktuple5__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__5", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_fc12799aca7afdfe7dbfd8172fc58a83", + "token_correspondence_MkSeq.create4", + "token_correspondence_MkSeq.create5", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.List.Tot.Base.length", + "typing_FStar.Pervasives.Native.__proj__Mktuple5__item___1", + "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.maxint", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "d3f1f31f89a244094de8b787d7fb003e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 1, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "a8011caf675ac5d4b91020adcba83a2b" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 2, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "a5289797dcd6f9e70dfceed6e1128fc2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 3, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "98d109c31371f5c2036a08ee6f5ca30d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 4, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "00f3e1bcbc818fee0db7304dc58c7e5f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 5, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "a26a6ac921f41ef3151cfb85a74d8b4c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 6, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "71cf19604f7b4e829d01e332d26ed356" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 7, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "5d0654d69934998950e8574df4595ba9" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 8, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "665fae4953829d05653203c1fd92e8dd" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 9, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "69027af3ac2b77704e3d8083587475ad" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 10, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "956b5de5f23b85c0bfd6baa869c64814" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 11, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "f7b8423297b61aeedf11ebd406ec5de6" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 12, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "df343cbb2995af47eaa45fd79fe9e232" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 13, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "7329b69888145c9f405de7f01ec4b7b2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 14, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "86475048498dd4cdefdfcb89b08683aa" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 15, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "1c30c144f9828dff8cdf73d7542aa9d2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 16, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "cdb4eaa1745c39b152ed52ddb52c0e91" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 17, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "47d805ac7bd5c361976b65b24e15b527" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 18, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_234bcc9a10d7cb32aa417591eceec75c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "fc2064cb143b3e18e48a97f3083d9d45" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 19, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "8900ba14a935c57c6a0bbd207712414e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 20, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "4d8890ef83a60f6e365361f3f4e07cfb" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 21, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits" + ], + 0, + "0e3b6e9ff7207567b5d00902a9935423" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 22, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits" + ], + 0, + "93e56a3493ac514fe1b4a20bd3db9063" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 23, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3700901ab829772f6264299ef9d336b6", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_5dc7a15c518e00b12f33d62ec3e061af", + "refinement_interpretation_Tm_refine_a17f0f6ecfa442a79ff1a1721abb0913" + ], + 0, + "03d8bc225b5eea1bdd7d15ce562fca29" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 24, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equality_tok_Lib.IntTypes.S32@tok", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" + ], + 0, + "2cdc0566c3bc9649c1753d2c792ad9e4" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 25, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "800c33a589b14a3b29932131c6753836" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 26, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "cfe8f8d67f25090cade0ebc7dc70c40a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 27, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "3c73d8e5e6772911c77d6b51b6843b4d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 28, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_FStar.Int32.v", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "ef1f1b00107da04eb564043b4473e1f2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 29, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "6dc4e280429ec677ec8dcfb40bad3385" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 30, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "392b3919b95aa7342eef39b351665ab1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 31, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "ff2442d800e58b02fafd8041fa723e57" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 32, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "a37cf53b290e696ab9617199e020776b" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 33, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "96d3ce47ab8dbf31aeda13419749a879" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 34, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "70272e2bb4689f5d370e9c5264ed9989" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 35, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "a8254fa1b6d0955f35635b1f2235fdf1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 36, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "cb9b09ac9619a0a91d39022268320d33" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 37, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "14b5a3dfc8bd6533097b17ec1c68caef" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 38, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "ef67ea625afa0c098682966ebfa26ccf" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 39, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "e5cf86f071e35fb75de4652f33df14d5" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 40, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "9b5ad481b2f5d0cc2780eb7ddd7b8f40" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 41, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "93c5463acdfb93e4df58bf684b079d2e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 42, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "f9c0f56d4031dd40bc81821ea25478d1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 43, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf" + ], + 0, + "1cc460627a7607f3d6f1e3317d51f74e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 44, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "8f44eb99a20d63ff6c65c0a42f6a3f24" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 45, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "961fa833e067e508b0dbd6d57921ce7c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 46, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "4cb6a77d4ccadd39e43c5312a4a1dcec" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 47, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" + ], + 0, + "865a5c9ed558a6e00c25a4cb5434e07d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 48, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" + ], + 0, + "d826a130bc3f22468da286e1d2911d79" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 49, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" + ], + 0, + "bd003eef40f8d59d3791a501987dda8f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 50, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "df8dae11f0f94e860544ff4f7a31f6d0" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 51, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "f2fc5b05dfdeb13ca1b7bfc79afca671" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 52, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "ea888cca1bb7921e1b66e4dd4743f86e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 53, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" + ], + 0, + "952e0af34f8174d6e9225a18ccb5b27b" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 54, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "da34fe254541b200ac31e2195aab48a9" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 55, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" + ], + 0, + "65024a46aab23a985c2f72736d9f3e66" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 56, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" + ], + 0, + "361d062c71ff19931abb2e6646e10048" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 57, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "7e92cd6f8319a2b2fa4bb04e29c052dc" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 58, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "512bb9930ef045a7f3d38582314235a3" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 59, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463", + "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad", + "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", + "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", + "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Seq.Properties.createL", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create11", "equation_MkSeq.create8", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create11", + "function_token_typing_MkSeq.create8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", + "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_cast", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple11__1", + "proj_equation_FStar.Pervasives.Native.Mktuple11__10", + "proj_equation_FStar.Pervasives.Native.Mktuple11__11", + "proj_equation_FStar.Pervasives.Native.Mktuple11__2", + "proj_equation_FStar.Pervasives.Native.Mktuple11__3", + "proj_equation_FStar.Pervasives.Native.Mktuple11__4", + "proj_equation_FStar.Pervasives.Native.Mktuple11__5", + "proj_equation_FStar.Pervasives.Native.Mktuple11__6", + "proj_equation_FStar.Pervasives.Native.Mktuple11__7", + "proj_equation_FStar.Pervasives.Native.Mktuple11__8", + "proj_equation_FStar.Pervasives.Native.Mktuple11__9", + "proj_equation_FStar.Pervasives.Native.Mktuple8__1", + "proj_equation_FStar.Pervasives.Native.Mktuple8__2", + "proj_equation_FStar.Pervasives.Native.Mktuple8__3", + "proj_equation_FStar.Pervasives.Native.Mktuple8__4", + "proj_equation_FStar.Pervasives.Native.Mktuple8__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__6", + "proj_equation_FStar.Pervasives.Native.Mktuple8__7", + "proj_equation_FStar.Pervasives.Native.Mktuple8__8", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__10", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__11", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__8", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__9", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_03288e8cad3d11e26a62a263d75b4cb9", + "refinement_interpretation_Tm_refine_0900f6d27eee08e6b24699af33bdd980", + "refinement_interpretation_Tm_refine_0c9b06294dff41094502d49f1333bc66", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", + "refinement_interpretation_Tm_refine_11bd00882981a11bde2b7488a120fea3", + "refinement_interpretation_Tm_refine_1630095134d496251f9dbee10f563351", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_25a3ac62ce8d1d795628b758d48abad1", + "refinement_interpretation_Tm_refine_285d5ca95815dcb9fcec0ae13da5f30c", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_3012dc4a62607a165775ce6122df6b27", + "refinement_interpretation_Tm_refine_30981af7fd860e5c568b8d009530eb31", + "refinement_interpretation_Tm_refine_323fd021d67da454aac7a72ae61803ea", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_407639fa4a3a9bfc3bc6bbc3909bfc4b", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_43033bd40b37c27f3970f3d3c9a83a5b", + "refinement_interpretation_Tm_refine_431c6ca16285d5a76e2c88d2d1dccde8", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_4ca250af55e851798f1f7ca27370fbd4", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", + "refinement_interpretation_Tm_refine_584b3a9a74baf7a29d3698b7516c2193", + "refinement_interpretation_Tm_refine_5bda579c3238b7ebf3eb20990c077add", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_68be43361f6b0a2ca26d09c6001ce02c", + "refinement_interpretation_Tm_refine_68dff4c795dafa4be4a59f4e27a0979b", + "refinement_interpretation_Tm_refine_7352dbda367376c8148623c0bd9da22e", + "refinement_interpretation_Tm_refine_7421661848e7f5fd9be9fa4992b9b38e", + "refinement_interpretation_Tm_refine_75bec031b01ab239c487d25c884c71af", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7a913994e59799e1615661ef88cf6d51", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_8c58e4d37101fcc8d750f4795e54b94d", + "refinement_interpretation_Tm_refine_8f911d4d169321a588d3114e4230c4c6", + "refinement_interpretation_Tm_refine_93ed04a223f7439fa077821b29182eeb", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_98abe168e6b1ea7644d51f543a1a3c14", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a9a53e242c0f05760a112cb2a707b2ef", + "refinement_interpretation_Tm_refine_b74baabba1c88e4aadcb6d5570e9405e", + "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540", + "refinement_interpretation_Tm_refine_b8d7112f15f21bfb3f89916e51700950", + "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_bf2fa1226f2c9a0f6671df3e80ddcb8e", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c1419d1febcb2d125cd78bbe8260ab31", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c39edbde6953594c41fd1ce1133b8e6e", + "refinement_interpretation_Tm_refine_c8c3a0e3628890b2f91a193166a333a7", + "refinement_interpretation_Tm_refine_ca28d5a9fd928a4002e977c9cc61e296", + "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3", + "refinement_interpretation_Tm_refine_cfa4dd8d4f1012e862eb49b075f3d16b", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", + "refinement_interpretation_Tm_refine_d68e2a22146ea24e1807d51a848a0b8b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e672d1c32eac49ff2db7742f4921105c", + "refinement_interpretation_Tm_refine_e8d0d19737b852e0424d986f2eb513ec", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_eead4c247585281c2f0a33403df1567c", + "refinement_interpretation_Tm_refine_eff85ef0cb51f33c35f89baf7adbb28d", + "refinement_interpretation_Tm_refine_f84c8bac306d3c0d8a4e6993bcf115a1", + "refinement_interpretation_Tm_refine_f90cf9578b44d0a863a7e4e273361944", + "token_correspondence_MkSeq.create11", + "token_correspondence_MkSeq.create8", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.List.Tot.Base.length", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.createL", + "typing_FStar.Seq.Properties.seq_of_list", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.maxint", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "fa9da92f8ee21097cceca22f8b9f6c07" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 60, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "c492d6b2e6ad83823751c05d92945a6e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 61, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "a5289797dcd6f9e70dfceed6e1128fc2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 62, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "98d109c31371f5c2036a08ee6f5ca30d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 63, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "00f3e1bcbc818fee0db7304dc58c7e5f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 64, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "a26a6ac921f41ef3151cfb85a74d8b4c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 65, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "71cf19604f7b4e829d01e332d26ed356" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 66, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "5d0654d69934998950e8574df4595ba9" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 67, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "665fae4953829d05653203c1fd92e8dd" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 68, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "69027af3ac2b77704e3d8083587475ad" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 69, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "956b5de5f23b85c0bfd6baa869c64814" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 70, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "f7b8423297b61aeedf11ebd406ec5de6" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 71, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "df343cbb2995af47eaa45fd79fe9e232" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 72, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "7329b69888145c9f405de7f01ec4b7b2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 73, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "86475048498dd4cdefdfcb89b08683aa" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 74, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "1c30c144f9828dff8cdf73d7542aa9d2" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", + 75, + 0, + 1, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "cdb4eaa1745c39b152ed52ddb52c0e91" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "07c6400c658981e691fa83e3ff358b2f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad", + "MkSeq_interpretation_Tm_arrow_18d3dcbafa1048d6377074186f5f2afd", + "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab", + "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S128", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.pub_uint16", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create2", "equation_MkSeq.create3", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.pub_uint16", + "function_token_typing_MkSeq.create2", + "function_token_typing_MkSeq.create3", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "int_inversion", "int_typing", + "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u16", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_cast", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "proj_equation_FStar.Pervasives.Native.Mktuple3__1", + "proj_equation_FStar.Pervasives.Native.Mktuple3__2", + "proj_equation_FStar.Pervasives.Native.Mktuple3__3", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_95ae2ea82ad46807d92403305a4898eb", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d261778ce6a448bd4ab7bd9f494cdb2e", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f2a41cd0b7a1b87e64e4bdabfc823091", + "token_correspondence_MkSeq.create2", + "token_correspondence_MkSeq.create3", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.createL", "typing_FStar.UInt.fits", + "typing_FStar.UInt16.uint_to_t", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.maxint", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U16@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "d78f09a0066381216a7a758895ef3321" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", + 3, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "equality_tok_Lib.IntTypes.U16@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u16_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "998d393fc2c15ee47f33be6404085747" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 1, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "52b973bfc79eddc8ae65b463cb6d399c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 2, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "446d7312e8cc8c01944d7be3d97fcbaa" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 3, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "fc6ad9e1907730ea82b394700f48e511" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 4, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "1f802a541f2a01c90e259e398be8681a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 5, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "4a1760f657a98e93729bd0563ed4cd02" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 6, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "0441a48a1619435becf892e440d8b22c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 7, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "c5a96e8b5f6650820625cf419b1ba6bf" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 8, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "67bf4f9583bac88d1a62a9c508114ed4" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 9, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "52cb516ccccceacb75d1a5a84b18227f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 10, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "280ebf4e9f500835ca557addc750e35c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 11, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "453ecb570b15669d13db2160af6b5581" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 12, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "df1baaaa1772c72a73823fd8c6ab16bd" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 13, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "f5b45de0f3fe478d89c83b331978ab11" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 14, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "4ce2b52003ea1fe3b3ce6420011c0e42" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 15, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "5021b47ce24222081a5dd7bb4dc6cdd3" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 16, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "88348da34cfe864252b55330714b46e1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 17, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "144024f48e81d61d66daf8e4df4cf218" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 18, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_234bcc9a10d7cb32aa417591eceec75c", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "af3815557e96a079e41bf0bc547f4ba5" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 19, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "dfd9596e8087ee1bedb43912014a304a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 20, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "627d3fd5f318be2defcd053f6d87e31d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 21, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits" + ], + 0, + "722715257eeeb473ad73b076b69e0eb1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 22, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits" + ], + 0, + "159eda153ec0be5b2c76cb03cb6e808c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 23, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_c027c94faca3e6aa9b762b564f7f938f", + "refinement_interpretation_Tm_refine_f44d89e9d4f94f0509c6991fee3340e0", + "refinement_interpretation_Tm_refine_fd0534dae74a1a03c82c48538de4b46a" + ], + 0, + "c117c98c012960d261b496269e6422d5" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 24, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "d573bd4b7f552353f56070cb1c98353d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 25, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "b3a5a4b256f2da46e4cb6aa80b30ad63" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 26, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "ece99d7482db9f3e4c24cda6b4017d95" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 27, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "7bada0b02d0c088e1b66d2aebbd49254" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 28, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "4c5777f0892df9fae42aeae7ed61716c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 29, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "462c1dcf39c0644c1f180bf29dfacdf7" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 30, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "baf2f39b616726cae80a6c7ed1938850" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 31, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "6ad89a5f220a49132487388a6bcedecb" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 32, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "613a093888cfb85e06c8614b10de961c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 33, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "64d245b187c94ed8f11b3a86cb7be07a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 34, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "0069009ef5bec3ee6b9a878579dd7bb4" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 35, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "512abe4d330faf163e5a520d0dc564a0" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 36, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "474bb9e591027b56836db9f3d9b0a37a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 37, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "f24c644905e9f2fa8255ece1e6ab69d1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 38, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" + ], + 0, + "0a5734d9b96e52ef5798160eb9188cd1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 39, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" + ], + 0, + "d4eb1404eb29eda9b08938446f08d942" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 40, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "c201ae958331d21e7abbb787cbd2c525" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 41, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_Rust_primitives.Integers.u8_inttype", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" + ], + 0, + "d0a4ff4d8ba89e2953ac700d70ca9c45" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 42, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" + ], + 0, + "9ad5916590aea72e08b669dd67af8354" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 43, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" + ], + 0, + "5987585ecf0e13aa852945cafc7601d7" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 44, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" + ], + 0, + "c0948f9533e5098ca51c917c75c6466e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 45, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" + ], + 0, + "d0c6206e7cf00aff98e9ffef9fb5c13e" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 46, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", + "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S128", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create5", "equation_MkSeq.create8", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create5", + "function_token_typing_MkSeq.create8", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple5__1", + "proj_equation_FStar.Pervasives.Native.Mktuple5__2", + "proj_equation_FStar.Pervasives.Native.Mktuple5__3", + "proj_equation_FStar.Pervasives.Native.Mktuple5__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__1", + "proj_equation_FStar.Pervasives.Native.Mktuple8__2", + "proj_equation_FStar.Pervasives.Native.Mktuple8__3", + "proj_equation_FStar.Pervasives.Native.Mktuple8__4", + "proj_equation_FStar.Pervasives.Native.Mktuple8__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__6", + "proj_equation_FStar.Pervasives.Native.Mktuple8__7", + "proj_equation_FStar.Pervasives.Native.Mktuple8__8", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_1c5286c19e2dc27f1052618432c91d6f", + "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf", + "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", + "refinement_interpretation_Tm_refine_348668412ebc92437d7b3fa54735669f", + "refinement_interpretation_Tm_refine_3b0be6161aa0b8361211259755e1b0e5", + "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce", + "refinement_interpretation_Tm_refine_3eead44499bc1a4bab90ea31986676a8", + "refinement_interpretation_Tm_refine_3f47fed31b82f7b9f75dcaf2b6fd8a55", + "refinement_interpretation_Tm_refine_419b1775f24baeb387c2580680f5fe32", + "refinement_interpretation_Tm_refine_43032d78c0d9c973ee6a4ea3963d6299", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_442733b909b4d11ce4c302b61b2687f8", + "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5697d84f7e5e0182931e383618a74f6e", + "refinement_interpretation_Tm_refine_5d44e3b791fe42a6e4d913e9542239a6", + "refinement_interpretation_Tm_refine_64da8703f211c27b5b839c9c65a06528", + "refinement_interpretation_Tm_refine_68e1e46e0e116ebf5002462ac104cf13", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_79314ab28fd88623b79ef1586e2f0688", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", + "refinement_interpretation_Tm_refine_8c5faf5840ea46a99052f40aefb1fddd", + "refinement_interpretation_Tm_refine_91819617799f2903fcac830eb1ef53e4", + "refinement_interpretation_Tm_refine_961e3d723da2b58b1e5fbbc454f0a5bf", + "refinement_interpretation_Tm_refine_96d0dc8f1882a138d9d650b7dcb144ac", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a7aa442ae6c1efd66b84e4a98d8721be", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_b1d2336dddeb9ed84f4f895e9c330916", + "refinement_interpretation_Tm_refine_b2c2cdf4bbe4aa35b2034872d779f3d2", + "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_bf2fa1226f2c9a0f6671df3e80ddcb8e", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c12fc4a64d0fd6897144bd1bac678a85", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3", + "refinement_interpretation_Tm_refine_d0dc508d17665f6bbe9cb605f6b0691c", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1", + "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a", + "token_correspondence_MkSeq.create5", + "token_correspondence_MkSeq.create8", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits", + "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "9385f935190c8921366ace1e11095054" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 47, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "084814e97504e5bd498e71acbce5c8ef" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 48, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "446d7312e8cc8c01944d7be3d97fcbaa" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 49, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "fc6ad9e1907730ea82b394700f48e511" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 50, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "1f802a541f2a01c90e259e398be8681a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 51, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "4a1760f657a98e93729bd0563ed4cd02" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 52, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "0441a48a1619435becf892e440d8b22c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 53, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "c5a96e8b5f6650820625cf419b1ba6bf" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 54, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "67bf4f9583bac88d1a62a9c508114ed4" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 55, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "52cb516ccccceacb75d1a5a84b18227f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 56, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "280ebf4e9f500835ca557addc750e35c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 57, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "453ecb570b15669d13db2160af6b5581" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 58, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "df1baaaa1772c72a73823fd8c6ab16bd" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 59, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "f5b45de0f3fe478d89c83b331978ab11" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 60, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "4ce2b52003ea1fe3b3ce6420011c0e42" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 61, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "5021b47ce24222081a5dd7bb4dc6cdd3" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", + 62, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.u8_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "88348da34cfe864252b55330714b46e1" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "51d40142d07f439e8576a7fcf01080c3" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", + "MkSeq_interpretation_Tm_arrow_5765cf80a31e12b6cf9294aa374986ee", + "MkSeq_interpretation_Tm_arrow_699c8dd73beae55d251f2f1ab7800f43", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", + "data_typing_intro_FStar.Pervasives.Native.Mktuple4@tok", + "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Seq.Properties.createL", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create4", "equation_MkSeq.create5", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_MkSeq.create4", + "function_token_typing_MkSeq.create5", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_a9b198e31fde8a384087b8239a5e2e08", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple4__1", + "proj_equation_FStar.Pervasives.Native.Mktuple4__2", + "proj_equation_FStar.Pervasives.Native.Mktuple4__3", + "proj_equation_FStar.Pervasives.Native.Mktuple4__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__1", + "proj_equation_FStar.Pervasives.Native.Mktuple5__2", + "proj_equation_FStar.Pervasives.Native.Mktuple5__3", + "proj_equation_FStar.Pervasives.Native.Mktuple5__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__5", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a", + "refinement_interpretation_Tm_refine_fc12799aca7afdfe7dbfd8172fc58a83", + "token_correspondence_MkSeq.create4", + "token_correspondence_MkSeq.create5", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", + "typing_FStar.Int32.v", "typing_FStar.List.Tot.Base.length", + "typing_FStar.Seq.Properties.createL", + "typing_FStar.Seq.Properties.seq_of_list", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "221b9a1b47741f1fe888534cea46bd89" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", + 3, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "885a6fc5875832b40ed79d451bb1af84" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "5f29e93dc4ec00b3bb239d111aa80709" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463", + "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad", + "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", + "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple11@tok", + "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create11", "equation_MkSeq.create8", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_MkSeq.create11", + "function_token_typing_MkSeq.create8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", + "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple11__1", + "proj_equation_FStar.Pervasives.Native.Mktuple11__10", + "proj_equation_FStar.Pervasives.Native.Mktuple11__11", + "proj_equation_FStar.Pervasives.Native.Mktuple11__2", + "proj_equation_FStar.Pervasives.Native.Mktuple11__3", + "proj_equation_FStar.Pervasives.Native.Mktuple11__4", + "proj_equation_FStar.Pervasives.Native.Mktuple11__5", + "proj_equation_FStar.Pervasives.Native.Mktuple11__6", + "proj_equation_FStar.Pervasives.Native.Mktuple11__7", + "proj_equation_FStar.Pervasives.Native.Mktuple11__8", + "proj_equation_FStar.Pervasives.Native.Mktuple11__9", + "proj_equation_FStar.Pervasives.Native.Mktuple8__1", + "proj_equation_FStar.Pervasives.Native.Mktuple8__2", + "proj_equation_FStar.Pervasives.Native.Mktuple8__3", + "proj_equation_FStar.Pervasives.Native.Mktuple8__4", + "proj_equation_FStar.Pervasives.Native.Mktuple8__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__6", + "proj_equation_FStar.Pervasives.Native.Mktuple8__7", + "proj_equation_FStar.Pervasives.Native.Mktuple8__8", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__10", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__11", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__8", + "projection_inverse_FStar.Pervasives.Native.Mktuple11__9", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a", + "token_correspondence_MkSeq.create11", + "token_correspondence_MkSeq.create8", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", + "typing_FStar.Int32.v", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "7a66edfa7856c9a6282650140f97b69d" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", + 3, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "68ae81843e612be67486ac36a2f57f90" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "87ed87e0d10a58d94b0d5d1158a7ea90" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Sealed_interpretation_Tm_arrow_6980332764c4493a7b0df5c02f7aefbe", + "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad", + "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778", + "MkSeq_interpretation_Tm_arrow_a8cce9f06a7eff5740f6bae57e839f6b", + "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives_interpretation_Tm_arrow_f41a2414a22e10a5d3d0356941703414", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S128", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create1", "equation_MkSeq.create2", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create1", + "function_token_typing_MkSeq.create2", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442", + "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_cast", + "lemma_Rust_primitives.Integers.get_bit_cast_extend", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf", + "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c", + "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce", + "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "token_correspondence_MkSeq.create1", + "token_correspondence_MkSeq.create2", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Properties.createL", + "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Rust_primitives.cast_tc_integers", + "typing_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "0a3c63b74947472d26d4083ffea2dc4f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "96eee3c7139034bb3d8355544a3a2585" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", + "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_a1bbe86a3e470c2690a3539565e2b2c3", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", + "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok", + "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", + "equation_MkSeq.create5", "equation_MkSeq.create8", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_MkSeq.create5", + "function_token_typing_MkSeq.create8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.Integers.i32", + "int_inversion", "int_typing", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple5__1", + "proj_equation_FStar.Pervasives.Native.Mktuple5__2", + "proj_equation_FStar.Pervasives.Native.Mktuple5__3", + "proj_equation_FStar.Pervasives.Native.Mktuple5__4", + "proj_equation_FStar.Pervasives.Native.Mktuple5__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__1", + "proj_equation_FStar.Pervasives.Native.Mktuple8__2", + "proj_equation_FStar.Pervasives.Native.Mktuple8__3", + "proj_equation_FStar.Pervasives.Native.Mktuple8__4", + "proj_equation_FStar.Pervasives.Native.Mktuple8__5", + "proj_equation_FStar.Pervasives.Native.Mktuple8__6", + "proj_equation_FStar.Pervasives.Native.Mktuple8__7", + "proj_equation_FStar.Pervasives.Native.Mktuple8__8", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a", + "token_correspondence_MkSeq.create5", + "token_correspondence_MkSeq.create8", + "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", + "typing_FStar.List.Tot.Base.length", + "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "6c2b294b8c0b8534ee3eba67a5b63b81" + ], + [ + "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", + 3, + 0, + 0, + [ + "@query", "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.S32@tok", "equation_Lib.IntTypes.bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32_inttype", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "601cbaa0373ea53a343c9249a58622f6" + ], + [ + "Libcrux.Kem.Kyber.Serialize.cast_bound_lemma", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.U128", + "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_inversion", + "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8340312299787f1426d65a26131694de", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "99a03821b3230bd8dd7b9fff0d306791" + ], + [ + "Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S128@tok", + "equality_tok_Lib.IntTypes.S16@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.S64@tok", "equation_FStar.Int.max_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_inversion", + "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values", + "lemma_Lib.IntTypes.pow2_127", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_Libcrux.Kem.Kyber.Serialize.cast_bound_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_60372b853747ce4c889f09ce5240e994", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S128@tok", + "typing_tok_Lib.IntTypes.S16@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.S64@tok" + ], + 0, + "155936050b509b23a09e1c4c15fa509a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.mul_in_range", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", "int_typing", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "8f677cbc1f01f0003f7bc1ca14921a2b" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_10_", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create5", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create5", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", + "lemma_Lib.IntTypes.pow2_3", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple4__2", + "proj_equation_FStar.Pervasives.Native.Mktuple4__3", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple4__3", + "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", + "refinement_interpretation_Tm_refine_27acc9d57c8d8f1b3a3d6ee8bf68b1bf", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a21ea137a8463fd90e99d77530c868a2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c6f3d3a7a9f98f04b8cf196af2b784ef", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_MkSeq.create5", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Hax.repeat", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "3fdf216402dcdce67256071ae28d2711" + ], + [ + "Libcrux.Kem.Kyber.Serialize.update5", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_1208e4787dbcaf7b5fcbd5e4330ccd11", + "refinement_interpretation_Tm_refine_331c14d442c5ee89a4fce6ea305c920f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8d3b5d45dd5cf77d77cdd888d9ced785", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "1752cb61e2e0986f5af017ce06787085" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", + 1, + 0, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_pretyping_7efa52b424e80c83ad68a652aa3561e4", + "MkSeq_interpretation_Tm_arrow_717aefd263af03778bf5280255ca3463", + "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "data_elim_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create11", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create11", "int_typing", + "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "proj_equation_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_70d312c8ec0b8643a1f0f5f003ab915a", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_MkSeq.create11", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.Int.fits", "typing_FStar.Seq.Base.length", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "1f6f85aaec220b06e233738d964451e5" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", + 2, + 0, + 1, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" + ], + 0, + "31ce21135ab2edb9ee445b7e6e2c50dc" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", + 3, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "MkSeq_interpretation_Tm_arrow_7693d425f96a86b3e8b38c2b733466ad", + "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_MkSeq.create11", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "interpretation_Tm_abs_6f1366ec70f1fe6744a49f18394a6936", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_0dad9f14443cac3d119e26b37bea27c8", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_0f6e6287f7056ebec0f4b190ee6aee48", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_70d312c8ec0b8643a1f0f5f003ab915a", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_ba3ae1397b04de427236e18542bae86d", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bb900e70c3cf1979f4313dcf06d0580a", + "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a", + "token_correspondence_MkSeq.create11", "typing_Lib.IntTypes.v", + "typing_MkSeq.create11", "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "09a18aa198c0b62e23f0aefd7a1959bc" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_4_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "int_typing", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", + "lemma_Lib.IntTypes.pow2_3", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_04b5775e62c58662499b2b2ec84e8eaa", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_acc8361adfd7a8e7e62d32502083a849", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Prims.pow2.fuel_instrumented", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.Int.fits", "typing_FStar.UInt.fits", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "e814bc321feef6247eb6575cfcfde913" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "int_typing", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", + "lemma_Libcrux.Kem.Kyber.Serialize.cast_bound_lemma", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Rust_primitives.Mkunsize_tc_output", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ba559583f03418e2290fb59e93afccb0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "token_correspondence_Rust_primitives.unsize", + "typing_FStar.Int.fits", "typing_FStar.Seq.Base.length", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "e3249211adbff29ad190845e486dab32" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", + 2, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" + ], + 0, + "b29f9ac62b7bd138d23552aac22a9db6" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MkSeq_interpretation_Tm_arrow_e442f892c16c57046d950f2b719665a5", + "bool_inversion", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_MkSeq.create5", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_0dad9f14443cac3d119e26b37bea27c8", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_17842b692fc36ec40a803769d235f928", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_8165a1265edb39cf86f751ce4c9cff51", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", + "refinement_interpretation_Tm_refine_ba559583f03418e2290fb59e93afccb0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_cba05f24e5883cf8687838e7bf74655a", + "refinement_interpretation_Tm_refine_db55e97d0480135110368473524eef5f", + "token_correspondence_MkSeq.create5", "typing_Lib.IntTypes.v", + "typing_MkSeq.create5", "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "224dea91b5286fd975f28ee53eb679e0" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "818d97bf3d408fd09cf128f7b0c6e163" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Spec.Kyber.field_element", + "equation_Spec.Kyber.v_FIELD_MODULUS", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "int_typing", "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_0fcd7f44f1dcbccd19bd6e593cf1ac0f", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59d416e7476fb7105d7fb8177838e036", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_ae469914d5988438c11021add0845e82", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.to_spec_fe", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "1725db50f18ae0e771c42fbecd244a5b" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.max_int", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_inversion", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.UInt32.uv_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_66a922cd7d39fe76a3ef56268cd7c086", + "refinement_interpretation_Tm_refine_6dd2f55c8872fb0160e8109d9e59245f", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok" + ], + 0, + "c32ff4cb3475ad5d38609b2e9b6e4709" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "e703beef9811acdc353f61eaf05a9fac" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.u32_inttype", + "equation_Rust_primitives.Integers.u64_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params", + "int_inversion", "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt64.uv_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_66a922cd7d39fe76a3ef56268cd7c086", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_920ec30579342d4ea166ddfb1de07e1d", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.u32_inttype", + "typing_Rust_primitives.Integers.u64_inttype", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "76a14d58a6dadc65f384be3b3c71bb69" + ], + [ + "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Spec.Kyber.valid_params" + ], + 0, + "c81f33d6493d7fa0e3d01a83be5a8514" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Pervasives.Native.fst", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_inversion", + "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6a572f238903178c35ad6eada2dbaf3", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993", + "token_correspondence_Rust_primitives.cast", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "8d41f34ae0f39a64c71647f3e0e80380" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", + 2, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" + ], + 0, + "43fd59a3f3c8ef2d71531cb9295a94e9" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.lt", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8e275cfa492c73f52b5f32fd4e8a7155", + "refinement_interpretation_Tm_refine_a6a572f238903178c35ad6eada2dbaf3", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b77e896f5c637b09a41ab629a923186d", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "106fc905e106035482ee0050ce6241a8" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_0668f3e468d1f693fc2b86558447fb99", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e845cca53ad19c4347b13715739da90e", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "e2122d99fb9d4d7883a1ad1cae425730" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", + 2, + 0, + 0, + [ + "@query", "b2t_def", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "c4f3d63ec9c412ad54b217165a20beac" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.v", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_0668f3e468d1f693fc2b86558447fb99", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_87f064b0f53d2badbd3cb9c5985c4c46", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b38b8a86dd143130555f373754659a27", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_d8836626372248741cc7d6582bd93782", + "refinement_interpretation_Tm_refine_e845cca53ad19c4347b13715739da90e", + "refinement_interpretation_Tm_refine_ebd4fd466e5ab18d8fff88f813473279", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v" + ], + 0, + "9dfcfc5f6fa0208149695637780dd624" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad", + "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778", + "MkSeq_interpretation_Tm_arrow_a8cce9f06a7eff5740f6bae57e839f6b", + "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple2@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create1", "equation_MkSeq.create2", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create1", + "function_token_typing_MkSeq.create2", + "function_token_typing_Rust_primitives.Integers.i32", "int_typing", + "interpretation_Tm_abs_7e380eba0c9ae2d800a389eb46d8c442", + "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_16da91e8e8e81b1e3e5f34f47ddac61a", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c", + "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "token_correspondence_MkSeq.create1", + "token_correspondence_MkSeq.create2", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.i32_inttype", + "typing_Rust_primitives.Integers.int_t", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "2fba305405821f55d14f204b50d375e3" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", + 2, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" + ], + 0, + "07ef8fe3c1b68bf391c06ff0672563cb" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create1", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_16da91e8e8e81b1e3e5f34f47ddac61a", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c3df9cc460905cf277bb991d449b4987", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "token_correspondence_MkSeq.create1", "typing_Lib.IntTypes.bits", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_MkSeq.create1", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "f48465accb0f4f9ceb2bb3d265d0a441" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", + "MkSeq_interpretation_Tm_arrow_f1a046d707407a6beea1d709dbd892ee", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Core.Ops.Index.f_index", + "equation_Core.Ops.op_String_Access", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create8", "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Hax.impl__index", + "equation_Rust_primitives.Hax.repeat", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create8", + "function_token_typing_Rust_primitives.Integers.i32", "int_typing", + "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", + "interpretation_Tm_abs_728d89c88efb5ca300c33d72c2fc2b54", + "interpretation_Tm_abs_efab849ed2b09d0ecb6a8d3f4d35f6d2", + "lemma_FStar.Int32.vu_inv", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Ops.Index.Mkt_Index_f_index", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__3", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__4", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__5", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__6", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__7", + "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_6fa91d9f8fc6f73328383ba63335eaa3", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b576f09784d790ce06644f00d7b5f1a4", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_ccb6abb297b6c79c39e84f08226dd6c3", + "refinement_interpretation_Tm_refine_e6ef524d6a5a77dc89b1adad6b429993", + "token_correspondence_Core.Ops.Index.f_index", + "token_correspondence_Core.Ops.op_String_Access", + "token_correspondence_MkSeq.create8", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Hax.repeat", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.sz", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "e822df9fd1ad830e9ffa3055cc688efc" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", + 2, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" + ], + 0, + "87ece57d77b6da3208f2247db54e5779" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equality_tok_Lib.IntTypes.U8@tok", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", "int_typing", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_6fa91d9f8fc6f73328383ba63335eaa3", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "641fd8c08de171a75e6bf53665f28c02" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "32438b27032fc32f21da2091da9effd7" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S128", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_Core.Iter.Traits.Collect.f_into_iter", + "equation_Core.Ops.Range.iterator_range", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.op_At_Percent", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.signed", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.u8_inttype", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "equation_Spec.Kyber.v_H_DIGEST_SIZE", + "equation_Spec.Kyber.v_SHARED_SECRET_SIZE", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.Integers.usize", "int_typing", + "interpretation_Tm_abs_29c790849abcf444c15b4351363d1b40", + "interpretation_Tm_abs_412e363c41d2c7d31f96c2685c7138f2", + "interpretation_Tm_abs_4da4c2420140680c2bf4358d0bc52b3f", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "l_and-interp", "lemma_FStar.Int32.uv_inv", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.v_injective", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_cast", + "lemma_Rust_primitives.Integers.get_bit_cast_extend", + "lemma_Rust_primitives.Integers.get_bit_shr", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_Item", + "proj_equation_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "proj_equation_Core.Ops.Range.Mkt_Range_f_end", + "proj_equation_FStar.Pervasives.Native.Some_v", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Core.Iter.Traits.Collect.Mkinto_iterator_f_into_iter", + "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_Item", + "projection_inverse_Core.Iter.Traits.Iterator.Mkiterator_f_contains", + "projection_inverse_Core.Ops.Range.Mkt_Range_f_end", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf", + "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_c91a99623b4591027aaae7c7b521689f", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "token_correspondence_Core.Iter.Traits.Collect.f_into_iter", + "token_correspondence_Core.Iter.Traits.Iterator.__proj__Mkiterator__item__f_contains", + "token_correspondence_Rust_primitives.cast", + "typing_Core.Ops.Range.__proj__Mkt_Range__item__f_end", + "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt8.uint_to_t", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_Spec.Kyber.v_SHARED_SECRET_SIZE", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "850ecf58d5ade6e792d9cf6aef6c5801" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "ac748a49088a02009f12bdf35321f63a" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.v", + "equation_Prims.eqtype", "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_a71ec81f8cb1ec50e94cecd44b6a58a4", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", + "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok" + ], + 0, + "9fc31f1c043dbc4652a44433648ce7a4" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", "int_inversion", + "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a71ec81f8cb1ec50e94cecd44b6a58a4", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.modulus", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok" + ], + 0, + "62781d162a5749b378f968a4721ff35f" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S32", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.v", "equation_Spec.Kyber.params", + "equation_Spec.Kyber.valid_params", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c12594a31c8f7ec35f591fccbb966570", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "typing_FStar.Seq.Base.length", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Spec.Kyber.valid_params" + ], + 0, + "4d3841f0cf8981ec4ddd49b522bba049" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.size", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.modulus", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u32", + "equation_Rust_primitives.Integers.u32_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Rust_primitives.Integers.u8", "int_inversion", + "int_typing", + "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_4c253f027b5d09b5555e1c4f903eeb5c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_74b76b07e89ce2e377ee1865b2d2972c", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int32.v", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Arrays.length", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE", + "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", + "typing_tok_Lib.IntTypes.U64@tok" + ], + 0, + "46a106c1a93958fd21b6bebbc7d8424c" + ], + [ + "Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Arrays.t_Slice", + "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bit", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.cast", + "equation_Rust_primitives.cast_tc_integers", + "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Prims.__cache_version_number__", "int_typing", + "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", + "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", + "lemma_Lib.IntTypes.pow2_4", + "lemma_Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", + "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", + "lemma_Rust_primitives.Integers.get_bit_and", + "lemma_Rust_primitives.Integers.get_bit_or", + "lemma_Rust_primitives.Integers.get_bit_shl", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Some_v", + "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", + "projection_inverse_Rust_primitives.Mkcast_tc_cast", + "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", + "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_e7f63df644568e6d209d985baf736b12", + "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", + "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", + "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", + "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.get_bit", + "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", + "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "736f39d312d43176f9da219e7f1fe1f0" + ], + [ + "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", + "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.unsigned", + "lemma_Rust_primitives.Integers.pow2_values", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype" + ], + 0, + "063344f3fb9bd0b31759a1aa4cf5d070" + ], + [ + "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_18d3dcbafa1048d6377074186f5f2afd", + "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U16@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", + "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", + "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.UInt.min_int", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", + "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", + "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "equation_MkSeq.create3", "equation_Prims.nat", + "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.add", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.max_usize", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.mul", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u16", + "equation_Rust_primitives.Integers.u16_inttype", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.array_to_slice_unsize", + "equation_Rust_primitives.unsize", + "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_MkSeq.create3", "int_typing", + "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7", + "interpretation_Tm_abs_94963984a705f03fe78dd8ccd37a8094", + "interpretation_Tm_abs_f5770e15f23008f76908f7a623d8cb34", + "lemma_FStar.Int32.vu_inv", + "lemma_Rust_primitives.Integers.mk_int_v_lemma", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_Rust_primitives.Mkunsize_tc_unsize", + "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298", + "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_9646800d9b76afb2dc402d323458a8c8", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "token_correspondence_MkSeq.create3", + "token_correspondence_Rust_primitives.unsize", + "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.minint", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "6d1b2464bcc6c973fb6af194879461dc" + ], + [ + "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", + 3, + 0, + 0, + [ + "@query", "b2t_def", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "e3bc8f6af0c4adb20cdb6ef4b11ee9a0" + ], + [ + "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", + 4, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MkSeq_interpretation_Tm_arrow_c2fe76a834cdd44d7fa52cb0da696f35", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.S32@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_MkSeq.create3", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.int_t", + "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", + "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.range", + "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.sz", + "equation_Rust_primitives.Integers.u8", + "equation_Rust_primitives.Integers.unsigned", + "equation_Rust_primitives.Integers.usize", + "equation_Rust_primitives.Integers.v", + "function_token_typing_Lib.IntTypes.byte_t", + "interpretation_Tm_abs_24b32bebd3485ad76e228d3f32e635f7", + "lemma_Rust_primitives.Integers.pow2_values", + "lemma_Rust_primitives.Integers.v_mk_int_lemma", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_045feaff96c939e73ccd5d7de8e4a488", + "refinement_interpretation_Tm_refine_076b73e195751dd168bd1aca2fcea6bb", + "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", + "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298", + "refinement_interpretation_Tm_refine_102e3e2ffae46eb544d4497226c91fb5", + "refinement_interpretation_Tm_refine_3ba9bbe88a78f6325f92e4596392dc5e", + "refinement_interpretation_Tm_refine_4bb8998fe69acc99b21e814adae749a3", + "refinement_interpretation_Tm_refine_52f6eb74a0664d049be954954738272f", + "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9646800d9b76afb2dc402d323458a8c8", + "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_cd6187432a2b3066b26cf79527654433", + "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", + "refinement_interpretation_Tm_refine_e9fd75cceaaeb3c4516e200cfb4bee15", + "refinement_interpretation_Tm_refine_f2993b0cbeef1e5b93834b9e179274f9", + "refinement_interpretation_Tm_refine_f805a828f315b5406827bf9bbde964c1", + "token_correspondence_MkSeq.create3", "typing_MkSeq.create3", + "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.range", + "typing_Rust_primitives.Integers.unsigned", + "typing_Rust_primitives.Integers.usize_inttype", + "typing_Rust_primitives.Integers.v", + "typing_tok_Lib.IntTypes.S32@tok" + ], + 0, + "94e56e7f1aaf31e97952a25f9fe06265" + ] + ] +] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints index f5f8028b9..8ac088452 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fsti.hints @@ -1,5 +1,5 @@ [ - "a1xQK\u0000\rP", + "@N\fnt'ٔt\u0012", [ [ "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", @@ -11,7 +11,7 @@ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a" ], 0, - "c249ce5f9116890fd5c7f67727c7e612" + "d37f1b91938dcc83207fea4586c1b804" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6479ea2eaf119051597c837c3b31d23f" + "07b897a3afdf5881d7d4b8f7bb024129" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -126,7 +126,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6d4470058fedaf2b45ef6f9b30f6218f" + "99747a419730ed6a01245be128ddba4b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -187,7 +187,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "944d0ac0b26757a392daef8c36343c1c" + "ec1f79b3f808356b8b3b9adea355240c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -230,7 +230,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "97fc10c48e2418386e47e29bad58e140" + "ddd843b97ed6a5acffad25a21b59154e" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -288,7 +288,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "c5ccbab40ceab823d45b175610c2c3f3" + "9812e7837f522cea2551f0801b5fc81b" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -344,7 +344,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9bb76f1ef21f2aab38cf69c6d0d15907" + "3c6cfde5c3cb9aaac497ceceb1b61b98" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", @@ -403,7 +403,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ed3b110348db5c0d63900b9abb49b48d" + "3a00f4436666ab08816939aad86cebdd" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -459,7 +459,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9f74c804563c9d62a55e7167c8d66f95" + "6665c8ddce250f88a188614c69dc5cc1" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", @@ -500,7 +500,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "09965c85ef0552512e5c9641441b993d" + "2023d91571e343d57e3e5276b2eacb32" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -566,7 +566,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3f88456a0d60ad9cf426fb2c56813013" + "07b879f1a1a15c90057d3b43c928ccfc" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -627,7 +627,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f14cc099f99511b7d53c765f23013438" + "52395aeb38bad494d10da691f4d775c9" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", @@ -674,7 +674,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "d8ad616a33fbcc6b2f4a3681ed02b463" + "98b2bb1e6dd73dc26db1d264a1ebf2c4" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", @@ -713,7 +713,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1eb7ffbbde350a2534b92aef09aa20df" + "a2e5be173f2218e91a1e2f49c94290fa" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -751,7 +751,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b12bee38de5e8f345d325272829e5263" + "f3e5444cf6a53e3b80dba1283161387b" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.fst.hints index 922f9b774..035fb3c36 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.fst.hints @@ -39,7 +39,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "f940a4d46140a3508e076e7234fd8c3e" + "f36e3314fc244f77058226b1fd02ef30" ], [ "Libcrux.Kem.Kyber.v_KEY_GENERATION_SEED_SIZE", @@ -101,7 +101,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b995078b7b0383b1e3e8364a6f115ebf" + "160781a78ce790751078474c60996a7a" ], [ "Libcrux.Kem.Kyber.update_at_range_lemma", @@ -173,7 +173,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3b3b4031ae84b16d19b815b0298d8438" + "bda9bba42672276bec57091da7362549" ], [ "Libcrux.Kem.Kyber.serialize_kem_secret_key", @@ -319,7 +319,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "cf6ad519de77e252da8e465e35e21812" + "6d9d7464af87161b8b16295bb1e81595" ], [ "Libcrux.Kem.Kyber.decapsulate", @@ -373,7 +373,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "de920378fdddbc16352d0c5a87774763" + "6664c1bcb319945e621c6ab65e30d68d" ], [ "Libcrux.Kem.Kyber.decapsulate", @@ -560,7 +560,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "885e08085a7384e18a210ab839f6c2ea" + "ceff06bd1a3ceb3d1d453ecb5818780d" ], [ "Libcrux.Kem.Kyber.encapsulate", @@ -607,7 +607,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "3b8a00e0a9349c85d9e0d5046f42126f" + "f06377be405612aeb311b2fa8ad06496" ], [ "Libcrux.Kem.Kyber.encapsulate", @@ -769,7 +769,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b0699b8b5e5c110cd6d8ff792f8a32fb" + "0a5d218602186881821963446c8e440b" ], [ "Libcrux.Kem.Kyber.encapsulate", @@ -931,7 +931,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7f993d6b73b742ee6c140a17d9a46c97" + "29d1565c489cd165d3c838c52a5b73c5" ], [ "Libcrux.Kem.Kyber.generate_keypair", @@ -979,7 +979,7 @@ "typing_Spec.Kyber.v_KEY_GENERATION_SEED_SIZE" ], 0, - "077f93cb92362e6cf0950f72f8e749dd" + "785aa719008d43180fb647bc217ca7de" ], [ "Libcrux.Kem.Kyber.generate_keypair", @@ -1301,7 +1301,7 @@ "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7d521371edbea2037515bc6e2f6f9164" + "75c616a8e0dc1b005dd941d89e97ff62" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/.hints/MkSeq.fst.hints b/proofs/fstar/extraction-edited/.hints/MkSeq.fst.hints index ef57842c2..24eb90f37 100644 --- a/proofs/fstar/extraction-edited/.hints/MkSeq.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/MkSeq.fst.hints @@ -19,7 +19,7 @@ "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d" ], 0, - "09a0efae5bba05707470bea055f4de88" + "0c5da937fc134f61bdfae2b04e559df4" ], [ "MkSeq.create_gen_tac", @@ -47,7 +47,7 @@ "projection_inverse_FStar.Stubs.Tactics.Result.Success_v" ], 0, - "2420ac676666532c68469a122788f25a" + "e9c02c92c6bd2a43e7703223763bb5f6" ], [ "MkSeq.34841", @@ -61,7 +61,7 @@ "refinement_interpretation_Tm_refine_84e0a185004ae7041a2a188c5530a17d" ], 0, - "933230f5dc1b52b2b19dca636913442e" + "d9536a7c38a701c8a690e078cd7ce4cf" ], [ "MkSeq.create1", @@ -114,7 +114,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "4f5d3263cc9515a87d970a5e93a3fe89" + "ac143db25c027944900bd63f31233a95" ], [ "MkSeq.create2", @@ -174,7 +174,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "67e48382b0cf2112ab8aa4dd22c6f10b" + "7594847009377403b3dccbd476c6c7cb" ], [ "MkSeq.create3", @@ -234,7 +234,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "b46543a31110b9f24d2922fc59897163" + "54f7fa56f3a91e5891565dc650f62b8a" ], [ "MkSeq.create4", @@ -291,7 +291,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ef1ae03bb5b13c8b6a9d946a3b5d1de9" + "ee6b6cf8d97907a205326b59946f60a5" ], [ "MkSeq.create5", @@ -351,7 +351,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "86c5fa90a17d69fa86397ce414e65f7f" + "53be4faa2d759536e006bb4ea8c47663" ], [ "MkSeq.create6", @@ -411,7 +411,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "737a61e0d1f1612cbcd1d280f2fc68b7" + "aead575a45f5148e39dc23c0d730e678" ], [ "MkSeq.create7", @@ -473,7 +473,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "62736b4dce27f64c4e03505efe658561" + "0faee6aa37bf74fb255ef88480f4c1f7" ], [ "MkSeq.create8", @@ -533,7 +533,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "2820886c350527c8b5993da0687aec9c" + "bc47a04695851e595cbb3ec76ca1790f" ], [ "MkSeq.create9", @@ -593,7 +593,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "569f488d52da8c8e56bf8352c1019270" + "6e973c17e425cdeee691f9aec6fa3608" ], [ "MkSeq.create10", @@ -653,7 +653,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "db43d6240c9df650f6877e61fdf5ba10" + "e1abd36b23fa05cecdbfd6d1f57fc5d9" ], [ "MkSeq.create11", @@ -713,7 +713,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d991c16a616b5bc6c9098adf9a16325c" + "de4393f27f31777aff88d80f478493be" ], [ "MkSeq.create12", @@ -773,7 +773,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0bbc45ee9145f6f7e5d3c4c1a0762a2e" + "e5a9f4ae25a1b739f0d4dad3f5626ad5" ], [ "MkSeq.create13", @@ -833,7 +833,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "85c11de6a721f84fcb487cfe525be441" + "4d4aff1ad81d12be488a10514b06da35" ] ] ] \ No newline at end of file From b823a72d96619156e3a36d4d95d127f8a0a3b6dc Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 1 Feb 2024 09:29:37 +0100 Subject: [PATCH 16/19] bump rlimits, hints --- .../Libcrux.Kem.Kyber.Serialize.fst.hints | 782 +++++++++--------- .../Libcrux.Kem.Kyber.Serialize.fst | 17 +- 2 files changed, 393 insertions(+), 406 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints index df552fe88..bac4aa6b5 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints @@ -1,5 +1,5 @@ [ - "\\\u001cY]YUzUM;", + "諾V*\u000e0ny", [ [ "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", @@ -11,7 +11,7 @@ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a" ], 0, - "244835a4702d2db3ee2e98b2d018e4af" + "01c27a37f4c8023217d7af9fd97b634c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ee5bec3277b81bcc083a1da0489006a2" + "a7b8b5710fa511428682749dfd0cfc12" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", @@ -109,6 +109,7 @@ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", + "equation_FStar.Seq.Properties.createL", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", @@ -211,6 +212,8 @@ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", "refinement_interpretation_Tm_refine_fc12799aca7afdfe7dbfd8172fc58a83", "token_correspondence_MkSeq.create4", @@ -219,10 +222,11 @@ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", "typing_FStar.List.Tot.Base.length", "typing_FStar.Pervasives.Native.__proj__Mktuple5__item___1", - "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.bits", - "typing_Lib.IntTypes.v", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Properties.createL", + "typing_FStar.Seq.Properties.seq_of_list", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", + "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.cast_mod", "typing_Rust_primitives.Integers.get_bit", "typing_Rust_primitives.Integers.logand", @@ -239,7 +243,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d3f1f31f89a244094de8b787d7fb003e" + "9eb7e5344d7b44697e043440e1130e25" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -254,7 +258,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a8011caf675ac5d4b91020adcba83a2b" + "6a2f8f59f725abc43dd12decc668ae77" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -269,7 +273,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a5289797dcd6f9e70dfceed6e1128fc2" + "00bc9c0be2cf951204a5bcfc58e87e8c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -284,7 +288,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "98d109c31371f5c2036a08ee6f5ca30d" + "cde060c53aad65372ee15649a0247fe9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -299,7 +303,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "00f3e1bcbc818fee0db7304dc58c7e5f" + "4ad83adee528a2f07bdae7e98765f715" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -314,7 +318,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a26a6ac921f41ef3151cfb85a74d8b4c" + "d81ffb6e25ec73ab597a179d1a56be4b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -329,7 +333,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "71cf19604f7b4e829d01e332d26ed356" + "475f5382df8fd4fed01e5647bfaf5370" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -344,7 +348,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5d0654d69934998950e8574df4595ba9" + "6d4ad860d9091ba12afa6dabf4eff4fb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -359,7 +363,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "665fae4953829d05653203c1fd92e8dd" + "34b637db935ddd57fbb5f594d01a4e18" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -374,7 +378,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "69027af3ac2b77704e3d8083587475ad" + "361751f2efd6f9141ab206fc91444ba8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -389,7 +393,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "956b5de5f23b85c0bfd6baa869c64814" + "89a1996e277fd72adbcf459203708aa2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -404,7 +408,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "f7b8423297b61aeedf11ebd406ec5de6" + "50e5fafac0f1223afca5160bcd06951c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -419,7 +423,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "df343cbb2995af47eaa45fd79fe9e232" + "7af238ee61d5a9accd3f0745d60b3285" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -434,7 +438,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "7329b69888145c9f405de7f01ec4b7b2" + "6bac7d9ce7481f08b573590410971c37" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -449,7 +453,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "86475048498dd4cdefdfcb89b08683aa" + "daf6423125bb366bdb0fbdc1940d730c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -464,7 +468,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1c30c144f9828dff8cdf73d7542aa9d2" + "c286f13df9429195dcf7100cd7d2319f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -479,7 +483,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "cdb4eaa1745c39b152ed52ddb52c0e91" + "a2f709d5993c49af44c28ec837e2e9e9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -517,7 +521,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "47d805ac7bd5c361976b65b24e15b527" + "48f567a5b2a76435b10f1f6b1b77315d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -559,7 +563,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "fc2064cb143b3e18e48a97f3083d9d45" + "ff2e0e850ef2210e20e3ec89eb01e4de" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -574,7 +578,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "8900ba14a935c57c6a0bbd207712414e" + "857bfc64c42bded6d70122b3140de085" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -589,7 +593,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4d8890ef83a60f6e365361f3f4e07cfb" + "fcd909c591f95df68b4d996cfcc04150" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -602,7 +606,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "0e3b6e9ff7207567b5d00902a9935423" + "637600e7df42a69d3e8ff54a99a68e91" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -615,7 +619,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "93e56a3493ac514fe1b4a20bd3db9063" + "da4e8aa8cd5416513eb329f05134e7ae" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -636,7 +640,7 @@ "refinement_interpretation_Tm_refine_a17f0f6ecfa442a79ff1a1721abb0913" ], 0, - "03d8bc225b5eea1bdd7d15ce562fca29" + "ca2cab67b50831703906895e959756ce" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -652,7 +656,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "2cdc0566c3bc9649c1753d2c792ad9e4" + "53e023a6edd761f9febc518b3c97501a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -670,17 +674,13 @@ "equality_tok_Lib.IntTypes.S32@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.BitVectors.bounded", - "equation_Rust_primitives.BitVectors.int_t_d", - "equation_Rust_primitives.Integers.bits", - "equation_Rust_primitives.Integers.i32", - "equation_Rust_primitives.Integers.i32_inttype", + "equation_Prims.nat", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", @@ -694,11 +694,10 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "typing_Lib.IntTypes.v", + "typing_FStar.Int32.v", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", @@ -707,7 +706,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "800c33a589b14a3b29932131c6753836" + "47d4512e03ca333bf3ed0d5072fbf156" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -729,10 +728,14 @@ "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", + "equation_Prims.nat", "equation_Rust_primitives.BitVectors.bounded", + "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", + "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", @@ -746,6 +749,7 @@ "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -758,7 +762,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "cfe8f8d67f25090cade0ebc7dc70c40a" + "ffc72def6b7a9ed562971409c8b4edd9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -814,7 +818,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "3c73d8e5e6772911c77d6b51b6843b4d" + "659c57f74ee8b4ac202afb32c220182a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -871,7 +875,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "ef1f1b00107da04eb564043b4473e1f2" + "53090634afd1bd073b2aec7281cf6403" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -910,10 +914,10 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", + "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -926,7 +930,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6dc4e280429ec677ec8dcfb40bad3385" + "61271d9499a96764139dd7f8cfa563ab" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -953,7 +957,6 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", @@ -965,9 +968,7 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", @@ -981,7 +982,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "392b3919b95aa7342eef39b351665ab1" + "447b6c0938b9faa7e79d37b6d24968e2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1009,6 +1010,7 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.unsigned", @@ -1019,7 +1021,9 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", @@ -1033,7 +1037,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ff2442d800e58b02fafd8041fa723e57" + "4f57aef31f82014d2117004d4463ede4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1088,7 +1092,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a37cf53b290e696ab9617199e020776b" + "ef57761d383bcdc89ec9abb312c8c41f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1127,7 +1131,7 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_11870ecdbf94b736ee77231f548a9943", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", @@ -1143,7 +1147,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "96d3ce47ab8dbf31aeda13419749a879" + "63589abb424db92653e9c7f810139c69" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1182,11 +1186,11 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", + "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "typing_Lib.IntTypes.v", @@ -1198,7 +1202,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "70272e2bb4689f5d370e9c5264ed9989" + "0e971d76e080a956c084cee8394413be" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1253,7 +1257,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a8254fa1b6d0955f35635b1f2235fdf1" + "a53ef0302e60940fed83142ccdf7bbdf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1281,6 +1285,7 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.unsigned", @@ -1291,8 +1296,10 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -1305,7 +1312,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "cb9b09ac9619a0a91d39022268320d33" + "483b713a49aea3f17f223c27edb11280" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1360,7 +1367,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "14b5a3dfc8bd6533097b17ec1c68caef" + "5559c7897e1e3bb2b906eeb8e003e13d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1415,7 +1422,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ef67ea625afa0c098682966ebfa26ccf" + "160d95b8c682999ac54177245f5008e7" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1443,7 +1450,6 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.unsigned", @@ -1454,10 +1460,8 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", - "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -1470,7 +1474,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e5cf86f071e35fb75de4652f33df14d5" + "d2b19cad93d1cc84ad29945c7aea156b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1498,6 +1502,7 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", + "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.unsigned", @@ -1508,8 +1513,10 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4343572884852621525146ad32d770e7", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -1522,7 +1529,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9b5ad481b2f5d0cc2780eb7ddd7b8f40" + "9d3bffa2a2a6c82ee855337b810dbe7e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1577,7 +1584,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "93c5463acdfb93e4df58bf684b079d2e" + "3761e65c2976b194fb2588367f9d4d81" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1632,7 +1639,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f9c0f56d4031dd40bc81821ea25478d1" + "cc65f760373ba83e2dcb404b9a877bd7" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1645,7 +1652,7 @@ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf" ], 0, - "1cc460627a7607f3d6f1e3317d51f74e" + "261ad44177c0bf8d5d28fcd1ab86c535" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1694,7 +1701,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8f44eb99a20d63ff6c65c0a42f6a3f24" + "78f8d071a9579470a886c2136bd7abcd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1707,7 +1714,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "961fa833e067e508b0dbd6d57921ce7c" + "cd5280d27aa4213b8c1e9e47b2c85cdd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1727,7 +1734,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "4cb6a77d4ccadd39e43c5312a4a1dcec" + "a5e5cd997f41867e2176d7d4501da9de" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1740,7 +1747,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "865a5c9ed558a6e00c25a4cb5434e07d" + "9f58029301f92a1e1f1337297399e3a8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1760,7 +1767,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "d826a130bc3f22468da286e1d2911d79" + "b4236d0fef5275eb4836e5791df21e56" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1773,7 +1780,7 @@ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" ], 0, - "bd003eef40f8d59d3791a501987dda8f" + "a374d25f56e3fd9a19c7ad8f3b4f523e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1822,7 +1829,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "df8dae11f0f94e860544ff4f7a31f6d0" + "5dfd52cae06f2dea0d3d9ee0dd94bce4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1877,7 +1884,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f2fc5b05dfdeb13ca1b7bfc79afca671" + "e5ea7cfc0b67f36a88000eecb11b5b44" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1905,7 +1912,6 @@ "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", - "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.unsigned", @@ -1917,9 +1923,7 @@ "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -1932,7 +1936,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ea888cca1bb7921e1b66e4dd4743f86e" + "5d9c60b110bd42cf2941a1c80ccc699f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1945,7 +1949,7 @@ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" ], 0, - "952e0af34f8174d6e9225a18ccb5b27b" + "2db5a22cfa6bef54a28c0c47730f3053" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1994,7 +1998,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "da34fe254541b200ac31e2195aab48a9" + "64649dc41d4ba561056bdcc8f11ab118" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2007,7 +2011,7 @@ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" ], 0, - "65024a46aab23a985c2f72736d9f3e66" + "fc840c1417cbbaf73ec0c17fce41d28e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2027,7 +2031,7 @@ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" ], 0, - "361d062c71ff19931abb2e6646e10048" + "a6cf16741380bc17d8c3dd57c586109b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2040,7 +2044,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "7e92cd6f8319a2b2fa4bb04e29c052dc" + "a9c7ab17deac92fe59c5485e1974d376" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2060,7 +2064,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "512bb9930ef045a7f3d38582314235a3" + "0106aa8b4d3e090451be73e23f4a6552" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2089,7 +2093,6 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Prims.Cons", "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", "data_typing_intro_Prims.Cons@tok", "data_typing_intro_Prims.Nil@tok", @@ -2114,6 +2117,7 @@ "equation_Rust_primitives.Arrays.t_Array", "equation_Rust_primitives.BitVectors.bit_vec", "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", + "equation_Rust_primitives.BitVectors.bounded", "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.bit", @@ -2129,6 +2133,7 @@ "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", + "equation_Rust_primitives.Integers.shift_right", "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", @@ -2161,10 +2166,10 @@ "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple11__1", "proj_equation_FStar.Pervasives.Native.Mktuple11__10", "proj_equation_FStar.Pervasives.Native.Mktuple11__11", @@ -2210,9 +2215,6 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", "projection_inverse_FStar.Pervasives.Native.Some_a", "projection_inverse_FStar.Pervasives.Native.Some_v", - "projection_inverse_Prims.Cons_a", - "projection_inverse_Prims.Cons_hd", - "projection_inverse_Prims.Cons_tl", "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_03288e8cad3d11e26a62a263d75b4cb9", "refinement_interpretation_Tm_refine_0900f6d27eee08e6b24699af33bdd980", @@ -2225,7 +2227,6 @@ "refinement_interpretation_Tm_refine_25a3ac62ce8d1d795628b758d48abad1", "refinement_interpretation_Tm_refine_285d5ca95815dcb9fcec0ae13da5f30c", "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", - "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", "refinement_interpretation_Tm_refine_3012dc4a62607a165775ce6122df6b27", @@ -2293,9 +2294,8 @@ "token_correspondence_Prims.pow2.fuel_instrumented", "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", - "typing_FStar.Int32.int_to_t", "typing_FStar.List.Tot.Base.length", - "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", - "typing_FStar.Seq.Properties.createL", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.seq_of_list", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", @@ -2316,7 +2316,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "fa9da92f8ee21097cceca22f8b9f6c07" + "949cbd28d959d4f41985bb16e93d4996" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2331,7 +2331,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c492d6b2e6ad83823751c05d92945a6e" + "6ae44ac201a4d56dc38740b2668ad723" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2346,7 +2346,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a5289797dcd6f9e70dfceed6e1128fc2" + "00bc9c0be2cf951204a5bcfc58e87e8c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2361,7 +2361,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "98d109c31371f5c2036a08ee6f5ca30d" + "cde060c53aad65372ee15649a0247fe9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2376,7 +2376,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "00f3e1bcbc818fee0db7304dc58c7e5f" + "4ad83adee528a2f07bdae7e98765f715" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2391,7 +2391,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a26a6ac921f41ef3151cfb85a74d8b4c" + "d81ffb6e25ec73ab597a179d1a56be4b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2406,7 +2406,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "71cf19604f7b4e829d01e332d26ed356" + "475f5382df8fd4fed01e5647bfaf5370" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2421,7 +2421,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5d0654d69934998950e8574df4595ba9" + "6d4ad860d9091ba12afa6dabf4eff4fb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2436,7 +2436,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "665fae4953829d05653203c1fd92e8dd" + "34b637db935ddd57fbb5f594d01a4e18" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2451,7 +2451,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "69027af3ac2b77704e3d8083587475ad" + "361751f2efd6f9141ab206fc91444ba8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2466,7 +2466,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "956b5de5f23b85c0bfd6baa869c64814" + "89a1996e277fd72adbcf459203708aa2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2481,7 +2481,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "f7b8423297b61aeedf11ebd406ec5de6" + "50e5fafac0f1223afca5160bcd06951c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2496,7 +2496,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "df343cbb2995af47eaa45fd79fe9e232" + "7af238ee61d5a9accd3f0745d60b3285" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2511,7 +2511,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "7329b69888145c9f405de7f01ec4b7b2" + "6bac7d9ce7481f08b573590410971c37" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2526,7 +2526,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "86475048498dd4cdefdfcb89b08683aa" + "daf6423125bb366bdb0fbdc1940d730c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2541,7 +2541,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1c30c144f9828dff8cdf73d7542aa9d2" + "c286f13df9429195dcf7100cd7d2319f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2556,7 +2556,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "cdb4eaa1745c39b152ed52ddb52c0e91" + "a2f709d5993c49af44c28ec837e2e9e9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2617,7 +2617,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "07c6400c658981e691fa83e3ff358b2f" + "163cc8380bb20766b43d21884878597d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2626,6 +2626,7 @@ 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad", "MkSeq_interpretation_Tm_arrow_18d3dcbafa1048d6377074186f5f2afd", @@ -2659,12 +2660,12 @@ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", + "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.pub_uint16", "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", @@ -2709,6 +2710,7 @@ "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.Int32.vu_inv", "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u16", + "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u32", "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", "lemma_Rust_primitives.Integers.get_bit_and", "lemma_Rust_primitives.Integers.get_bit_cast", @@ -2739,8 +2741,10 @@ "projection_inverse_FStar.Pervasives.Native.Some_v", "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_0eeab4d5f73e78a17240ba8a60788298", + "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", + "refinement_interpretation_Tm_refine_4adc867dedc8116424e7854032f7976a", "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", @@ -2756,6 +2760,7 @@ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_d261778ce6a448bd4ab7bd9f494cdb2e", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "refinement_interpretation_Tm_refine_f2a41cd0b7a1b87e64e4bdabfc823091", @@ -2764,7 +2769,8 @@ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", - "typing_FStar.Seq.Properties.createL", "typing_FStar.UInt.fits", + "typing_FStar.Seq.Properties.createL", + "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits", "typing_FStar.UInt16.uint_to_t", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", @@ -2783,7 +2789,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d78f09a0066381216a7a758895ef3321" + "d964a07f964b373d0e55b902b18276d7" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2799,7 +2805,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "998d393fc2c15ee47f33be6404085747" + "0f16f2594ff57b0b0ee40d426e9f0719" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2814,7 +2820,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "52b973bfc79eddc8ae65b463cb6d399c" + "ce83ebe85aba9d902699803e99cbe59d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2829,7 +2835,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "446d7312e8cc8c01944d7be3d97fcbaa" + "b8f44f014dc4923b9781b4253cc0fe3f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2844,7 +2850,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "fc6ad9e1907730ea82b394700f48e511" + "35820f8dfa33cc4a196dcf8def5af9e5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2859,7 +2865,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1f802a541f2a01c90e259e398be8681a" + "418152ba780594a26d0f9b5be6d7a90b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2874,7 +2880,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4a1760f657a98e93729bd0563ed4cd02" + "492795b7f754b466b4f96374a71d8876" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2889,7 +2895,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "0441a48a1619435becf892e440d8b22c" + "5c9a09d64950cddb9b1b2cb4636ee922" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2904,7 +2910,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c5a96e8b5f6650820625cf419b1ba6bf" + "5ad9465557fca1eabf1147772ea8c393" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2919,7 +2925,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "67bf4f9583bac88d1a62a9c508114ed4" + "e7c3f30d80bfab66b4ab4c8be397440b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2934,7 +2940,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "52cb516ccccceacb75d1a5a84b18227f" + "fb13b6dd3f52be559fd0325cc94d4ae4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2949,7 +2955,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "280ebf4e9f500835ca557addc750e35c" + "3251139072f48e3e76a8a0864f8016c8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2964,7 +2970,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "453ecb570b15669d13db2160af6b5581" + "6e7b3b9dc0ee03e47a1599420c19eaec" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2979,7 +2985,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "df1baaaa1772c72a73823fd8c6ab16bd" + "02ae6f739996f37041a9ba210ff3ef4b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2994,7 +3000,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "f5b45de0f3fe478d89c83b331978ab11" + "feab48d3226b6703555f1bf438618c37" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3009,7 +3015,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4ce2b52003ea1fe3b3ce6420011c0e42" + "1aa041f16f8c02c20f28d28dcd7ec57d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3024,7 +3030,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5021b47ce24222081a5dd7bb4dc6cdd3" + "a613a385b7180f4a463f2757b2362358" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3039,7 +3045,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "88348da34cfe864252b55330714b46e1" + "c79d63163722739255dd811d99f33086" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3077,7 +3083,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "144024f48e81d61d66daf8e4df4cf218" + "0957c7d94fbc1e0fb443ac6c4478a369" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3102,7 +3108,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "af3815557e96a079e41bf0bc547f4ba5" + "26ff1aa9e38ee1fd90235342a96159bc" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3117,7 +3123,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "dfd9596e8087ee1bedb43912014a304a" + "466503e07a8715de79f5731e5a9303a3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3132,7 +3138,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "627d3fd5f318be2defcd053f6d87e31d" + "6ba224f055df911b81b93a3fec35146f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3145,7 +3151,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "722715257eeeb473ad73b076b69e0eb1" + "bb5058e35018c31fafd17158d07f1ddf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3158,7 +3164,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "159eda153ec0be5b2c76cb03cb6e808c" + "0c04586472bcf945d1f586dfac248d54" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3179,7 +3185,7 @@ "refinement_interpretation_Tm_refine_fd0534dae74a1a03c82c48538de4b46a" ], 0, - "c117c98c012960d261b496269e6422d5" + "889a053d73c953b0368f5f068630eb89" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3231,7 +3237,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d573bd4b7f552353f56070cb1c98353d" + "4f101a56104ae3dd330e890f3c8150f0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3284,7 +3290,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b3a5a4b256f2da46e4cb6aa80b30ad63" + "dc53d554ae9ae5004bba81c04ef5a0fa" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3337,7 +3343,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ece99d7482db9f3e4c24cda6b4017d95" + "72f7316a2dc844473afe67cf3802074c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3390,7 +3396,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7bada0b02d0c088e1b66d2aebbd49254" + "5a0138d5182b7b7d59cd7ef508e7d46d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3429,9 +3435,9 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf", "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", @@ -3445,7 +3451,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4c5777f0892df9fae42aeae7ed61716c" + "af238a7235ff29b6900d0eced97c90b3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3501,7 +3507,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "462c1dcf39c0644c1f180bf29dfacdf7" + "b943062c664d5b575bfee2f991deb69b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3556,7 +3562,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "baf2f39b616726cae80a6c7ed1938850" + "fa6e90fb166533ce2ef21192d78dc0bb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3612,7 +3618,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6ad89a5f220a49132487388a6bcedecb" + "8d181fbfccf7248cb7ac5facee396987" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3667,7 +3673,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "613a093888cfb85e06c8614b10de961c" + "850ae587c88899529d372cb32eb7714b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3722,7 +3728,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "64d245b187c94ed8f11b3a86cb7be07a" + "41a4916895284010e297cb3103910a1e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3777,7 +3783,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "0069009ef5bec3ee6b9a878579dd7bb4" + "bbc42e3fe65a41a0f3040c98652b71c4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3833,7 +3839,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "512abe4d330faf163e5a520d0dc564a0" + "fa24ee848cd9a2ada7ef4da07a314069" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3888,7 +3894,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "474bb9e591027b56836db9f3d9b0a37a" + "c8eba10c5261a9bc415d4c8d67c18d55" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3943,7 +3949,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f24c644905e9f2fa8255ece1e6ab69d1" + "c33847cae332e771ecda6f905ab61da9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3956,7 +3962,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "0a5734d9b96e52ef5798160eb9188cd1" + "776dfee4f8e8d4b9f2cf991b76d3d966" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3969,7 +3975,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "d4eb1404eb29eda9b08938446f08d942" + "0f87ccb4925d581f788263bf9455a5d7" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3982,7 +3988,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "c201ae958331d21e7abbb787cbd2c525" + "a3c8859b583374d8dfa4857de02006cf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3996,7 +4002,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "d0a4ff4d8ba89e2953ac700d70ca9c45" + "982a13aa51996cbcc75f752c7a4186f2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4009,7 +4015,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "9ad5916590aea72e08b669dd67af8354" + "c67f802d7e65cf8032becb6ae3a51827" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4022,7 +4028,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "5987585ecf0e13aa852945cafc7601d7" + "6dbfff777c18b05581c00580d773bae0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4035,7 +4041,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "c0948f9533e5098ca51c917c75c6466e" + "3a3b114794d62a4781d3829d62a4a016" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4048,7 +4054,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "d0c6206e7cf00aff98e9ffef9fb5c13e" + "8560c5372e473aeb4274c362b6da1bbc" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4078,6 +4084,7 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", "data_typing_intro_Prims.Cons@tok", "data_typing_intro_Prims.Nil@tok", @@ -4141,10 +4148,10 @@ "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple5__1", "proj_equation_FStar.Pervasives.Native.Mktuple5__2", "proj_equation_FStar.Pervasives.Native.Mktuple5__3", @@ -4178,10 +4185,14 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", "projection_inverse_FStar.Pervasives.Native.Some_a", "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", "refinement_interpretation_Tm_refine_0dee8cb03258a67c2f7ec66427696212", "refinement_interpretation_Tm_refine_1c5286c19e2dc27f1052618432c91d6f", "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf", "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_2ee346c1eabb13d94765973c56f410f8", "refinement_interpretation_Tm_refine_348668412ebc92437d7b3fa54735669f", @@ -4219,7 +4230,6 @@ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", - "refinement_interpretation_Tm_refine_bf2fa1226f2c9a0f6671df3e80ddcb8e", "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", "refinement_interpretation_Tm_refine_c12fc4a64d0fd6897144bd1bac678a85", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", @@ -4234,7 +4244,8 @@ "token_correspondence_MkSeq.create5", "token_correspondence_MkSeq.create8", "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", - "typing_FStar.Seq.Base.length", + "typing_FStar.List.Tot.Base.length", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.createL", "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", @@ -4254,7 +4265,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "9385f935190c8921366ace1e11095054" + "96891e1f90c3e60155cec0aaedf62acc" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4269,7 +4280,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "084814e97504e5bd498e71acbce5c8ef" + "cdfa93184bd1c88018ecf48706a00355" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4284,7 +4295,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "446d7312e8cc8c01944d7be3d97fcbaa" + "b8f44f014dc4923b9781b4253cc0fe3f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4299,7 +4310,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "fc6ad9e1907730ea82b394700f48e511" + "35820f8dfa33cc4a196dcf8def5af9e5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4314,7 +4325,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1f802a541f2a01c90e259e398be8681a" + "418152ba780594a26d0f9b5be6d7a90b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4329,7 +4340,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4a1760f657a98e93729bd0563ed4cd02" + "492795b7f754b466b4f96374a71d8876" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4344,7 +4355,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "0441a48a1619435becf892e440d8b22c" + "5c9a09d64950cddb9b1b2cb4636ee922" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4359,7 +4370,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c5a96e8b5f6650820625cf419b1ba6bf" + "5ad9465557fca1eabf1147772ea8c393" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4374,7 +4385,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "67bf4f9583bac88d1a62a9c508114ed4" + "e7c3f30d80bfab66b4ab4c8be397440b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4389,7 +4400,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "52cb516ccccceacb75d1a5a84b18227f" + "fb13b6dd3f52be559fd0325cc94d4ae4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4404,7 +4415,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "280ebf4e9f500835ca557addc750e35c" + "3251139072f48e3e76a8a0864f8016c8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4419,7 +4430,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "453ecb570b15669d13db2160af6b5581" + "6e7b3b9dc0ee03e47a1599420c19eaec" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4434,7 +4445,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "df1baaaa1772c72a73823fd8c6ab16bd" + "02ae6f739996f37041a9ba210ff3ef4b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4449,7 +4460,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "f5b45de0f3fe478d89c83b331978ab11" + "feab48d3226b6703555f1bf438618c37" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4464,7 +4475,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4ce2b52003ea1fe3b3ce6420011c0e42" + "1aa041f16f8c02c20f28d28dcd7ec57d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4479,7 +4490,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5021b47ce24222081a5dd7bb4dc6cdd3" + "a613a385b7180f4a463f2757b2362358" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4494,7 +4505,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "88348da34cfe864252b55330714b46e1" + "c79d63163722739255dd811d99f33086" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4552,7 +4563,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "51d40142d07f439e8576a7fcf01080c3" + "630b405cfe3c555d1e0d9cbecae03de0" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4561,7 +4572,6 @@ 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", "MkSeq_interpretation_Tm_arrow_5765cf80a31e12b6cf9294aa374986ee", @@ -4582,7 +4592,6 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Prims.Cons", "data_typing_intro_FStar.Pervasives.Native.Mktuple4@tok", "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok", "data_typing_intro_Prims.Cons@tok", @@ -4596,7 +4605,9 @@ "equation_FStar.Int.min_int", "equation_FStar.Int.size", "equation_FStar.Seq.Properties.createL", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", @@ -4632,7 +4643,6 @@ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", "interpretation_Tm_abs_a9b198e31fde8a384087b8239a5e2e08", "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", - "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", "lemma_Rust_primitives.Integers.get_bit_and", @@ -4642,10 +4652,10 @@ "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple4__1", "proj_equation_FStar.Pervasives.Native.Mktuple4__2", "proj_equation_FStar.Pervasives.Native.Mktuple4__3", @@ -4671,12 +4681,8 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple5__5", "projection_inverse_FStar.Pervasives.Native.Some_a", "projection_inverse_FStar.Pervasives.Native.Some_v", - "projection_inverse_Prims.Cons_a", - "projection_inverse_Prims.Cons_hd", - "projection_inverse_Prims.Cons_tl", "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", - "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", @@ -4692,7 +4698,6 @@ "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", - "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", "refinement_interpretation_Tm_refine_f386e1ee441210481fca177647b8d6bc", "refinement_interpretation_Tm_refine_f745638d27656256eab52e67ec987e5a", @@ -4702,7 +4707,6 @@ "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", "typing_FStar.Int32.v", "typing_FStar.List.Tot.Base.length", - "typing_FStar.Seq.Properties.createL", "typing_FStar.Seq.Properties.seq_of_list", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", @@ -4720,7 +4724,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "221b9a1b47741f1fe888534cea46bd89" + "4eb3e8127ef8bfc700d990df83be7e50" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4735,7 +4739,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "885a6fc5875832b40ed79d451bb1af84" + "06aa892d5a0beec98809ee6e07e39e5f" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4791,7 +4795,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5f29e93dc4ec00b3bb239d111aa80709" + "f9b8c4adcdb43fef7c72a680ea8ddea2" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4818,8 +4822,11 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Prims.Cons", "data_typing_intro_FStar.Pervasives.Native.Mktuple11@tok", "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", + "data_typing_intro_Prims.Cons@tok", + "data_typing_intro_Prims.Nil@tok", "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S32@tok", @@ -4872,10 +4879,10 @@ "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", - "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple11__1", "proj_equation_FStar.Pervasives.Native.Mktuple11__10", "proj_equation_FStar.Pervasives.Native.Mktuple11__11", @@ -4921,8 +4928,12 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", "projection_inverse_FStar.Pervasives.Native.Some_a", "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Prims.Cons_a", + "projection_inverse_Prims.Cons_hd", + "projection_inverse_Prims.Cons_tl", "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", + "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", @@ -4944,7 +4955,8 @@ "token_correspondence_MkSeq.create8", "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", - "typing_FStar.Int32.v", "typing_Lib.IntTypes.v", + "typing_FStar.List.Tot.Base.length", + "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.get_bit", @@ -4961,7 +4973,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "7a66edfa7856c9a6282650140f97b69d" + "ef03ba327b8919849d5efdda4d0481b3" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4976,7 +4988,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "68ae81843e612be67486ac36a2f57f90" + "deeed86946518e90c0018bb7ce0fe4d6" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", @@ -5035,7 +5047,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "87ed87e0d10a58d94b0d5d1158a7ea90" + "777d8a5c8694f4227fc04faf1827266b" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", @@ -5044,6 +5056,7 @@ 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "FStar.Sealed_interpretation_Tm_arrow_6980332764c4493a7b0df5c02f7aefbe", "MkSeq_interpretation_Tm_arrow_14835084a7628a594896379e5ea411ad", @@ -5051,6 +5064,8 @@ "MkSeq_interpretation_Tm_arrow_a8cce9f06a7eff5740f6bae57e839f6b", "MkSeq_interpretation_Tm_arrow_aa50555711d6286cfd8dc185000aafab", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_174abaca43ba34e0abfa0271a1b94446", + "Rust_primitives.BitVectors_interpretation_Tm_arrow_b4ead33e06e21b401ac39ed9ccd66716", "Rust_primitives_interpretation_Tm_arrow_f41a2414a22e10a5d3d0356941703414", "b2t_def", "bool_inversion", "bool_typing", "constructor_distinct_FStar.Pervasives.Native.Some", @@ -5076,29 +5091,33 @@ "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.max_int", "equation_FStar.Int.min_int", "equation_FStar.Int.size", - "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", - "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", - "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_FStar.Seq.Properties.createL", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", "equation_MkSeq.create1", "equation_MkSeq.create2", "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array", + "equation_Rust_primitives.BitVectors.bit_vec", "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "equation_Rust_primitives.BitVectors.int_t_d", + "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.bit", "equation_Rust_primitives.Integers.bits", + "equation_Rust_primitives.Integers.cast_mod", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.i32_inttype", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", + "equation_Rust_primitives.Integers.op_At_Percent_Dot", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.signed", @@ -5114,6 +5133,7 @@ "function_token_typing_MkSeq.create1", "function_token_typing_MkSeq.create2", "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "function_token_typing_Rust_primitives.Integers.i32", "int_inversion", "int_typing", "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", @@ -5121,8 +5141,9 @@ "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1", "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", - "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", - "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", + "lemma_FStar.Int32.uv_inv", "lemma_FStar.Int32.vu_inv", + "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", + "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_u8", "lemma_Rust_primitives.Integers.get_bit_and", "lemma_Rust_primitives.Integers.get_bit_cast", @@ -5134,7 +5155,7 @@ "primitive_Prims.op_Division", "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple2__1", "proj_equation_FStar.Pervasives.Native.Mktuple2__2", "proj_equation_FStar.Pervasives.Native.Some_v", @@ -5148,6 +5169,7 @@ "refinement_interpretation_Tm_refine_1fc9aea01d7aff49f16425d06e0bcadf", "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", + "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c", "refinement_interpretation_Tm_refine_3e02dc287b6456c1e417bd92df9b15ce", "refinement_interpretation_Tm_refine_4c9fc7a376083f6cefabf973925fed40", @@ -5161,7 +5183,10 @@ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_bedf734497c97006b6f701c7647a9cc6", "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", + "refinement_interpretation_Tm_refine_d2d1ea66f2b3a92c2deb42edcbb784ce", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", "refinement_interpretation_Tm_refine_e9d2acd716e976eddb0f03391caae2b5", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "refinement_interpretation_Tm_refine_f3460d78bd6a4448da852b8e0439abd1", @@ -5170,15 +5195,17 @@ "token_correspondence_MkSeq.create2", "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", - "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Properties.createL", - "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t", - "typing_Lib.IntTypes.v", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Properties.createL", + "typing_FStar.Seq.Properties.seq_of_list", "typing_FStar.UInt.fits", + "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.get_bit", "typing_Rust_primitives.Integers.logand", "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.mk_int", + "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", @@ -5191,7 +5218,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "0a3c63b74947472d26d4083ffea2dc4f" + "a7c8d161d00cac3149e6eb5f54ecebe4" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5226,7 +5253,7 @@ "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.sz", "equation_Rust_primitives.Integers.unsigned", - "equation_Rust_primitives.Integers.v", + "equation_Rust_primitives.Integers.v", "int_typing", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", @@ -5247,7 +5274,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "96eee3c7139034bb3d8355544a3a2585" + "fa9a8ac8522fc58d39a7f27948e0c6e4" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5256,7 +5283,6 @@ 0, [ "@MaxFuel_assumption", "@MaxIFuel_assumption", - "@fuel_correspondence_FStar.List.Tot.Base.length.fuel_instrumented", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "MkSeq_interpretation_Tm_arrow_1d6030b706650e3a060c2ca2b45a05f6", "MkSeq_interpretation_Tm_arrow_94eb21ba87bdc77086081163b2f023fb", @@ -5275,11 +5301,8 @@ "constructor_distinct_Lib.IntTypes.U32", "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", - "constructor_distinct_Prims.Cons", "data_typing_intro_FStar.Pervasives.Native.Mktuple5@tok", "data_typing_intro_FStar.Pervasives.Native.Mktuple8@tok", - "data_typing_intro_Prims.Cons@tok", - "data_typing_intro_Prims.Nil@tok", "disc_equation_FStar.Pervasives.Native.Some", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S32@tok", @@ -5296,7 +5319,6 @@ "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.Arrays.t_Array", "equation_Rust_primitives.BitVectors.bit_vec_of_int_t_array", - "equation_Rust_primitives.BitVectors.bounded", "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.bit", @@ -5307,7 +5329,6 @@ "equation_Rust_primitives.Integers.inttype", "equation_Rust_primitives.Integers.maxint", "equation_Rust_primitives.Integers.minint", - "equation_Rust_primitives.Integers.modulus", "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.signed", @@ -5324,7 +5345,6 @@ "interpretation_Tm_abs_352966ba8c3fcfe6f9dc92662e02fbff", "interpretation_Tm_abs_5d1f1121943425d1164086288c912b04", "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", - "lemma_Lib.IntTypes.pow2_3", "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.BitVectors.get_bit_pow2_minus_one_i32", "lemma_Rust_primitives.BitVectors.lemma_get_bit_bounded", "lemma_Rust_primitives.Integers.get_bit_and", @@ -5334,10 +5354,10 @@ "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", - "primitive_Prims.op_Division", "primitive_Prims.op_Equality", - "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Minus", "primitive_Prims.op_Modulus", - "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Minus", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple5__1", "proj_equation_FStar.Pervasives.Native.Mktuple5__2", "proj_equation_FStar.Pervasives.Native.Mktuple5__3", @@ -5371,14 +5391,9 @@ "projection_inverse_FStar.Pervasives.Native.Mktuple8__8", "projection_inverse_FStar.Pervasives.Native.Some_a", "projection_inverse_FStar.Pervasives.Native.Some_v", - "projection_inverse_Prims.Cons_a", - "projection_inverse_Prims.Cons_hd", - "projection_inverse_Prims.Cons_tl", "refinement_interpretation_Tm_refine_1e6b47a616fd98d0104838f8e23c690d", "refinement_interpretation_Tm_refine_286427dbaf4bc739efc8cef99cb6b0da", - "refinement_interpretation_Tm_refine_29f54a8a92d732b7f4111928d707db68", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", - "refinement_interpretation_Tm_refine_3e0ccdc7721f6b4a1397798c47efe1c1", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_627e9f1cc724efa294bbc10092665eb4", @@ -5399,14 +5414,13 @@ "token_correspondence_MkSeq.create8", "token_correspondence_Rust_primitives.BitVectors.bit_vec_of_int_t_array", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", - "typing_FStar.List.Tot.Base.length", - "typing_FStar.Seq.Properties.createL", "typing_Lib.IntTypes.v", + "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.get_bit", "typing_Rust_primitives.Integers.logand", + "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.mk_int", - "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", @@ -5417,7 +5431,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "6c2b294b8c0b8534ee3eba67a5b63b81" + "99c1f759771c6a3d8110f736e0f98501" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5432,7 +5446,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "601cbaa0373ea53a343c9249a58622f6" + "7a574d008364a6ed752f40dbd54b4a6a" ], [ "Libcrux.Kem.Kyber.Serialize.cast_bound_lemma", @@ -5442,13 +5456,11 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", - "constructor_distinct_Lib.IntTypes.S32", + "bool_inversion", "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S64", "constructor_distinct_Lib.IntTypes.U128", "equality_tok_Lib.IntTypes.PUB@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.v", "equation_Prims.nat", "equation_Prims.pos", "equation_Rust_primitives.BitVectors.bounded", "equation_Rust_primitives.BitVectors.num_bits", @@ -5465,18 +5477,13 @@ "equation_Rust_primitives.Integers.v", "equation_Rust_primitives.cast", "equation_Rust_primitives.cast_tc_integers", "int_inversion", - "int_typing", "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.Int.pow2_values", "lemma_FStar.UInt.pow2_values", - "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_3", - "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", - "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", + "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", @@ -5486,11 +5493,8 @@ "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", - "token_correspondence_Prims.pow2.fuel_instrumented", "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", - "typing_Rust_primitives.Integers.cast_mod", + "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.unsigned", @@ -5498,7 +5502,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "99a03821b3230bd8dd7b9fff0d306791" + "890a1bbb0c8f0cbb5dda435ca05ae815" ], [ "Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", @@ -5509,18 +5513,27 @@ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.S128", + "constructor_distinct_Lib.IntTypes.S16", "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.S64", + "constructor_distinct_Lib.IntTypes.S8", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", "constructor_distinct_Tm_unit", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S128@tok", - "equality_tok_Lib.IntTypes.S16@tok", "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.S64@tok", "equation_FStar.Int.max_int", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U64@tok", "equation_FStar.Int.min_int", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", - "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.BitVectors.bounded", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", "equation_Prims.nat", + "equation_Prims.pos", "equation_Rust_primitives.BitVectors.bounded", "equation_Rust_primitives.BitVectors.int_t_d", "equation_Rust_primitives.BitVectors.num_bits", "equation_Rust_primitives.Integers.bits", @@ -5566,17 +5579,16 @@ "token_correspondence_Prims.pow2.fuel_instrumented", "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.S128@tok", - "typing_tok_Lib.IntTypes.S16@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.S64@tok" + "typing_tok_Lib.IntTypes.S128@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "155936050b509b23a09e1c4c15fa509a" + "017955c7b3b1bf0bfad2f3ab72f955aa" ], [ "Libcrux.Kem.Kyber.Serialize.mul_in_range", @@ -5614,7 +5626,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "8f677cbc1f01f0003f7bc1ca14921a2b" + "d6989f0623613762093351575ee7f6a6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_10_", @@ -5650,11 +5662,10 @@ "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", - "equation_Libcrux.Kem.Kyber.Arithmetic.op_String_Access", "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_MkSeq.create5", "equation_Prims.nat", "equation_Prims.pos", @@ -5683,8 +5694,7 @@ "fuel_guarded_inversion_Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement_b", "function_token_typing_Lib.IntTypes.byte_t", "function_token_typing_MkSeq.create5", - "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "int_typing", + "function_token_typing_Prims.__cache_version_number__", "int_typing", "interpretation_Tm_abs_01047fdcbb61cf2007b500a679b4ec74", "lemma_FStar.Int32.vu_inv", "lemma_FStar.UInt8.vu_inv", "lemma_Lib.IntTypes.pow2_3", @@ -5696,14 +5706,10 @@ "primitive_Prims.op_Minus", "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", "proj_equation_FStar.Pervasives.Native.Mktuple2__1", - "proj_equation_FStar.Pervasives.Native.Mktuple4__2", - "proj_equation_FStar.Pervasives.Native.Mktuple4__3", "proj_equation_Libcrux.Kem.Kyber.Arithmetic.Mkt_PolynomialRingElement_b_f_coefficients", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple4__2", - "projection_inverse_FStar.Pervasives.Native.Mktuple4__3", "refinement_interpretation_Tm_refine_25c72d704900d626b30894312c325451", "refinement_interpretation_Tm_refine_27acc9d57c8d8f1b3a3d6ee8bf68b1bf", "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", @@ -5717,27 +5723,24 @@ "refinement_interpretation_Tm_refine_a863b558306d9c95bf61dd49d4ebba99", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", - "refinement_interpretation_Tm_refine_c6f3d3a7a9f98f04b8cf196af2b784ef", "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_MkSeq.create5", "token_correspondence_Prims.pow2.fuel_instrumented", "typing_FStar.UInt.fits", "typing_FStar.UInt8.uint_to_t", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Prims.pow2", "typing_Rust_primitives.Hax.repeat", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.range", - "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3fdf216402dcdce67256071ae28d2711" + "7babbe9509475b9f2818dc459a503eb9" ], [ "Libcrux.Kem.Kyber.Serialize.update5", @@ -5793,7 +5796,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1752cb61e2e0986f5af017ce06787085" + "50ebe0a77c5a7ce10dd595cf66432da6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5829,7 +5832,7 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_MkSeq.create11", "equation_Prims.nat", - "equation_Prims.pos", "equation_Rust_primitives.Arrays.length", + "equation_Rust_primitives.Arrays.length", "equation_Rust_primitives.Arrays.t_Array", "equation_Rust_primitives.Arrays.t_Slice", "equation_Rust_primitives.BitVectors.int_t_d", @@ -5882,7 +5885,6 @@ "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_70d312c8ec0b8643a1f0f5f003ab915a", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", @@ -5893,10 +5895,8 @@ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "token_correspondence_MkSeq.create11", "token_correspondence_Rust_primitives.unsize", - "typing_FStar.Int.fits", "typing_FStar.Seq.Base.length", - "typing_Lib.IntTypes.v", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", @@ -5905,7 +5905,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1f6f85aaec220b06e233738d964451e5" + "218386bca1e114d244f1203686f94886" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5917,7 +5917,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "31ce21135ab2edb9ee445b7e6e2c50dc" + "15fc8069a1bb17176ad2b87be6f8b30e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5966,7 +5966,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "09a18aa198c0b62e23f0aefd7a1959bc" + "44decd1b4cfd4ca1b42ed26929611d3d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_4_", @@ -6073,7 +6073,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e814bc321feef6247eb6575cfcfde913" + "e3a6ef0136439e9490ab9fc143654145" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6110,8 +6110,7 @@ "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_Prims.nat", "equation_Prims.pos", - "equation_Rust_primitives.Arrays.length", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.length", "equation_Rust_primitives.Arrays.t_Array", "equation_Rust_primitives.Arrays.t_Slice", "equation_Rust_primitives.BitVectors.bounded", @@ -6164,7 +6163,6 @@ "refinement_interpretation_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", - "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", @@ -6176,8 +6174,7 @@ "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", "refinement_kinding_Tm_refine_32e93499afd73d81ad9a03adc385e67f", "token_correspondence_Rust_primitives.unsize", - "typing_FStar.Int.fits", "typing_FStar.Seq.Base.length", - "typing_Lib.IntTypes.v", + "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.minint", @@ -6189,7 +6186,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e3249211adbff29ad190845e486dab32" + "c40b82d0552b905aec066e753d6b2ce3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6201,7 +6198,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "b29f9ac62b7bd138d23552aac22a9db6" + "5852fac32040fdaaf9e2b92fdd5dc67f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6251,7 +6248,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "224dea91b5286fd975f28ee53eb679e0" + "e133bfb395bfad17492a17aea661729a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", @@ -6312,7 +6309,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "818d97bf3d408fd09cf128f7b0c6e163" + "5c03f56f54a59da704e8d2639de92e19" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", @@ -6405,7 +6402,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "1725db50f18ae0e771c42fbecd244a5b" + "eea3862f2061336f51ce45f003d76293" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u", @@ -6420,9 +6417,10 @@ "constructor_distinct_Lib.IntTypes.U32", "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S32@tok", - "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.max_int", - "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equality_tok_Lib.IntTypes.U32@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Prims.nat", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.cast_mod", @@ -6432,8 +6430,6 @@ "equation_Rust_primitives.Integers.minint", "equation_Rust_primitives.Integers.modulus", "equation_Rust_primitives.Integers.op_At_Percent_Dot", - "equation_Rust_primitives.Integers.range", - "equation_Rust_primitives.Integers.range_t", "equation_Rust_primitives.Integers.u32", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.usize", @@ -6445,17 +6441,13 @@ "lemma_FStar.UInt32.uv_inv", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", - "primitive_Prims.op_Subtraction", - "projection_inverse_BoxBool_proj_0", - "projection_inverse_BoxInt_proj_0", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", "projection_inverse_Rust_primitives.Mkcast_tc_cast", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_66a922cd7d39fe76a3ef56268cd7c086", "refinement_interpretation_Tm_refine_6dd2f55c8872fb0160e8109d9e59245f", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", - "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.v", "typing_Rust_primitives.Integers.bits", @@ -6463,12 +6455,11 @@ "typing_Rust_primitives.Integers.op_At_Percent_Dot", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "c32ff4cb3475ad5d38609b2e9b6e4709" + "13856de1f08d64767f1c3a308a5c3941" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6534,7 +6525,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e703beef9811acdc353f61eaf05a9fac" + "bff23ff176ad6ebd3b18932b735a43fd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6561,9 +6552,10 @@ "equality_tok_Lib.IntTypes.U64@tok", "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", - "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.unsigned", - "equation_Lib.IntTypes.v", "equation_Prims.nat", - "equation_Prims.pos", "equation_Rust_primitives.Integers.bits", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_Prims.nat", "equation_Prims.pos", + "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.cast_mod", "equation_Rust_primitives.Integers.int_t", "equation_Rust_primitives.Integers.inttype", @@ -6587,6 +6579,7 @@ "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt64.uv_inv", + "lemma_Lib.IntTypes.pow2_2", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", @@ -6621,7 +6614,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "76a14d58a6dadc65f384be3b3c71bb69" + "598b50757a412a7a52b143d45847f5d4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6631,9 +6624,9 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "bool_inversion", "bool_typing", - "constructor_distinct_Lib.IntTypes.PUB", + "bool_inversion", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", "constructor_distinct_Lib.IntTypes.S8", "constructor_distinct_Lib.IntTypes.U1", "constructor_distinct_Lib.IntTypes.U16", @@ -6653,25 +6646,21 @@ "equation_Rust_primitives.Integers.range", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.usize", - "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params", "lemma_Rust_primitives.Integers.pow2_values", - "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", - "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Subtraction", "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", - "refinement_interpretation_Tm_refine_e44c15fb5d8160f1569ee39a0b3d9688", "typing_FStar.UInt32.t", "typing_FStar.UInt64.t", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.unsigned", - "typing_Rust_primitives.Integers.usize_inttype", - "typing_Spec.Kyber.valid_params" + "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "c81f33d6493d7fa0e3d01a83be5a8514" + "33a61e837571f0be1ef3d85349e0ab65" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6765,7 +6754,7 @@ "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Prims.pow2", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.modulus", "typing_Rust_primitives.Integers.op_At_Percent_Dot", @@ -6777,7 +6766,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "8d41f34ae0f39a64c71647f3e0e80380" + "bcfbfc1dfe9931f9a70798e7febac7da" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6789,7 +6778,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "43fd59a3f3c8ef2d71531cb9295a94e9" + "af43361e7e016b53e8a45a3a7a5db087" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6843,7 +6832,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "106fc905e106035482ee0050ce6241a8" + "be96412b25e5f143c128de38139ae0e0" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -6930,7 +6919,7 @@ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "refinement_interpretation_Tm_refine_e845cca53ad19c4347b13715739da90e", - "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", + "token_correspondence_Rust_primitives.cast", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", @@ -6945,7 +6934,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e2122d99fb9d4d7883a1ad1cae425730" + "b54aeffaf1b6a639874a095a06f6b947" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -6959,7 +6948,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c4f3d63ec9c412ad54b217165a20beac" + "31e63ff28b98ca00a4220866d9b372e4" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -7007,7 +6996,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "9dfcfc5f6fa0208149695637780dd624" + "8e8c379ce754effeae272f49292e53a6" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7096,6 +7085,7 @@ "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108", "refinement_interpretation_Tm_refine_a6d4eccfb2603ce5e66d6162c32df2b0", "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", + "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a", "refinement_interpretation_Tm_refine_c156ecc6eab05d1687a383ef171435eb", "token_correspondence_MkSeq.create1", "token_correspondence_MkSeq.create2", "typing_Lib.IntTypes.v", @@ -7103,6 +7093,7 @@ "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.i32_inttype", "typing_Rust_primitives.Integers.int_t", + "typing_Rust_primitives.Integers.minint", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", @@ -7110,7 +7101,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "2fba305405821f55d14f204b50d375e3" + "c4d0efe5ca737759cf5e587d19a15df8" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7122,7 +7113,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "07ef8fe3c1b68bf391c06ff0672563cb" + "93b8c0271963ac31436cfb2a1c1f7da6" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7132,7 +7123,6 @@ [ "@MaxFuel_assumption", "@MaxIFuel_assumption", "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", - "MkSeq_interpretation_Tm_arrow_4936cb3ae75b071093de3c4fdb6a1778", "bool_inversion", "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", "constructor_distinct_Lib.IntTypes.S16", @@ -7147,14 +7137,10 @@ "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", - "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", - "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", - "equation_Lib.IntTypes.v", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "equation_MkSeq.create1", "equation_Prims.nat", - "equation_Rust_primitives.Arrays.t_Array", - "equation_Rust_primitives.Arrays.t_Slice", - "equation_Rust_primitives.BitVectors.num_bits", + "equation_Prims.nat", "equation_Rust_primitives.Arrays.t_Slice", "equation_Rust_primitives.Integers.bits", "equation_Rust_primitives.Integers.i32", "equation_Rust_primitives.Integers.int_t", @@ -7168,9 +7154,7 @@ "equation_Rust_primitives.Integers.u8", "equation_Rust_primitives.Integers.unsigned", "equation_Rust_primitives.Integers.usize", - "equation_Rust_primitives.Integers.v", - "function_token_typing_Lib.IntTypes.byte_t", "int_typing", - "interpretation_Tm_abs_94ab8e03f2df430f87d9d1fec48fd1f1", + "equation_Rust_primitives.Integers.v", "int_typing", "lemma_Lib.IntTypes.pow2_4", "lemma_Rust_primitives.Integers.pow2_values", "lemma_Rust_primitives.Integers.v_mk_int_lemma", @@ -7179,12 +7163,8 @@ "projection_inverse_BoxBool_proj_0", "projection_inverse_BoxInt_proj_0", "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", - "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", "refinement_interpretation_Tm_refine_079adb77fdd07c88556550f7147f31e6", "refinement_interpretation_Tm_refine_16da91e8e8e81b1e3e5f34f47ddac61a", - "refinement_interpretation_Tm_refine_2b93cc0d2fb3530ccc9d725f3cc7d456", - "refinement_interpretation_Tm_refine_3ca3b5d3bb9dd23942633e4e33942d2c", - "refinement_interpretation_Tm_refine_53d7089a905511e9e713c7dbc2f68178", "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", "refinement_interpretation_Tm_refine_a3e240df9966608d534d4eb5b3d03108", @@ -7192,20 +7172,18 @@ "refinement_interpretation_Tm_refine_bacb80e693f1faab8ffabcbb77914bec", "refinement_interpretation_Tm_refine_c3df9cc460905cf277bb991d449b4987", "refinement_interpretation_Tm_refine_e0b16d74ee3644bd585df5e7938934c6", - "token_correspondence_MkSeq.create1", "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_MkSeq.create1", "typing_Rust_primitives.Integers.bits", + "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.sz", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok", - "typing_tok_Lib.IntTypes.U8@tok" + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f48465accb0f4f9ceb2bb3d265d0a441" + "b8741d50a63695613eb748dae7db92e8" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7324,8 +7302,8 @@ "token_correspondence_Core.Ops.op_String_Access", "token_correspondence_MkSeq.create8", "token_correspondence_Prims.pow2.fuel_instrumented", - "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", - "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.v", + "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", + "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Arithmetic.derefine_poly_b", "typing_Libcrux.Kem.Kyber.Arithmetic.i32_b", "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", @@ -7341,7 +7319,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "e822df9fd1ad830e9ffa3055cc688efc" + "d66f07590913d3312193e8c5e48c9133" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7353,7 +7331,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "87ece57d77b6da3208f2247db54e5779" + "1dced3d2d39429fa4523e708b2d625ea" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7388,7 +7366,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "641fd8c08de171a75e6bf53665f28c02" + "06b456a171f7f49cdeb9b23882712372" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7449,7 +7427,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "32438b27032fc32f21da2091da9effd7" + "84621949e2375d65a627be97c4f58267" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7602,7 +7580,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "850ecf58d5ade6e792d9cf6aef6c5801" + "5a66cdd0f861e70a1b5db7e609856485" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7640,7 +7618,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ac748a49088a02009f12bdf35321f63a" + "adba02a9231a59b20a46b8f181f365e7" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", @@ -7687,7 +7665,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "9fc31f1c043dbc4652a44433648ce7a4" + "fd5399bf48cfea857e8c6b88cdf82f50" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", @@ -7755,7 +7733,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "62781d162a5749b378f968a4721ff35f" + "7b689dc315e2f712b4807d5cb3371961" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", @@ -7813,7 +7791,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "4d3841f0cf8981ec4ddd49b522bba049" + "b4e1b8b8deb9f48fc5b188bc3d87f090" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", @@ -7833,7 +7811,6 @@ "equality_tok_Lib.IntTypes.PUB@tok", "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", - "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.fits", "equation_FStar.Int.int_t", "equation_FStar.Int.size", "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", @@ -7867,9 +7844,7 @@ "equation_Rust_primitives.cast", "equation_Rust_primitives.cast_tc_integers", "equation_Spec.Kyber.params", "equation_Spec.Kyber.valid_params", - "function_token_typing_Lib.IntTypes.byte_t", - "function_token_typing_Rust_primitives.Integers.u8", "int_inversion", - "int_typing", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", "interpretation_Tm_abs_ae766fa8f90eec5b65a4f6b3f797525e", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", @@ -7897,20 +7872,17 @@ "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t", "typing_Lib.IntTypes.v", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", - "typing_Rust_primitives.Arrays.length", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.cast_mod", "typing_Rust_primitives.Integers.op_At_Percent_Dot", - "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", "typing_Rust_primitives.Integers.v", "typing_Spec.Kyber.v_C2_SIZE", "typing_Spec.Kyber.valid_params", "typing_tok_Lib.IntTypes.PUB@tok", - "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok", - "typing_tok_Lib.IntTypes.U64@tok" + "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "46a106c1a93958fd21b6bebbc7d8424c" + "a56aab3af01daaf712bd4ec5f5eaaedc" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element", @@ -7947,6 +7919,7 @@ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", + "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", @@ -7978,7 +7951,8 @@ "equation_Rust_primitives.cast_tc_integers", "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", "function_token_typing_Lib.IntTypes.byte_t", - "function_token_typing_Prims.__cache_version_number__", "int_typing", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_4", @@ -8025,6 +7999,8 @@ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.v", + "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", + "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.get_bit", @@ -8039,7 +8015,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "736f39d312d43176f9da219e7f1fe1f0" + "2013041055be052030b18df27c01564f" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8077,7 +8053,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "063344f3fb9bd0b31759a1aa4cf5d070" + "1b6dbfeb97ced72230ffdd86544193fb" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8180,7 +8156,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "6d1b2464bcc6c973fb6af194879461dc" + "aecaeed2ebe26f9557da8b132912ab3e" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8194,7 +8170,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "e3bc8f6af0c4adb20cdb6ef4b11ee9a0" + "26d77d8d965ca16bfc624b05b525a614" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8215,7 +8191,6 @@ "constructor_distinct_Lib.IntTypes.U64", "constructor_distinct_Lib.IntTypes.U8", "equality_tok_Lib.IntTypes.PUB@tok", - "equality_tok_Lib.IntTypes.S32@tok", "equality_tok_Lib.IntTypes.U32@tok", "equality_tok_Lib.IntTypes.U64@tok", "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", @@ -8268,11 +8243,10 @@ "typing_Rust_primitives.Integers.range", "typing_Rust_primitives.Integers.unsigned", "typing_Rust_primitives.Integers.usize_inttype", - "typing_Rust_primitives.Integers.v", - "typing_tok_Lib.IntTypes.S32@tok" + "typing_Rust_primitives.Integers.v" ], 0, - "94e56e7f1aaf31e97952a25f9fe06265" + "7c4de9268d24ba1dba479ce49bda6a17" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index a589ee2da..437293752 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -7,7 +7,8 @@ open Libcrux.Kem.Kyber.Arithmetic open MkSeq -#push-options "--z3rlimit 50" +#push-options "--z3rlimit 80" +[@@"opaque_to_smt"] let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in let coef2:u8 = @@ -27,6 +28,7 @@ let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficien #pop-options #push-options "--ifuel 1 --z3rlimit 600 --split_queries always" +[@@"opaque_to_smt"] let compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = let coef1:u8 = cast (coefficient1 <: i32) <: u8 in @@ -67,6 +69,7 @@ let compress_coefficients_11_ #pop-options #push-options "--z3rlimit 20" +[@@"opaque_to_smt"] let compress_coefficients_3_ coefficient1 coefficient2 = let coef1:u8 = cast (coefficient1 &. 255us <: u16) <: u8 in get_bit_pow2_minus_one_u16 255 (sz 0); @@ -80,6 +83,7 @@ let compress_coefficients_3_ coefficient1 coefficient2 = #pop-options #push-options "--z3rlimit 60 --split_queries always" +[@@"opaque_to_smt"] let compress_coefficients_5_ coefficient2 coefficient1 coefficient4 coefficient3 coefficient5 coefficient7 coefficient6 coefficient8 = @@ -98,6 +102,7 @@ let compress_coefficients_5_ #pop-options #push-options "--z3rlimit 500" +[@@"opaque_to_smt"] let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in @@ -111,6 +116,7 @@ let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = #pop-options #push-options "--z3rlimit 300" +[@@"opaque_to_smt"] let decompress_coefficients_11_ byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11 = let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 4l <: u8) &. 15uy <: u8) <: i32 in @@ -153,6 +160,7 @@ let decompress_coefficients_4_ byte = #pop-options #push-options "--z3rlimit 400" +[@@"opaque_to_smt"] let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = let coefficient1:i32 = byte1 &. 31l in let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in @@ -189,7 +197,8 @@ let cast_bound_lemma [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] = () -#push-options "--z3rlimit 60" +#push-options "--z3rlimit 90" +[@@"opaque_to_smt"] let int_t_d_cast_lemma #t #u d (n: int_t_d t d) : Lemma (requires bits t < bits u /\ v n >= 0) (ensures bounded (cast #(int_t t) #(int_t u) n) d) @@ -204,7 +213,10 @@ let mul_in_range (n m: nat) Math.Lemmas.pow2_le_compat 32 16 #pop-options +#restart-solver + #push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" +[@@"opaque_to_smt"] let compress_then_serialize_10_ v_OUT_LEN re @@ -284,6 +296,7 @@ let compress_then_serialize_10_ #pop-options #push-options "--fuel 0 --ifuel 0 --z3rlimit 30" +[@@"opaque_to_smt"] let update5 #n (s: t_Array 't n) From 4e198b04c870e736e131701bba1b2e25cc15e91b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 1 Feb 2024 10:03:03 +0100 Subject: [PATCH 17/19] bump rlimits, hints --- .../Libcrux.Kem.Kyber.Serialize.fst.hints | 400 +++++++++--------- .../Libcrux.Kem.Kyber.Serialize.fst | 2 +- 2 files changed, 199 insertions(+), 203 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints index bac4aa6b5..1d74aa4aa 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints @@ -1,5 +1,5 @@ [ - "諾V*\u000e0ny", + "\u0006\\u\u0016%\u0018\u001b\u0002w\u0006v)", [ [ "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", @@ -11,7 +11,7 @@ "refinement_interpretation_Tm_refine_c088daa4a5eac181331aa22c1694881a" ], 0, - "01c27a37f4c8023217d7af9fd97b634c" + "ccd8472371dd3115f9bc72bddbed7445" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", @@ -68,7 +68,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a7b8b5710fa511428682749dfd0cfc12" + "47a78df265c114a1ede02f85d5a82718" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_10_", @@ -243,7 +243,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "9eb7e5344d7b44697e043440e1130e25" + "87131f24ce7643232ed7d2002e135ce3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -258,7 +258,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6a2f8f59f725abc43dd12decc668ae77" + "bb2c1dbfdf25d30ac29d566ece4235f2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -273,7 +273,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "00bc9c0be2cf951204a5bcfc58e87e8c" + "68e3a276c3575ca062102c2d94c461dd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -288,7 +288,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "cde060c53aad65372ee15649a0247fe9" + "30f8c9951332bfe8215925547ad2dcac" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -303,7 +303,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4ad83adee528a2f07bdae7e98765f715" + "0f8eed757051ce331fbae3e78d94ca8c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -318,7 +318,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "d81ffb6e25ec73ab597a179d1a56be4b" + "c119705747a71f2d449de208ef14e768" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -333,7 +333,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "475f5382df8fd4fed01e5647bfaf5370" + "f5c5a6749cb91f78e7e1b0a492a786cf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -348,7 +348,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6d4ad860d9091ba12afa6dabf4eff4fb" + "0269d48391e63ee7003464f07da9a298" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -363,7 +363,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "34b637db935ddd57fbb5f594d01a4e18" + "42a93971450230120ebeee2dd24f3225" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -378,7 +378,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "361751f2efd6f9141ab206fc91444ba8" + "717baccbc8741cc48eb9a3960840fee5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -393,7 +393,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "89a1996e277fd72adbcf459203708aa2" + "06e598a53e3c0ee88c112870647cd0e3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -408,7 +408,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "50e5fafac0f1223afca5160bcd06951c" + "6ff77aebfde37b81cd7b0a58f99b0eb5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -423,7 +423,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "7af238ee61d5a9accd3f0745d60b3285" + "417034a80c13477ade8ca3a7c75a300e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -438,7 +438,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6bac7d9ce7481f08b573590410971c37" + "d0e39c9d464003fd8c851be1ff3ad580" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -453,7 +453,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "daf6423125bb366bdb0fbdc1940d730c" + "04eee1d34e899ef569c6cca38d89234e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -468,7 +468,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c286f13df9429195dcf7100cd7d2319f" + "6073df3c924503aede28fbc3352ad1a8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -483,7 +483,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a2f709d5993c49af44c28ec837e2e9e9" + "611f681a97a80c3f7f161df68adb11f3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -521,7 +521,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "48f567a5b2a76435b10f1f6b1b77315d" + "37d51f78421f0b6e87b300c586e404b0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -563,7 +563,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "ff2e0e850ef2210e20e3ec89eb01e4de" + "d78c379a96fed0b6119f0d90795652bf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -578,7 +578,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "857bfc64c42bded6d70122b3140de085" + "cc3d466370133b513742970f39d337f0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -593,7 +593,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "fcd909c591f95df68b4d996cfcc04150" + "76fe2190be199d71ebff1eec8ab13adb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -606,7 +606,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "637600e7df42a69d3e8ff54a99a68e91" + "d49cc61dbae0d0e97d7889d46119f8e3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -619,7 +619,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "da4e8aa8cd5416513eb329f05134e7ae" + "ab37bbdafba73e1db9435f274881ec22" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -640,7 +640,7 @@ "refinement_interpretation_Tm_refine_a17f0f6ecfa442a79ff1a1721abb0913" ], 0, - "ca2cab67b50831703906895e959756ce" + "3f774b7378d031745dfb796bf8c135d3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -656,7 +656,7 @@ "refinement_interpretation_Tm_refine_96eaf149ca660c51799b17b0997d1167" ], 0, - "53e023a6edd761f9febc518b3c97501a" + "db2d937ccb1dac6cecce0b3af5fa5c68" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -706,7 +706,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "47d4512e03ca333bf3ed0d5072fbf156" + "22d55b5ae57040aa0205402a874fc4cd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -762,7 +762,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ffc72def6b7a9ed562971409c8b4edd9" + "1dfb2195ef566348d311c48e09b43f59" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -818,7 +818,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "659c57f74ee8b4ac202afb32c220182a" + "89eaf196665ea251abca42462434c811" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -875,7 +875,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "53090634afd1bd073b2aec7281cf6403" + "d643ea8d13ff009506fb1503fb63f699" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -930,7 +930,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "61271d9499a96764139dd7f8cfa563ab" + "49b59eb1581064d83c654f19bd6438f4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -982,7 +982,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "447b6c0938b9faa7e79d37b6d24968e2" + "cc51cbc656c4907b72c6383ed51b6856" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1037,7 +1037,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4f57aef31f82014d2117004d4463ede4" + "b37d1151222dbdcf1e52c42eb7058cc0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1092,7 +1092,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "ef57761d383bcdc89ec9abb312c8c41f" + "f22a8f38a1b96519536372d9b5f07d1f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1147,7 +1147,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "63589abb424db92653e9c7f810139c69" + "1e0c8d55ee1ca8050a26c3a3b92fc2a3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1202,7 +1202,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "0e971d76e080a956c084cee8394413be" + "679462064af716e52d2a87ae63376f00" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1257,7 +1257,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "a53ef0302e60940fed83142ccdf7bbdf" + "38d1c6935cd4639205fc77377523726f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1312,7 +1312,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "483b713a49aea3f17f223c27edb11280" + "31bc5bb62b5f7108242dbd97d95207ca" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1367,7 +1367,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5559c7897e1e3bb2b906eeb8e003e13d" + "cbf6249dfb614dd10a0e69398b854903" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1422,7 +1422,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "160d95b8c682999ac54177245f5008e7" + "44e0c8b6fb9177b98867f5d2169f6114" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1474,7 +1474,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "d2b19cad93d1cc84ad29945c7aea156b" + "5e7a4325c471eb4a6e51f86ec1f0b6ed" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1529,7 +1529,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "9d3bffa2a2a6c82ee855337b810dbe7e" + "337c4ec8481fda19cef933328bb30a06" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1584,7 +1584,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "3761e65c2976b194fb2588367f9d4d81" + "0f004d13e8ee10ca9760c059261cd80e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1639,7 +1639,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "cc65f760373ba83e2dcb404b9a877bd7" + "4b653fb1be1ceab0fd04b47dc7797e3f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1652,7 +1652,7 @@ "refinement_interpretation_Tm_refine_87abc91468d73e26e0a719524f400cdf" ], 0, - "261ad44177c0bf8d5d28fcd1ab86c535" + "8d46dee4a4332bd381843ddbe59c38c1" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1701,7 +1701,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "78f8d071a9579470a886c2136bd7abcd" + "48801b977745def6ad85a3636d13bfe7" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1714,7 +1714,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "cd5280d27aa4213b8c1e9e47b2c85cdd" + "18b1084c8e68651ee6dd7d1bd61852d6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1734,7 +1734,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "a5e5cd997f41867e2176d7d4501da9de" + "9cb5e8e64fe71ce07a65f20b0454a280" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1747,7 +1747,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "9f58029301f92a1e1f1337297399e3a8" + "863af353e3ee3bfd73d3d80820676070" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1767,7 +1767,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "b4236d0fef5275eb4836e5791df21e56" + "2bc4f9483926e34588c92dd1aeb3b594" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1780,7 +1780,7 @@ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" ], 0, - "a374d25f56e3fd9a19c7ad8f3b4f523e" + "1bfdbcdca341d2fe8f47fa7e64e7c389" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1829,7 +1829,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5dfd52cae06f2dea0d3d9ee0dd94bce4" + "e3fa79bb446718a727f09dcf0f095205" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1884,7 +1884,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e5ea7cfc0b67f36a88000eecb11b5b44" + "ffeb89717961346d5c8d22a40efef50d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1936,7 +1936,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5d9c60b110bd42cf2941a1c80ccc699f" + "e9917c0bb5b5141f6b959fe28a274da6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1949,7 +1949,7 @@ "refinement_interpretation_Tm_refine_565dea648c13f0b691a90a9878e327b2" ], 0, - "2db5a22cfa6bef54a28c0c47730f3053" + "dde0dd3d87dfeff32e25b40275f599e5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -1998,7 +1998,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "64649dc41d4ba561056bdcc8f11ab118" + "aa6708f743b2b2075c1f30e85d8c5c4a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2011,7 +2011,7 @@ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" ], 0, - "fc840c1417cbbaf73ec0c17fce41d28e" + "5994c67c62625b17e05e3e8eace98efb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2031,7 +2031,7 @@ "refinement_interpretation_Tm_refine_b7df399fd91a8773e998b4f6c4d95540" ], 0, - "a6cf16741380bc17d8c3dd57c586109b" + "ad0c8a3e82a8cf5cd5a4a661647b7ab5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2044,7 +2044,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "a9c7ab17deac92fe59c5485e1974d376" + "af249561a09568fde88cfefedc2defaf" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2064,7 +2064,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "0106aa8b4d3e090451be73e23f4a6552" + "6abf3a21ff621203c9240dfb78a65422" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2316,7 +2316,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "949cbd28d959d4f41985bb16e93d4996" + "f96e8c0ac50890c8aabfef5b668bab80" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2331,7 +2331,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6ae44ac201a4d56dc38740b2668ad723" + "30dda11b77eccdfda59d1d31e6240707" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2346,7 +2346,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "00bc9c0be2cf951204a5bcfc58e87e8c" + "1533c2db3262582ea41904880fbfd11a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2361,7 +2361,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "cde060c53aad65372ee15649a0247fe9" + "0d36cd982093dae7981a82089f272c00" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2376,7 +2376,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "4ad83adee528a2f07bdae7e98765f715" + "04d507ea78941699ab43209fc9ae3c15" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2391,7 +2391,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "d81ffb6e25ec73ab597a179d1a56be4b" + "e06009fb8b60093a1edfe243a3deb04d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2406,7 +2406,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "475f5382df8fd4fed01e5647bfaf5370" + "9031294cde0896276d0b622bdaf67866" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2421,7 +2421,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6d4ad860d9091ba12afa6dabf4eff4fb" + "4b80f54d77b5ff76a60eff1bba35e993" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2436,7 +2436,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "34b637db935ddd57fbb5f594d01a4e18" + "be497b635f778d68dfee57ab3ce3f27b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2451,7 +2451,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "361751f2efd6f9141ab206fc91444ba8" + "a2f51ef335284715930ef680acc2b197" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2466,7 +2466,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "89a1996e277fd72adbcf459203708aa2" + "bf417503cf1893396cf3203d54e7befc" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2481,7 +2481,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "50e5fafac0f1223afca5160bcd06951c" + "4ef809046b68fb5a90d0a657d1d56651" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2496,7 +2496,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "7af238ee61d5a9accd3f0745d60b3285" + "4b35b038ce1753122a1b92d0938181db" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2511,7 +2511,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6bac7d9ce7481f08b573590410971c37" + "82baac9412452fb37a92cf88d08fd000" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2526,7 +2526,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "daf6423125bb366bdb0fbdc1940d730c" + "9f937b72fe3b03a37a6c9bde128eb7c6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2541,7 +2541,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c286f13df9429195dcf7100cd7d2319f" + "2b128f737f25ed8a451731383d7f3f55" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_11_", @@ -2556,7 +2556,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a2f709d5993c49af44c28ec837e2e9e9" + "5d2f2745641471e22665249dbb6f0fa5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2617,7 +2617,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "163cc8380bb20766b43d21884878597d" + "0835f9977ae658b287e6cac36b1eb865" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2789,7 +2789,7 @@ "typing_tok_Lib.IntTypes.U64@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d964a07f964b373d0e55b902b18276d7" + "931f4f7426dae7eaa96f36a234c7194c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_3_", @@ -2805,7 +2805,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "0f16f2594ff57b0b0ee40d426e9f0719" + "631513c60a9cb8a8ae3b80094d1b953b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2820,7 +2820,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "ce83ebe85aba9d902699803e99cbe59d" + "c3344b1e493aff17bf2fc9a8d7f29cc5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2835,7 +2835,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "b8f44f014dc4923b9781b4253cc0fe3f" + "e1d4429384d8f4ffef8f9a8b1bdecc61" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2850,7 +2850,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "35820f8dfa33cc4a196dcf8def5af9e5" + "7df18922fd2c074a673607ae414ef80d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2865,7 +2865,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "418152ba780594a26d0f9b5be6d7a90b" + "912965799f92c491428a2b9026e439e4" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2880,7 +2880,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "492795b7f754b466b4f96374a71d8876" + "f664d1c1de1df7e007724f721e7cba71" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2895,7 +2895,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5c9a09d64950cddb9b1b2cb4636ee922" + "dbe20ff9a685adf7884925f6f701ee5a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2910,7 +2910,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5ad9465557fca1eabf1147772ea8c393" + "93bd4cc5db01e0191b533037d38e9bc6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2925,7 +2925,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "e7c3f30d80bfab66b4ab4c8be397440b" + "930ab22b726dd204775ce3c355521a7e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2940,7 +2940,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "fb13b6dd3f52be559fd0325cc94d4ae4" + "021f4e8274b1ea0d7fc06c40dfa4dbb2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2955,7 +2955,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "3251139072f48e3e76a8a0864f8016c8" + "7c609fd99690e7fa430bde2740e6d655" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2970,7 +2970,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6e7b3b9dc0ee03e47a1599420c19eaec" + "8882fefd6bce724c3a7c0df5f2040407" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -2985,7 +2985,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "02ae6f739996f37041a9ba210ff3ef4b" + "c5d7b5824264bd76ce435a8e62ed6b44" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3000,7 +3000,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "feab48d3226b6703555f1bf438618c37" + "88b15bfd12de152d8f4de61e6d84cbd2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3015,7 +3015,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1aa041f16f8c02c20f28d28dcd7ec57d" + "6f1c61df1bc28f721cc0719c55615b5c" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3030,7 +3030,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a613a385b7180f4a463f2757b2362358" + "e375c529754485f03947130e3c38f00a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3045,7 +3045,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c79d63163722739255dd811d99f33086" + "101ddf6fe4addad147641d38bdcc1612" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3083,7 +3083,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "0957c7d94fbc1e0fb443ac6c4478a369" + "2947e161271e3f4127a88ceba13dc348" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3108,7 +3108,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "26ff1aa9e38ee1fd90235342a96159bc" + "fdc6ee24254791320394b4fa784eb716" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3123,7 +3123,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "466503e07a8715de79f5731e5a9303a3" + "5f367c0e59ff00edd30c8c036f8255bd" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3138,7 +3138,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6ba224f055df911b81b93a3fec35146f" + "2257cd65e327c4b1b2fcfef442a66e69" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3151,7 +3151,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "bb5058e35018c31fafd17158d07f1ddf" + "36e04d7862457b82eb09593affd737a6" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3164,7 +3164,7 @@ "equation_Rust_primitives.Integers.bits" ], 0, - "0c04586472bcf945d1f586dfac248d54" + "bedf14f502fd5d3a9baf0267ca038d2d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3185,7 +3185,7 @@ "refinement_interpretation_Tm_refine_fd0534dae74a1a03c82c48538de4b46a" ], 0, - "889a053d73c953b0368f5f068630eb89" + "ede54b8d458c6a7ed1decb9234e657c3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3237,7 +3237,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "4f101a56104ae3dd330e890f3c8150f0" + "fe60b2494a99a79e3983f8afd7d28a8b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3290,7 +3290,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "dc53d554ae9ae5004bba81c04ef5a0fa" + "09e1c056e173146eba424f3b8e461b52" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3343,7 +3343,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "72f7316a2dc844473afe67cf3802074c" + "8661e6829f3c79445eaa82b00665b7a9" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3396,7 +3396,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5a0138d5182b7b7d59cd7ef508e7d46d" + "f30291b26e9e8b724c0070bbcd61d23e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3451,7 +3451,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "af238a7235ff29b6900d0eced97c90b3" + "caad265ad5647e04535ab99aa866699a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3507,7 +3507,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b943062c664d5b575bfee2f991deb69b" + "ed147dccfa6f948587ab18fbd8323f28" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3562,7 +3562,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fa6e90fb166533ce2ef21192d78dc0bb" + "c62d875b633815eccaf2a104be9556b8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3618,7 +3618,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "8d181fbfccf7248cb7ac5facee396987" + "f70e5367b0f6c7af53faff1d025d6ec8" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3673,7 +3673,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "850ae587c88899529d372cb32eb7714b" + "85dd8edd86a92ec9f708a6c67f808503" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3728,7 +3728,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "41a4916895284010e297cb3103910a1e" + "15ec87363af48d1235f977f7d9af39b3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3783,7 +3783,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "bbc42e3fe65a41a0f3040c98652b71c4" + "b22b1aa328c182544224bf5467643702" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3839,7 +3839,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fa24ee848cd9a2ada7ef4da07a314069" + "b39ad6898422409e6278aab444158bea" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3894,7 +3894,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "c8eba10c5261a9bc415d4c8d67c18d55" + "0dba4abfd1065deca64de613f3313e16" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3949,7 +3949,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "c33847cae332e771ecda6f905ab61da9" + "2aac63edff0db97d82c0b0bbb9b21792" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3962,7 +3962,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "776dfee4f8e8d4b9f2cf991b76d3d966" + "f1de3f74ba8dfd0586fce67bb288a760" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3975,7 +3975,7 @@ "refinement_interpretation_Tm_refine_a5dbf40b319f5394aeaa892d914adf92" ], 0, - "0f87ccb4925d581f788263bf9455a5d7" + "d962e05d56d7ef85295a9ca9e8d27e06" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -3988,7 +3988,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "a3c8859b583374d8dfa4857de02006cf" + "c639641148854686633bbd03a6bd580f" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4002,7 +4002,7 @@ "refinement_interpretation_Tm_refine_8806d22c5428ef45066c60c7edd7684e" ], 0, - "982a13aa51996cbcc75f752c7a4186f2" + "0e46c7f303180c47fef6375406beb743" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4015,7 +4015,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "c67f802d7e65cf8032becb6ae3a51827" + "0b89871368a8e976676fe94f3a8f2be0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4028,7 +4028,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "6dbfff777c18b05581c00580d773bae0" + "5389f15a34044e2d58d98ca6129e17b3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4041,7 +4041,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "3a3b114794d62a4781d3829d62a4a016" + "407a506e190c9b0c21be617f6e4818be" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4054,7 +4054,7 @@ "refinement_interpretation_Tm_refine_4ba98237d50cf0c214103cdb69cef042" ], 0, - "8560c5372e473aeb4274c362b6da1bbc" + "6ad9e39d48214dad164339b7dd3fe025" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4265,7 +4265,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "96891e1f90c3e60155cec0aaedf62acc" + "1d28a711b4c8a2da497ec1e3ccb5c3a0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4280,7 +4280,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "cdfa93184bd1c88018ecf48706a00355" + "7bdf80a35fb8fa100703a120c69fa948" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4295,7 +4295,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "b8f44f014dc4923b9781b4253cc0fe3f" + "73be4dbbc96de3643b03c7157326e886" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4310,7 +4310,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "35820f8dfa33cc4a196dcf8def5af9e5" + "dd57db5d496140f4aa4c7e40ebd15271" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4325,7 +4325,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "418152ba780594a26d0f9b5be6d7a90b" + "b7bcde8fffe22e6d38d0d0323f79e0f3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4340,7 +4340,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "492795b7f754b466b4f96374a71d8876" + "66ad2b9f8159a4b9833cdb1ded3c4f7e" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4355,7 +4355,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5c9a09d64950cddb9b1b2cb4636ee922" + "493d430f0fd15b1d94eaac9df8801262" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4370,7 +4370,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "5ad9465557fca1eabf1147772ea8c393" + "e961e595c1b0a1d60f24571ec8000c64" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4385,7 +4385,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "e7c3f30d80bfab66b4ab4c8be397440b" + "078311a82ed7033941afc9dd338f4ff0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4400,7 +4400,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "fb13b6dd3f52be559fd0325cc94d4ae4" + "d054055601096a9f39af42ee798b2591" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4415,7 +4415,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "3251139072f48e3e76a8a0864f8016c8" + "432860790ac80caabeae60dfc8e488ae" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4430,7 +4430,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "6e7b3b9dc0ee03e47a1599420c19eaec" + "a4810c030fde918949ca3b8a8e597a37" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4445,7 +4445,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "02ae6f739996f37041a9ba210ff3ef4b" + "ef30da171c045c11f0cceff7482b8689" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4460,7 +4460,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "feab48d3226b6703555f1bf438618c37" + "351569453c9abac739200f568b205819" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4475,7 +4475,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "1aa041f16f8c02c20f28d28dcd7ec57d" + "5ae3000630f834aa1ea82ee5bf2ad460" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4490,7 +4490,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "a613a385b7180f4a463f2757b2362358" + "45e2656d9ee4ee5d8deebe91ada45418" ], [ "Libcrux.Kem.Kyber.Serialize.compress_coefficients_5_", @@ -4505,7 +4505,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "c79d63163722739255dd811d99f33086" + "7c16c7e5938fbb8fa8ccfe9151ede411" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4563,7 +4563,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "630b405cfe3c555d1e0d9cbecae03de0" + "79104170450201dd369d569802e71392" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4724,7 +4724,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "4eb3e8127ef8bfc700d990df83be7e50" + "dc511fd7eff87f96907d80830f8d140b" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_10_", @@ -4739,7 +4739,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "06aa892d5a0beec98809ee6e07e39e5f" + "99a45802430108e55d0ecb61a8080340" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4795,7 +4795,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "f9b8c4adcdb43fef7c72a680ea8ddea2" + "0f877d7840ae4ca8267c69819d2719cc" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4973,7 +4973,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "ef03ba327b8919849d5efdda4d0481b3" + "82e730f6155f22d94dc8811aa4f472c4" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_11_", @@ -4988,7 +4988,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "deeed86946518e90c0018bb7ce0fe4d6" + "bb4d83a5c924b73f2e47166515928146" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", @@ -5047,7 +5047,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "777d8a5c8694f4227fc04faf1827266b" + "f72d7723004a87bfd19eff871ebcd7b1" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_4_", @@ -5218,7 +5218,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a7c8d161d00cac3149e6eb5f54ecebe4" + "11b48241cf0f444a609ff71088f70118" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5274,7 +5274,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "fa9a8ac8522fc58d39a7f27948e0c6e4" + "4fc193ede578f8241bc4208fc01b3fac" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5431,7 +5431,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "99c1f759771c6a3d8110f736e0f98501" + "4af6b3a227212174a1be0df9cf87ccf9" ], [ "Libcrux.Kem.Kyber.Serialize.decompress_coefficients_5_", @@ -5446,7 +5446,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "7a574d008364a6ed752f40dbd54b4a6a" + "8ae13eeee2eaa353e6a4931dc10a6a10" ], [ "Libcrux.Kem.Kyber.Serialize.cast_bound_lemma", @@ -5502,7 +5502,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "890a1bbb0c8f0cbb5dda435ca05ae815" + "967d2d15d3b623dd9f71e987aedf6a8a" ], [ "Libcrux.Kem.Kyber.Serialize.int_t_d_cast_lemma", @@ -5588,7 +5588,7 @@ "typing_tok_Lib.IntTypes.S128@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "017955c7b3b1bf0bfad2f3ab72f955aa" + "d68c0a951427b0b785bb7c8be3ce619c" ], [ "Libcrux.Kem.Kyber.Serialize.mul_in_range", @@ -5626,7 +5626,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "d6989f0623613762093351575ee7f6a6" + "a3bb8f8674fab93cfb855837c0d6ceac" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_10_", @@ -5740,7 +5740,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "7babbe9509475b9f2818dc459a503eb9" + "a85abd6f518070a8dd4c9644bc2c753f" ], [ "Libcrux.Kem.Kyber.Serialize.update5", @@ -5796,7 +5796,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "50ebe0a77c5a7ce10dd595cf66432da6" + "78af667b63b11edad4269595af16adb3" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5905,7 +5905,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "218386bca1e114d244f1203686f94886" + "1b6149e8535bf4e4a5dd5eab8067d7eb" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5917,7 +5917,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "15fc8069a1bb17176ad2b87be6f8b30e" + "5d0ed5f73d826cadac09261044273dc2" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_11_", @@ -5966,7 +5966,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "44decd1b4cfd4ca1b42ed26929611d3d" + "30a7dcb54c4a2c6bbbfdc72a62f96f76" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_4_", @@ -6073,7 +6073,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "e3a6ef0136439e9490ab9fc143654145" + "e0a9b2170b8fdff17ebf6820a55be4e5" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6186,7 +6186,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "c40b82d0552b905aec066e753d6b2ce3" + "58257a6d5f0a15d0f9a83944fb9a4d13" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6198,7 +6198,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "5852fac32040fdaaf9e2b92fdd5dc67f" + "b82a8488cd1962e117315f84c5541f6a" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_5_", @@ -6248,7 +6248,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "e133bfb395bfad17492a17aea661729a" + "009a12f7636d697191084da24cf94162" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", @@ -6309,7 +6309,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "5c03f56f54a59da704e8d2639de92e19" + "232d3bd22d7cec3c17c075ae5c498069" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_message", @@ -6402,7 +6402,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "eea3862f2061336f51ce45f003d76293" + "d6a98d7907d9ad0c71845a79ffc49437" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_u", @@ -6459,7 +6459,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "13856de1f08d64767f1c3a308a5c3941" + "7fd60066d0187e3d47b5ebf1430faf5d" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6525,7 +6525,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "bff23ff176ad6ebd3b18932b735a43fd" + "c6fd606dfa4c5629a024e963571a3eb0" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6614,7 +6614,7 @@ "typing_tok_Lib.IntTypes.U64@tok" ], 0, - "598b50757a412a7a52b143d45847f5d4" + "3dd6e0c9381222b3978413456a0f977b" ], [ "Libcrux.Kem.Kyber.Serialize.compress_then_serialize_ring_element_v", @@ -6660,7 +6660,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "33a61e837571f0be1ef3d85349e0ab65" + "ae6e29128fdd8dcb0a3634461336f6b1" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6766,7 +6766,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "bcfbfc1dfe9931f9a70798e7febac7da" + "bca6180305124ccdf0b6999dcc28d747" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6778,7 +6778,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "af43361e7e016b53e8a45a3a7a5db087" + "a50c2dc793cb2c67b76d7d28895d194a" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_10_", @@ -6832,7 +6832,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "be96412b25e5f143c128de38139ae0e0" + "667cb67e88d829202be136b2975d8fc9" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -6934,7 +6934,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "b54aeffaf1b6a639874a095a06f6b947" + "1555d8ae4c34a26a219972279def938c" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -6948,7 +6948,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "31e63ff28b98ca00a4220866d9b372e4" + "66bae3105910c10fcfe981114252615f" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_11_", @@ -6996,7 +6996,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "8e8c379ce754effeae272f49292e53a6" + "8899ea53d7b6b5bbb7fa5c847a07622b" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7101,7 +7101,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "c4d0efe5ca737759cf5e587d19a15df8" + "3d43385f447e8223662226ac6e25eda8" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7113,7 +7113,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "93b8c0271963ac31436cfb2a1c1f7da6" + "a951b045e4d494b7b80cb719a209ad37" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_4_", @@ -7183,7 +7183,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "b8741d50a63695613eb748dae7db92e8" + "2c7aaf8fc329db0f7a52df5fe0ee1dfc" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7319,7 +7319,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "d66f07590913d3312193e8c5e48c9133" + "9bfaa05f26c9858fa259f04161680b67" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7331,7 +7331,7 @@ "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0" ], 0, - "1dced3d2d39429fa4523e708b2d625ea" + "e412452fe28507a6b6833791b306e961" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_5_", @@ -7366,7 +7366,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "06b456a171f7f49cdeb9b23882712372" + "a1c0098a6e3a6a0bdf7fbae1dafe0da6" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7427,7 +7427,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "84621949e2375d65a627be97c4f58267" + "6adffe2256308c51d108b85a8291f214" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7580,7 +7580,7 @@ "typing_tok_Lib.IntTypes.U32@tok", "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "5a66cdd0f861e70a1b5db7e609856485" + "1ffdfa9cf08fc87d5662c0631e88f74f" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_message", @@ -7618,7 +7618,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "adba02a9231a59b20a46b8f181f365e7" + "af790c495a829531bfe053ec19731de1" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", @@ -7665,7 +7665,7 @@ "typing_tok_Lib.IntTypes.PUB@tok" ], 0, - "fd5399bf48cfea857e8c6b88cdf82f50" + "dbe67f790bea92ddd3e549901331e3c3" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_u", @@ -7733,7 +7733,7 @@ "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "7b689dc315e2f712b4807d5cb3371961" + "0b3d6effc193783dcad833592402447b" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", @@ -7791,7 +7791,7 @@ "typing_Spec.Kyber.valid_params" ], 0, - "b4e1b8b8deb9f48fc5b188bc3d87f090" + "2902046d3b34d37d0a9cbb173b73a2f3" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_then_decompress_ring_element_v", @@ -7882,7 +7882,7 @@ "typing_tok_Lib.IntTypes.S32@tok", "typing_tok_Lib.IntTypes.U32@tok" ], 0, - "a56aab3af01daaf712bd4ec5f5eaaedc" + "ae7518b7924624bb1ed14958c9b74b5d" ], [ "Libcrux.Kem.Kyber.Serialize.deserialize_to_uncompressed_ring_element", @@ -7919,7 +7919,6 @@ "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_b", "equation_Libcrux.Kem.Kyber.Arithmetic.i32_range", - "equation_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", "equation_Libcrux.Kem.Kyber.Arithmetic.pow2_31", "equation_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "equation_Prims.nat", "equation_Prims.pos", @@ -7951,8 +7950,7 @@ "equation_Rust_primitives.cast_tc_integers", "equation_Spec.Kyber.v_BYTES_PER_RING_ELEMENT", "function_token_typing_Lib.IntTypes.byte_t", - "function_token_typing_Prims.__cache_version_number__", - "int_inversion", "int_typing", + "function_token_typing_Prims.__cache_version_number__", "int_typing", "interpretation_Tm_abs_b5528c6af917e15cd2e1d2f497d4f1b1", "lemma_FStar.Int32.vu_inv", "lemma_Lib.IntTypes.pow2_2", "lemma_Lib.IntTypes.pow2_4", @@ -7999,8 +7997,6 @@ "token_correspondence_Rust_primitives.cast", "typing_FStar.Int.fits", "typing_FStar.Int32.int_to_t", "typing_FStar.Seq.Base.length", "typing_Lib.IntTypes.maxint", "typing_Lib.IntTypes.v", - "typing_Libcrux.Kem.Kyber.Arithmetic.__proj__Mkt_PolynomialRingElement_b__item__f_coefficients", - "typing_Libcrux.Kem.Kyber.Arithmetic.impl__PolynomialRingElement__ZERO", "typing_Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS", "typing_Rust_primitives.Integers.bits", "typing_Rust_primitives.Integers.get_bit", @@ -8015,7 +8011,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "2013041055be052030b18df27c01564f" + "a6b0fff7dfca38a6f6126a4623df7712" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8053,7 +8049,7 @@ "typing_Rust_primitives.Integers.usize_inttype" ], 0, - "1b6dbfeb97ced72230ffdd86544193fb" + "a1f7d83971fb17d1a5e9c91da689082f" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8156,7 +8152,7 @@ "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.S32@tok" ], 0, - "aecaeed2ebe26f9557da8b132912ab3e" + "da2538089c024b06332f7258176a1bc7" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8170,7 +8166,7 @@ "projection_inverse_BoxInt_proj_0" ], 0, - "26d77d8d965ca16bfc624b05b525a614" + "fa1c61c3351a730325415e9c2f445a5c" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", @@ -8246,7 +8242,7 @@ "typing_Rust_primitives.Integers.v" ], 0, - "7c4de9268d24ba1dba479ce49bda6a17" + "cd2a250d8466917cb0fc7ad8496d6aae" ] ] ] \ No newline at end of file diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index 437293752..ff86fe132 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -1284,7 +1284,7 @@ let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = admit(); //P-F res -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 160" let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = let _:Prims.unit = () <: Prims.unit in let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = From 4f584c013d21711b8f9fa2a31985a70526af8fa6 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 1 Feb 2024 10:33:53 +0100 Subject: [PATCH 18/19] bump rlimits, hints --- .../.hints/Libcrux.Kem.Kyber.Serialize.fst.hints | 4 ++-- .../fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints index 1d74aa4aa..6d2610c4a 100644 --- a/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints +++ b/proofs/fstar/extraction-edited/.hints/Libcrux.Kem.Kyber.Serialize.fst.hints @@ -1,5 +1,5 @@ [ - "\u0006\\u\u0016%\u0018\u001b\u0002w\u0006v)", + "[1\u001d-p\u001a695z\u00106", [ [ "Libcrux.Kem.Kyber.Serialize.int_arr_bitwise_eq", @@ -8011,7 +8011,7 @@ "typing_tok_Lib.IntTypes.U8@tok" ], 0, - "a6b0fff7dfca38a6f6126a4623df7712" + "cf4275373c55a87f388b992affdd1fd4" ], [ "Libcrux.Kem.Kyber.Serialize.serialize_uncompressed_ring_element", diff --git a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst index ff86fe132..dc7a4fa7a 100644 --- a/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst +++ b/proofs/fstar/extraction-edited/Libcrux.Kem.Kyber.Serialize.fst @@ -1284,7 +1284,7 @@ let deserialize_then_decompress_ring_element_v v_COMPRESSION_FACTOR serialized = admit(); //P-F res -#push-options "--z3rlimit 160" +#push-options "--z3rlimit 220" let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = let _:Prims.unit = () <: Prims.unit in let re:Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement = @@ -1335,7 +1335,7 @@ let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = in re #pop-options - + #push-options "--z3rlimit 100" let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in From fcd795e6d33fb44130a9db4c989202bce5d00122 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 1 Feb 2024 11:03:43 +0100 Subject: [PATCH 19/19] patches --- proofs/fstar/extraction-edited.patch | 299 ++++++++---------- .../fstar/extraction-secret-independent.patch | 285 ++++++++--------- 2 files changed, 269 insertions(+), 315 deletions(-) diff --git a/proofs/fstar/extraction-edited.patch b/proofs/fstar/extraction-edited.patch index 62d11c66f..d47933a9c 100644 --- a/proofs/fstar/extraction-edited.patch +++ b/proofs/fstar/extraction-edited.patch @@ -1,5 +1,5 @@ diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst ---- extraction/Libcrux.Digest.fst 2024-01-31 17:22:55.439848529 +0100 +--- extraction/Libcrux.Digest.fst 2024-02-01 11:03:26.797761034 +0100 +++ extraction-edited/Libcrux.Digest.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,48 +0,0 @@ -module Libcrux.Digest @@ -51,8 +51,8 @@ diff -ruN extraction/Libcrux.Digest.fst extraction-edited/Libcrux.Digest.fst - then shake128x4_256_ v_LEN data0 data1 data2 data3 - else shake128x4_portable v_LEN data0 data1 data2 data3 diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti ---- extraction/Libcrux.Digest.fsti 2024-01-31 17:22:55.427848779 +0100 -+++ extraction-edited/Libcrux.Digest.fsti 2024-01-31 17:22:55.502847217 +0100 +--- extraction/Libcrux.Digest.fsti 2024-02-01 11:03:26.785761386 +0100 ++++ extraction-edited/Libcrux.Digest.fsti 2024-02-01 11:03:26.852759421 +0100 @@ -1,31 +1,41 @@ module Libcrux.Digest #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -124,7 +124,7 @@ diff -ruN extraction/Libcrux.Digest.fsti extraction-edited/Libcrux.Digest.fsti +val shake256 (v_LEN: usize) (data: t_Slice u8) : t_Array u8 v_LEN diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst --- extraction/Libcrux.Kem.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Libcrux.Kem.fst 2024-01-31 17:22:55.489847488 +0100 ++++ extraction-edited/Libcrux.Kem.fst 2024-02-01 11:03:26.840759773 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -133,8 +133,8 @@ diff -ruN extraction/Libcrux.Kem.fst extraction-edited/Libcrux.Kem.fst + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.443848446 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.483847613 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.800760946 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.836759890 +0100 @@ -1,81 +1,356 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -532,8 +532,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fst extraction-edited/Libcrux. + + diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.417848987 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.475847780 +0100 +--- extraction/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.775761679 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.829760095 +0100 @@ -3,10 +3,32 @@ open Core open FStar.Mul @@ -567,7 +567,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux let t_FieldElementTimesMontgomeryR = i32 unfold -@@ -16,119 +38,222 @@ +@@ -16,119 +38,211 @@ let v_BARRETT_SHIFT: i64 = 26L @@ -596,11 +596,6 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux -val get_n_least_significant_bits (n: u8) (value: u32) - : Prims.Pure u32 - (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) -+let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = -+ if v m < 0 -+ then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS -+ else v m -+ +let to_spec_fe (m:i32) : Spec.Kyber.field_element = + int_to_spec_fe (v m) + @@ -771,12 +766,6 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux + assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); + p + -+let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial -+ = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in -+ introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS -+ with assert (Seq.index p i == Seq.index p (v (sz i))); -+ p -+ +let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = + to_spec_poly (derefine_poly_b m) + @@ -884,8 +873,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-edited/Libcrux - <: - bool)) diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Kem.Kyber.Compress.fst ---- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.422848883 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.465847988 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.780761533 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.819760389 +0100 @@ -1,39 +1,79 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -989,8 +978,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fst extraction-edited/Libcrux.Ke + res <: Libcrux.Kem.Kyber.Arithmetic.i32_b 3328 +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.Kem.Kyber.Compress.fsti ---- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.404849258 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.497847322 +0100 +--- extraction/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.762762061 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.847759568 +0100 @@ -3,8 +3,19 @@ open Core open FStar.Mul @@ -1056,8 +1045,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Compress.fsti extraction-edited/Libcrux.K + (requires fe =. 0l || fe =. 1l) + (fun result -> v result >= 0 /\ v result < 3329) diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux.Kem.Kyber.Constants.fsti ---- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.437848571 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.467847946 +0100 +--- extraction/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.795761093 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.821760330 +0100 @@ -15,7 +15,8 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -1069,8 +1058,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constants.fsti extraction-edited/Libcrux. let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.445848404 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.478847717 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.802760887 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.832760008 +0100 @@ -4,56 +4,163 @@ open FStar.Mul @@ -1256,8 +1245,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-edited/L + ) +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.441848488 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.485847571 +0100 +--- extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.798761005 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.837759861 +0100 @@ -20,7 +20,8 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1289,8 +1278,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-edited/ + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.fst ---- extraction/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.405849237 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.470847884 +0100 +--- extraction/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.764762002 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.824760242 +0100 @@ -1,12 +1,29 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1565,8 +1554,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fst extraction-edited/Libcrux.Kem.Kyber.f + (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) + diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber.fsti ---- extraction/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.432848675 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.500847259 +0100 +--- extraction/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.791761210 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.850759480 +0100 @@ -4,42 +4,81 @@ open FStar.Mul @@ -1671,8 +1660,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.fsti extraction-edited/Libcrux.Kem.Kyber. + (ensures (fun kp -> + (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.ind_cca_generate_keypair p randomness)) diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.446848384 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.476847759 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.803760858 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.830760066 +0100 @@ -3,18 +3,27 @@ open Core open FStar.Mul @@ -1712,8 +1701,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fst extraction-edited/Libc + admit(); //P-F out diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.400849341 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.505847155 +0100 +--- extraction/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.758762178 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.855759333 +0100 @@ -3,12 +3,24 @@ open Core open FStar.Mul @@ -1744,8 +1733,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-edited/Lib + (forall i. i < v v_K ==> Seq.index res i == Spec.Kyber.v_XOF (sz 840) (Seq.index input i)))) + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.407849196 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.504847176 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.765761973 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.853759392 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2456,8 +2445,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-edited/Libcrux.Kem + res + diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.450848300 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.492847426 +0100 +--- extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.806760770 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.843759685 +0100 @@ -1,80 +1,152 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -2660,8 +2649,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-edited/Libcrux.Ke + + diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.434848633 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.460848092 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.792761181 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.815760506 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2714,8 +2703,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fst extraction-edited/Libcrux.K (sz 3168) (sz 1568) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 17:22:55.429848737 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-01-31 17:22:55.462848050 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-02-01 11:03:26.787761327 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fsti 2024-02-01 11:03:26.816760477 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ @@ -2761,8 +2750,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber1024.fsti extraction-edited/Libcrux. Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.398849383 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.482847634 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.756762236 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.835759920 +0100 @@ -3,37 +3,23 @@ open Core open FStar.Mul @@ -2815,8 +2804,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fst extraction-edited/Libcrux.Ke (sz 1632) (sz 800) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 17:22:55.435848613 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-01-31 17:22:55.457848154 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber512.fsti 2024-02-01 11:03:26.794761122 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber512.fsti 2024-02-01 11:03:26.812760594 +0100 @@ -63,32 +63,27 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ @@ -2862,8 +2851,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber512.fsti extraction-edited/Libcrux.K Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.402849300 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.480847675 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.760762119 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.833759978 +0100 @@ -3,37 +3,24 @@ open Core open FStar.Mul @@ -2917,8 +2906,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fst extraction-edited/Libcrux.Ke (sz 2400) (sz 1184) diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.425848821 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.468847925 +0100 +--- extraction/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.784761415 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.822760301 +0100 @@ -63,32 +63,30 @@ Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ @@ -2973,8 +2962,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Kyber768.fsti extraction-edited/Libcrux.K + (ensures (fun kp -> (kp.f_sk.f_value,kp.f_pk.f_value) == Spec.Kyber.kyber768_generate_keypair randomness)) + diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem.Kyber.Matrix.fst ---- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.412849091 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.509847072 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.770761826 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.858759245 +0100 @@ -3,192 +3,188 @@ open Core open FStar.Mul @@ -3765,8 +3754,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fst extraction-edited/Libcrux.Kem. + admit(); //P-F v_A_transpose diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.418848967 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.491847446 +0100 +--- extraction/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.777761621 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.842759714 +0100 @@ -3,39 +3,71 @@ open Core open FStar.Mul @@ -3869,8 +3858,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Matrix.fsti extraction-edited/Libcrux.Kem + if transpose then Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == matrix_A + else Libcrux.Kem.Kyber.Arithmetic.to_spec_matrix_b #p res == Spec.Kyber.matrix_transpose matrix_A) diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyber.Ntt.fst ---- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.420848925 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.473847821 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.779761562 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.827760154 +0100 @@ -1,56 +1,130 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -4801,8 +4790,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fst extraction-edited/Libcrux.Kem.Kyb + down_cast_poly_b #(8*3328) #3328 re +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.424848842 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.455848196 +0100 +--- extraction/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.782761474 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.811760624 +0100 @@ -2,223 +2,80 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -5095,8 +5084,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Ntt.fsti extraction-edited/Libcrux.Kem.Ky + (ensures fun _ -> True) + diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Kem.Kyber.Sampling.fst ---- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.448848342 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.498847301 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.805760800 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.849759509 +0100 @@ -3,27 +3,34 @@ open Core open FStar.Mul @@ -5509,8 +5498,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fst extraction-edited/Libcrux.Ke + out +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.415849029 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.507847113 +0100 +--- extraction/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.774761709 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.856759304 +0100 @@ -3,77 +3,37 @@ open Core open FStar.Mul @@ -5611,9 +5600,9 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Sampling.fsti extraction-edited/Libcrux.K +// (ensures fun result -> (forall i. v (result.f_coefficients.[i]) >= 0)) + diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.Kem.Kyber.Serialize.fst ---- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.430848717 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.463848030 +0100 -@@ -1,8 +1,13 @@ +--- extraction/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.789761269 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.818760418 +0100 +@@ -1,8 +1,14 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" @@ -5624,17 +5613,19 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K + +open MkSeq + -+#push-options "--z3rlimit 50" ++#push-options "--z3rlimit 80" ++[@@"opaque_to_smt"] let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in let coef2:u8 = -@@ -19,11 +24,11 @@ +@@ -19,11 +25,12 @@ in let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) +#pop-options +#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" ++[@@"opaque_to_smt"] let compress_coefficients_11_ - (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: - i32) @@ -5643,7 +5634,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coef1:u8 = cast (coefficient1 <: i32) <: u8 in let coef2:u8 = ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 2l <: u8) in coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) @@ -5682,6 +5675,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K -let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = +#push-options "--z3rlimit 500" ++[@@"opaque_to_smt"] +let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 2l <: i32) in @@ -5696,6 +5690,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K +#pop-options +#push-options "--z3rlimit 300" ++[@@"opaque_to_smt"] let decompress_coefficients_11_ - (byte2 byte1 byte3 byte5 byte4 byte6 byte7 byte9 byte8 byte10 byte11: i32) - = @@ -5703,7 +5698,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:i32 = ((byte2 &. 7l <: i32) <>! 3l <: i32) in let coefficient3:i32 = -@@ -109,6 +125,14 @@ +@@ -109,6 +131,14 @@ in let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in let coefficient8:i32 = (byte11 <>! 5l <: i32) in @@ -5718,7 +5713,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K coefficient1, coefficient2, coefficient3, -@@ -117,15 +141,19 @@ +@@ -117,15 +147,21 @@ coefficient6, coefficient7, coefficient8 @@ -5728,22 +5723,25 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K -let decompress_coefficients_4_ (byte: u8) = +#push-options "--z3rlimit 50" ++[@@"opaque_to_smt"] +let decompress_coefficients_4_ byte = let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in let coefficient2:i32 = cast ((byte >>! 4l <: u8) &. 15uy <: u8) <: i32 in - coefficient1, coefficient2 <: (i32 & i32) +- +-let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = + lemma_get_bit_bounded' coefficient1 4; + lemma_get_bit_bounded' coefficient2 4; + coefficient1, coefficient2 +#pop-options - --let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = ++ +#push-options "--z3rlimit 400" ++[@@"opaque_to_smt"] +let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = let coefficient1:i32 = byte1 &. 31l in let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -@@ -134,6 +162,14 @@ +@@ -134,6 +170,14 @@ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in let coefficient8:i32 = byte5 >>! 3l in @@ -5758,14 +5756,14 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K coefficient1, coefficient2, coefficient3, -@@ -142,31 +178,50 @@ +@@ -142,31 +186,54 @@ coefficient6, coefficient7, coefficient8 - <: - (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) +#pop-options - ++ +let cast_bound_lemma + #t #u + (n: int_t t) @@ -5775,7 +5773,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K + [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] + = () + -+#push-options "--z3rlimit 60" ++#push-options "--z3rlimit 90" ++[@@"opaque_to_smt"] +let int_t_d_cast_lemma #t #u d (n: int_t_d t d) + : Lemma (requires bits t < bits u /\ v n >= 0) + (ensures bounded (cast #(int_t t) #(int_t u) n) d) @@ -5789,8 +5788,11 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K + = Math.Lemmas.pow2_plus 8 8; + Math.Lemmas.pow2_le_compat 32 16 +#pop-options + ++#restart-solver + +#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" ++[@@"opaque_to_smt"] let compress_then_serialize_10_ - (v_OUT_LEN: usize) - (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) @@ -5828,13 +5830,14 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:i32 = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -@@ -226,79 +281,95 @@ +@@ -226,79 +293,96 @@ serialized) in serialized +#pop-options -+ + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" ++[@@"opaque_to_smt"] +let update5 + #n + (s: t_Array 't n) @@ -5856,7 +5859,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K + let s = update_at_usize s (offset +! sz 4) i4 in + s +#pop-options - ++ +#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" let compress_then_serialize_11_ - (v_OUT_LEN: usize) @@ -5948,7 +5951,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 ) -@@ -324,6 +395,8 @@ +@@ -324,6 +408,8 @@ coefficient7 coefficient8 in @@ -5957,7 +5960,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 11 *! i <: usize) -@@ -382,29 +455,20 @@ +@@ -382,29 +468,20 @@ serialized) in serialized @@ -5995,7 +5998,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -@@ -439,27 +503,20 @@ +@@ -439,27 +516,20 @@ serialized let compress_then_serialize_5_ @@ -6032,7 +6035,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -@@ -544,6 +601,14 @@ +@@ -544,6 +614,14 @@ <: u8 in @@ -6047,7 +6050,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient8:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -@@ -566,6 +631,8 @@ +@@ -566,6 +644,8 @@ coefficient6 coefficient8 in @@ -6056,7 +6059,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 5 *! i <: usize) -@@ -595,35 +662,24 @@ +@@ -595,35 +675,24 @@ in serialized @@ -6102,7 +6105,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient in -@@ -636,27 +692,35 @@ +@@ -636,27 +705,35 @@ <: t_Array u8 (sz 32)) in @@ -6147,7 +6150,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 4ul -> compress_then_serialize_4_ v_OUT_LEN re | 5ul -> compress_then_serialize_5_ v_OUT_LEN re -@@ -665,32 +729,49 @@ +@@ -665,32 +742,49 @@ <: Rust_primitives.Hax.t_Never) @@ -6216,7 +6219,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -698,14 +779,12 @@ +@@ -698,14 +792,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 4 *! i <: usize) @@ -6234,7 +6237,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -713,14 +792,12 @@ +@@ -713,14 +805,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 1 <: usize) @@ -6252,7 +6255,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -728,14 +805,12 @@ +@@ -728,14 +818,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 2 <: usize) @@ -6270,7 +6273,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -743,44 +818,43 @@ +@@ -743,44 +831,43 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 3 <: usize) @@ -6341,7 +6344,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1, coefficient2, -@@ -789,11 +863,21 @@ +@@ -789,11 +876,21 @@ coefficient5, coefficient6, coefficient7, @@ -6365,7 +6368,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -801,14 +885,12 @@ +@@ -801,14 +898,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 8 *! i <: usize) @@ -6383,7 +6386,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -816,14 +898,12 @@ +@@ -816,14 +911,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 1 <: usize) @@ -6401,7 +6404,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -831,14 +911,12 @@ +@@ -831,14 +924,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 2 <: usize) @@ -6419,7 +6422,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -846,14 +924,12 @@ +@@ -846,14 +937,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 3 <: usize) @@ -6437,7 +6440,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -861,14 +937,12 @@ +@@ -861,14 +950,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 4 <: usize) @@ -6455,7 +6458,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -876,14 +950,12 @@ +@@ -876,14 +963,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 5 <: usize) @@ -6473,7 +6476,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -891,14 +963,12 @@ +@@ -891,14 +976,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 6 <: usize) @@ -6491,7 +6494,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -906,35 +976,33 @@ +@@ -906,35 +989,33 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 7 <: usize) @@ -6542,7 +6545,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -947,9 +1015,9 @@ +@@ -947,9 +1028,9 @@ i32) } <: @@ -6554,7 +6557,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -962,33 +1030,32 @@ +@@ -962,33 +1043,32 @@ i32) } <: @@ -6605,7 +6608,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1, coefficient2, -@@ -997,10 +1064,25 @@ +@@ -997,10 +1077,25 @@ coefficient5, coefficient6, coefficient7, @@ -6633,7 +6636,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1008,14 +1090,12 @@ +@@ -1008,14 +1103,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 8 *! i <: usize) @@ -6651,7 +6654,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1023,14 +1103,12 @@ +@@ -1023,14 +1116,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 1 <: usize) @@ -6669,7 +6672,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1038,14 +1116,12 @@ +@@ -1038,14 +1129,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 2 <: usize) @@ -6687,7 +6690,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1053,14 +1129,12 @@ +@@ -1053,14 +1142,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 3 <: usize) @@ -6705,7 +6708,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1068,14 +1142,12 @@ +@@ -1068,14 +1155,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 4 <: usize) @@ -6723,7 +6726,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1083,14 +1155,12 @@ +@@ -1083,14 +1168,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 5 <: usize) @@ -6741,7 +6744,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1098,14 +1168,12 @@ +@@ -1098,14 +1181,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 6 <: usize) @@ -6759,7 +6762,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1113,33 +1181,27 @@ +@@ -1113,33 +1194,27 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 7 <: usize) @@ -6803,7 +6806,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let i, byte:(usize & u8) = temp_1_ in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; -@@ -1151,10 +1213,11 @@ +@@ -1151,10 +1226,11 @@ Core.Ops.Range.t_Range usize) re (fun re j -> @@ -6817,7 +6820,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1168,19 +1231,20 @@ +@@ -1168,19 +1244,20 @@ i32) } <: @@ -6844,7 +6847,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 10ul -> deserialize_then_decompress_10_ serialized | 11ul -> deserialize_then_decompress_11_ serialized -@@ -1190,11 +1254,11 @@ +@@ -1190,11 +1267,11 @@ <: Rust_primitives.Hax.t_Never) @@ -6860,7 +6863,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 4ul -> deserialize_then_decompress_4_ serialized | 5ul -> deserialize_then_decompress_5_ serialized -@@ -1203,27 +1267,32 @@ +@@ -1203,27 +1280,32 @@ <: Rust_primitives.Hax.t_Never) @@ -6869,7 +6872,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K + res -let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = -+#push-options "--z3rlimit 100" ++#push-options "--z3rlimit 220" +let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = let _:Prims.unit = () <: Prims.unit in - let re:Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement = @@ -6909,7 +6912,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1231,12 +1300,12 @@ +@@ -1231,12 +1313,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 2 *! i <: usize) @@ -6925,7 +6928,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1244,34 +1313,43 @@ +@@ -1244,34 +1326,28 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 2 *! i <: usize) +! sz 1 <: usize) @@ -6940,23 +6943,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K in re +#pop-options -+ -+module A = Libcrux.Kem.Kyber.Arithmetic -let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = -+let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) -+ : Lemma -+ (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) -+ (ensures p1 == p2) -+ = admit () -+ -+let eq_rw #len (re_poly: t_Array nat len) -+ : Lemma ( -+ -+ bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) -+ ) -+ = admit () -+ +#push-options "--z3rlimit 100" +let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in @@ -6985,7 +6973,7 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let coefficient1:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) in -@@ -1281,6 +1359,8 @@ +@@ -1281,6 +1357,8 @@ let coef1, coef2, coef3:(u8 & u8 & u8) = compress_coefficients_3_ coefficient1 coefficient2 in @@ -6994,24 +6982,15 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fst extraction-edited/Libcrux.K let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 3 *! i <: usize) -@@ -1298,4 +1378,13 @@ - in +@@ -1299,3 +1377,4 @@ serialized) in -+ // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); -+ // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); -+ let re_poly = A.wf_poly_to_spec_poly re in -+ assert ( -+ bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) -+ == Spec.Kyber.byte_encode 12 re_poly -+ ); -+ admit (); serialized +#pop-options diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.410849133 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.494847384 +0100 -@@ -2,118 +2,195 @@ +--- extraction/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.769761855 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.845759626 +0100 +@@ -2,118 +2,193 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -7268,15 +7247,13 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Serialize.fsti extraction-edited/Libcrux. + (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) + (ensures fun _ -> True) + -+module A = Libcrux.Kem.Kyber.Arithmetic -+ +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) + : Pure (t_Array u8 (sz 384)) + (requires True) -+ (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) ++ (ensures (fun res -> True)) diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.Kyber.Types.fst ---- extraction/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.414849050 +0100 -+++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.487847530 +0100 +--- extraction/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.772761767 +0100 ++++ extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.839759802 +0100 @@ -3,31 +3,33 @@ open Core open FStar.Mul @@ -7547,8 +7524,8 @@ diff -ruN extraction/Libcrux.Kem.Kyber.Types.fst extraction-edited/Libcrux.Kem.K + (self: t_KyberKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : t_Array u8 v_PRIVATE_KEY_SIZE = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fsti ---- extraction/Libcrux_platform.fsti 2024-01-31 17:22:55.409849154 +0100 -+++ extraction-edited/Libcrux_platform.fsti 2024-01-31 17:22:55.472847842 +0100 +--- extraction/Libcrux_platform.fsti 2024-02-01 11:03:26.767761914 +0100 ++++ extraction-edited/Libcrux_platform.fsti 2024-02-01 11:03:26.826760184 +0100 @@ -1,20 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -7573,7 +7550,7 @@ diff -ruN extraction/Libcrux_platform.fsti extraction-edited/Libcrux_platform.fs +val simd256_support: bool diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst --- extraction/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/MkSeq.fst 2024-01-31 17:22:55.459848113 +0100 ++++ extraction-edited/MkSeq.fst 2024-02-01 11:03:26.814760535 +0100 @@ -0,0 +1,91 @@ +module MkSeq +open Core @@ -7668,7 +7645,7 @@ diff -ruN extraction/MkSeq.fst extraction-edited/MkSeq.fst +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction/Spec.Kyber.fst extraction-edited/Spec.Kyber.fst --- extraction/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-edited/Spec.Kyber.fst 2024-01-31 17:22:55.495847363 +0100 ++++ extraction-edited/Spec.Kyber.fst 2024-02-01 11:03:26.846759597 +0100 @@ -0,0 +1,433 @@ +module Spec.Kyber +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" diff --git a/proofs/fstar/extraction-secret-independent.patch b/proofs/fstar/extraction-secret-independent.patch index cf6406004..2bade06c4 100644 --- a/proofs/fstar/extraction-secret-independent.patch +++ b/proofs/fstar/extraction-secret-independent.patch @@ -1,6 +1,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.483847613 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-01-31 17:22:55.560846010 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.836759890 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fst 2024-02-01 11:03:26.911757691 +0100 @@ -1,356 +1,81 @@ module Libcrux.Kem.Kyber.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -397,8 +397,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fst extraction-secret-i - - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.475847780 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-01-31 17:22:55.551846197 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.829760095 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Arithmetic.fsti 2024-02-01 11:03:26.901757984 +0100 @@ -3,32 +3,10 @@ open Core open FStar.Mul @@ -432,7 +432,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- let t_FieldElementTimesMontgomeryR = i32 unfold -@@ -36,224 +14,122 @@ +@@ -36,213 +14,122 @@ let v_BARRETT_MULTIPLIER: i64 = 20159L @@ -461,11 +461,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- - m_v + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS - else m_v - --let wf_fe_to_spec_fe (m: wfFieldElement): Spec.Kyber.field_element = -- if v m < 0 -- then v m + v Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS -- else v m -- -let to_spec_fe (m:i32) : Spec.Kyber.field_element = - int_to_spec_fe (v m) - @@ -638,12 +633,6 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- - assert (forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS); - p - --let wf_poly_to_spec_poly (re: wfPolynomialRingElement): Spec.Kyber.polynomial -- = let p = Spec.Kyber.map' (fun x -> wf_fe_to_spec_fe x <: nat) re.f_coefficients in -- introduce forall i. Seq.index p i < v Spec.Kyber.v_FIELD_MODULUS -- with assert (Seq.index p i == Seq.index p (v (sz i))); -- p -- -let to_spec_poly_b #b (m:t_PolynomialRingElement_b b) : (Spec.Kyber.polynomial) = - to_spec_poly (derefine_poly_b m) - @@ -755,8 +744,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Arithmetic.fsti extraction-secret- + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.465847988 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-01-31 17:22:55.538846468 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.819760389 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fst 2024-02-01 11:03:26.888758365 +0100 @@ -1,79 +1,39 @@ module Libcrux.Kem.Kyber.Compress -#set-options "--fuel 0 --ifuel 0 --z3rlimit 200" @@ -861,8 +850,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fst extraction-secret-ind + (Core.Ops.Arith.Neg.neg fe <: i32) &. + ((Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS +! 1l <: i32) /! 2l <: i32) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.497847322 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-01-31 17:22:55.561845989 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.847759568 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Compress.fsti 2024-02-01 11:03:26.913757632 +0100 @@ -3,42 +3,44 @@ open Core open FStar.Mul @@ -934,8 +923,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Compress.fsti extraction-secret-in - (fun result -> v result >= 0 /\ v result < 3329) + : Prims.Pure i32 (requires fe =. 0l || fe =. 1l) (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.467847946 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-01-31 17:22:55.546846301 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.821760330 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constants.fsti 2024-02-01 11:03:26.896758131 +0100 @@ -15,8 +15,7 @@ let v_FIELD_MODULUS: i32 = 3329l @@ -947,8 +936,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constants.fsti extraction-secret-i let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 168 *! sz 5 diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.478847717 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-01-31 17:22:55.520846843 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.832760008 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fst 2024-02-01 11:03:26.869758923 +0100 @@ -4,163 +4,61 @@ open FStar.Mul @@ -1137,8 +1126,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fst extraction-s -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.485847571 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-01-31 17:22:55.554846135 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.837759861 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Constant_time_ops.fsti 2024-02-01 11:03:26.905757867 +0100 @@ -20,26 +20,30 @@ val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) @@ -1182,7 +1171,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Constant_time_ops.fsti extraction- + result = rhs <: bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst --- extraction-edited/Libcrux.Kem.Kyber.Conversions.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-01-31 17:22:55.517846905 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Conversions.fst 2024-02-01 11:03:26.865759040 +0100 @@ -0,0 +1,87 @@ +module Libcrux.Kem.Kyber.Conversions +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1273,8 +1262,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Conversions.fst extraction-secret- + cast (fe +! ((fe >>! 15l <: i32) &. Libcrux.Kem.Kyber.Constants.v_FIELD_MODULUS <: i32)) <: u16 \ Pas de fin de ligne à la fin du fichier diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/Libcrux.Kem.Kyber.fst ---- extraction-edited/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.470847884 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-01-31 17:22:55.535846530 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.824760242 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fst 2024-02-01 11:03:26.885758453 +0100 @@ -1,29 +1,12 @@ module Libcrux.Kem.Kyber -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -1518,8 +1507,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fst extraction-secret-independent/ (Core.Convert.f_into public_key <: Libcrux.Kem.Kyber.Types.t_KyberPublicKey v_PUBLIC_KEY_SIZE) - diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent/Libcrux.Kem.Kyber.fsti ---- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.500847259 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-01-31 17:22:55.544846343 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.850759480 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.fsti 2024-02-01 11:03:26.895758160 +0100 @@ -10,75 +10,31 @@ Libcrux.Kem.Kyber.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! Libcrux.Kem.Kyber.Constants.v_SHARED_SECRET_SIZE @@ -1609,8 +1598,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.fsti extraction-secret-independent + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.476847759 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-01-31 17:22:55.543846364 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.830760066 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fst 2024-02-01 11:03:26.893758219 +0100 @@ -3,27 +3,18 @@ open Core open FStar.Mul @@ -1659,8 +1648,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fst extraction-secr - admit(); //P-F out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.505847155 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-01-31 17:22:55.519846863 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.855759333 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Hash_functions.fsti 2024-02-01 11:03:26.867758981 +0100 @@ -3,24 +3,12 @@ open Core open FStar.Mul @@ -1692,7 +1681,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Hash_functions.fsti extraction-sec + : Prims.Pure (t_Array (t_Array u8 (sz 840)) v_K) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst --- extraction-edited/Libcrux.Kem.Kyber.Helper.fst 1970-01-01 01:00:00.000000000 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-01-31 17:22:55.552846176 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Helper.fst 2024-02-01 11:03:26.903757925 +0100 @@ -0,0 +1,6 @@ +module Libcrux.Kem.Kyber.Helper +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -1701,8 +1690,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Helper.fst extraction-secret-indep + + diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.504847176 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-01-31 17:22:55.548846259 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.853759392 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fst 2024-02-01 11:03:26.898758072 +0100 @@ -1,5 +1,5 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2413,8 +2402,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fst extraction-secret-inde - res - diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.492847426 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-01-31 17:22:55.515846947 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.843759685 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ind_cpa.fsti 2024-02-01 11:03:26.864759069 +0100 @@ -1,152 +1,80 @@ module Libcrux.Kem.Kyber.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -2617,8 +2606,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ind_cpa.fsti extraction-secret-ind + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.460848092 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-01-31 17:22:55.525846739 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.815760506 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber1024.fst 2024-02-01 11:03:26.874758776 +0100 @@ -3,23 +3,22 @@ open Core open FStar.Mul @@ -2652,8 +2641,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber1024.fst extraction-secret-in (sz 3168) (sz 1568) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.482847634 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-01-31 17:22:55.564845926 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.835759920 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber512.fst 2024-02-01 11:03:26.917757515 +0100 @@ -5,21 +5,20 @@ let decapsulate_512_ @@ -2684,8 +2673,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber512.fst extraction-secret-ind (sz 1632) (sz 800) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.480847675 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-01-31 17:22:55.558846051 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.833759978 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fst 2024-02-01 11:03:26.910757720 +0100 @@ -3,24 +3,22 @@ open Core open FStar.Mul @@ -2719,8 +2708,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fst extraction-secret-ind (sz 2400) (sz 1184) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.468847925 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-01-31 17:22:55.530846634 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.822760301 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Kyber768.fsti 2024-02-01 11:03:26.879758629 +0100 @@ -74,19 +74,16 @@ val decapsulate_768_ (secret_key: Libcrux.Kem.Kyber.Types.t_KyberPrivateKey (sz 2400)) @@ -2749,8 +2738,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Kyber768.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.509847072 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-01-31 17:22:55.533846572 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.858759245 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fst 2024-02-01 11:03:26.883758512 +0100 @@ -3,418 +3,432 @@ open Core open FStar.Mul @@ -3559,8 +3548,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fst extraction-secret-indep - admit(); //P-F v_A_transpose diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.491847446 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-01-31 17:22:55.555846114 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.842759714 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Matrix.fsti 2024-02-01 11:03:26.906757837 +0100 @@ -3,71 +3,39 @@ open Core open FStar.Mul @@ -3663,8 +3652,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Matrix.fsti extraction-secret-inde + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.473847821 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-01-31 17:22:55.541846405 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.827760154 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fst 2024-02-01 11:03:26.892758248 +0100 @@ -1,130 +1,56 @@ module Libcrux.Kem.Kyber.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" @@ -4595,8 +4584,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fst extraction-secret-independ -#pop-options + re diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.455848196 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-01-31 17:22:55.563845947 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.811760624 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Ntt.fsti 2024-02-01 11:03:26.915757574 +0100 @@ -2,80 +2,224 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core @@ -4890,8 +4879,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Ntt.fsti extraction-secret-indepen + <: + bool)) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.498847301 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-01-31 17:22:55.514846968 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.849759509 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fst 2024-02-01 11:03:26.862759128 +0100 @@ -3,34 +3,27 @@ open Core open FStar.Mul @@ -5328,8 +5317,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fst extraction-secret-ind -#pop-options + out diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.507847113 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-01-31 17:22:55.549846239 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.856759304 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Sampling.fsti 2024-02-01 11:03:26.899758043 +0100 @@ -3,37 +3,77 @@ open Core open FStar.Mul @@ -5430,9 +5419,9 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Sampling.fsti extraction-secret-in + Prims.l_True + (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.463848030 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-01-31 17:22:55.532846593 +0100 -@@ -1,13 +1,8 @@ +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.818760418 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fst 2024-02-01 11:03:26.881758571 +0100 +@@ -1,14 +1,8 @@ module Libcrux.Kem.Kyber.Serialize -#set-options "--fuel 0 --ifuel 0 --z3rlimit 50 --retry 3" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -5443,17 +5432,19 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - -open MkSeq - --#push-options "--z3rlimit 50" +-#push-options "--z3rlimit 80" +-[@@"opaque_to_smt"] let compress_coefficients_10_ (coefficient1 coefficient2 coefficient3 coefficient4: i32) = let coef1:u8 = cast (coefficient1 &. 255l <: i32) <: u8 in let coef2:u8 = -@@ -24,11 +19,11 @@ +@@ -25,12 +19,11 @@ in let coef5:u8 = cast ((coefficient4 >>! 2l <: i32) &. 255l <: i32) <: u8 in coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -#pop-options -#push-options "--ifuel 1 --z3rlimit 600 --split_queries always" +-[@@"opaque_to_smt"] let compress_coefficients_11_ - coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = + (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: @@ -5462,13 +5453,14 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coef1:u8 = cast (coefficient1 <: i32) <: u8 in let coef2:u8 = ((cast (coefficient2 &. 31l <: i32) <: u8) <>! 2l <: u8) in coef1, coef2, coef3, coef4, coef5 <: (u8 & u8 & u8 & u8 & u8) -#pop-options -#push-options "--z3rlimit 500" +-[@@"opaque_to_smt"] -let decompress_coefficients_10_ byte2 byte1 byte3 byte4 byte5 = +let decompress_coefficients_10_ (byte2 byte1 byte3 byte4 byte5: i32) = let coefficient1:i32 = ((byte2 &. 3l <: i32) <>! 3l <: i32) in let coefficient3:i32 = -@@ -125,14 +109,6 @@ +@@ -131,14 +109,6 @@ in let coefficient7:i32 = ((byte10 &. 31l <: i32) <>! 2l <: i32) in let coefficient8:i32 = (byte11 <>! 5l <: i32) in @@ -5537,7 +5532,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in coefficient1, coefficient2, coefficient3, -@@ -141,19 +117,15 @@ +@@ -147,21 +117,15 @@ coefficient6, coefficient7, coefficient8 @@ -5546,6 +5541,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in + (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -#push-options "--z3rlimit 50" +-[@@"opaque_to_smt"] -let decompress_coefficients_4_ byte = +let decompress_coefficients_4_ (byte: u8) = let coefficient1:i32 = cast (byte &. 15uy <: u8) <: i32 in @@ -5554,15 +5550,17 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - lemma_get_bit_bounded' coefficient2 4; - coefficient1, coefficient2 -#pop-options -+ coefficient1, coefficient2 <: (i32 & i32) - +- -#push-options "--z3rlimit 400" +-[@@"opaque_to_smt"] -let decompress_coefficients_5_ byte1 byte2 byte3 byte4 byte5 = ++ coefficient1, coefficient2 <: (i32 & i32) ++ +let decompress_coefficients_5_ (byte1 byte2 byte3 byte4 byte5: i32) = let coefficient1:i32 = byte1 &. 31l in let coefficient2:i32 = ((byte2 &. 3l <: i32) <>! 5l <: i32) in let coefficient3:i32 = (byte2 >>! 2l <: i32) &. 31l in -@@ -162,14 +134,6 @@ +@@ -170,14 +134,6 @@ let coefficient6:i32 = (byte4 >>! 1l <: i32) &. 31l in let coefficient7:i32 = ((byte5 &. 7l <: i32) <>! 6l <: i32) in let coefficient8:i32 = byte5 >>! 3l in @@ -5577,7 +5575,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in coefficient1, coefficient2, coefficient3, -@@ -178,50 +142,31 @@ +@@ -186,54 +142,31 @@ coefficient6, coefficient7, coefficient8 @@ -5592,7 +5590,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - [SMTPat (bounded n d); SMTPat (cast #(int_t t) #(int_t u) n)] - = () - --#push-options "--z3rlimit 60" +-#push-options "--z3rlimit 90" +-[@@"opaque_to_smt"] -let int_t_d_cast_lemma #t #u d (n: int_t_d t d) - : Lemma (requires bits t < bits u /\ v n >= 0) - (ensures bounded (cast #(int_t t) #(int_t u) n) d) @@ -5606,10 +5605,13 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - = Math.Lemmas.pow2_plus 8 8; - Math.Lemmas.pow2_le_compat 32 16 -#pop-options +- +-#restart-solver + <: + (i32 & i32 & i32 & i32 & i32 & i32 & i32 & i32) -#push-options "--fuel 0 --ifuel 1 --query_stats --z3rlimit 100" +-[@@"opaque_to_smt"] let compress_then_serialize_10_ - v_OUT_LEN - re @@ -5647,13 +5649,14 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1:i32 = Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 10uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32 -@@ -281,95 +226,79 @@ +@@ -293,96 +226,79 @@ serialized) in serialized -#pop-options -- + -#push-options "--fuel 0 --ifuel 0 --z3rlimit 30" +-[@@"opaque_to_smt"] -let update5 - #n - (s: t_Array 't n) @@ -5675,7 +5678,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - let s = update_at_usize s (offset +! sz 4) i4 in - s -#pop-options - +- -#push-options "--fuel 0 --ifuel 1 --z3rlimit 100 --query_stats --split_queries no" let compress_then_serialize_11_ - v_OUT_LEN re @@ -5767,7 +5770,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 11uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] <: i32 ) -@@ -395,8 +324,6 @@ +@@ -408,8 +324,6 @@ coefficient7 coefficient8 in @@ -5776,7 +5779,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 11 *! i <: usize) -@@ -455,20 +382,29 @@ +@@ -468,20 +382,29 @@ serialized) in serialized @@ -5814,7 +5817,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 4uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -@@ -503,20 +439,27 @@ +@@ -516,20 +439,27 @@ serialized let compress_then_serialize_5_ @@ -5851,7 +5854,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] -@@ -601,14 +544,6 @@ +@@ -614,14 +544,6 @@ <: u8 in @@ -5866,7 +5869,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient8:u8 = cast (Libcrux.Kem.Kyber.Compress.compress_ciphertext_coefficient 5uy (Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 7 ] -@@ -631,8 +566,6 @@ +@@ -644,8 +566,6 @@ coefficient6 coefficient8 in @@ -5875,7 +5878,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 5 *! i <: usize) -@@ -662,24 +595,35 @@ +@@ -675,24 +595,35 @@ in serialized @@ -5921,7 +5924,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative coefficient in -@@ -692,36 +636,28 @@ +@@ -705,36 +636,28 @@ <: t_Array u8 (sz 32)) in @@ -5969,7 +5972,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in | 4ul -> compress_then_serialize_4_ v_OUT_LEN re | 5ul -> compress_then_serialize_5_ v_OUT_LEN re | _ -> -@@ -729,49 +665,32 @@ +@@ -742,49 +665,32 @@ <: Rust_primitives.Hax.t_Never) @@ -6038,7 +6041,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -779,12 +698,14 @@ +@@ -792,12 +698,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 4 *! i <: usize) @@ -6056,7 +6059,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -792,12 +713,14 @@ +@@ -805,12 +713,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 1 <: usize) @@ -6074,7 +6077,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -805,12 +728,14 @@ +@@ -818,12 +728,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 2 <: usize) @@ -6092,7 +6095,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -818,43 +743,44 @@ +@@ -831,43 +743,44 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 4 *! i <: usize) +! sz 3 <: usize) @@ -6163,7 +6166,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1, coefficient2, -@@ -863,21 +789,11 @@ +@@ -876,21 +789,11 @@ coefficient5, coefficient6, coefficient7, @@ -6187,7 +6190,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -885,12 +801,14 @@ +@@ -898,12 +801,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 8 *! i <: usize) @@ -6205,7 +6208,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -898,12 +816,14 @@ +@@ -911,12 +816,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 1 <: usize) @@ -6223,7 +6226,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -911,12 +831,14 @@ +@@ -924,12 +831,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 2 <: usize) @@ -6241,7 +6244,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -924,12 +846,14 @@ +@@ -937,12 +846,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 3 <: usize) @@ -6259,7 +6262,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -937,12 +861,14 @@ +@@ -950,12 +861,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 4 <: usize) @@ -6277,7 +6280,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -950,12 +876,14 @@ +@@ -963,12 +876,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 5 <: usize) @@ -6295,7 +6298,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -963,12 +891,14 @@ +@@ -976,12 +891,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 6 <: usize) @@ -6313,7 +6316,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -976,33 +906,35 @@ +@@ -989,33 +906,35 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 7 <: usize) @@ -6364,7 +6367,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1015,9 +947,9 @@ +@@ -1028,9 +947,9 @@ i32) } <: @@ -6376,7 +6379,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1030,32 +962,33 @@ +@@ -1043,32 +962,33 @@ i32) } <: @@ -6427,7 +6430,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1, coefficient2, -@@ -1064,25 +997,10 @@ +@@ -1077,25 +997,10 @@ coefficient5, coefficient6, coefficient7, @@ -6455,7 +6458,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1090,12 +1008,14 @@ +@@ -1103,12 +1008,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 8 *! i <: usize) @@ -6473,7 +6476,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1103,12 +1023,14 @@ +@@ -1116,12 +1023,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 1 <: usize) @@ -6491,7 +6494,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1116,12 +1038,14 @@ +@@ -1129,12 +1038,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 2 <: usize) @@ -6509,7 +6512,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1129,12 +1053,14 @@ +@@ -1142,12 +1053,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 3 <: usize) @@ -6527,7 +6530,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1142,12 +1068,14 @@ +@@ -1155,12 +1068,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 4 <: usize) @@ -6545,7 +6548,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1155,12 +1083,14 @@ +@@ -1168,12 +1083,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 5 <: usize) @@ -6563,7 +6566,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1168,12 +1098,14 @@ +@@ -1181,12 +1098,14 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 6 <: usize) @@ -6581,7 +6584,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1181,27 +1113,33 @@ +@@ -1194,27 +1113,33 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 8 *! i <: usize) +! sz 7 <: usize) @@ -6625,7 +6628,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let i, byte:(usize & u8) = temp_1_ in Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ Core.Ops.Range.f_start = sz 0; -@@ -1213,11 +1151,10 @@ +@@ -1226,11 +1151,10 @@ Core.Ops.Range.t_Range usize) re (fun re j -> @@ -6639,7 +6642,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1231,21 +1168,20 @@ +@@ -1244,21 +1168,20 @@ i32) } <: @@ -6668,7 +6671,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in | 10ul -> deserialize_then_decompress_10_ serialized | 11ul -> deserialize_then_decompress_11_ serialized | _ -> -@@ -1254,12 +1190,12 @@ +@@ -1267,12 +1190,12 @@ <: Rust_primitives.Hax.t_Never) @@ -6686,7 +6689,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in | 4ul -> deserialize_then_decompress_4_ serialized | 5ul -> deserialize_then_decompress_5_ serialized | _ -> -@@ -1267,32 +1203,27 @@ +@@ -1280,32 +1203,27 @@ <: Rust_primitives.Hax.t_Never) @@ -6694,7 +6697,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in - admit(); //P-F - res --#push-options "--z3rlimit 100" +-#push-options "--z3rlimit 220" -let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = +let deserialize_to_uncompressed_ring_element (serialized: t_Slice u8) = let _:Prims.unit = () <: Prims.unit in @@ -6735,7 +6738,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1300,12 +1231,12 @@ +@@ -1313,12 +1231,12 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients (sz 2 *! i <: usize) @@ -6751,7 +6754,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in { re with Libcrux.Kem.Kyber.Arithmetic.f_coefficients -@@ -1313,43 +1244,34 @@ +@@ -1326,28 +1244,34 @@ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux.Kem.Kyber.Arithmetic.f_coefficients ((sz 2 *! i <: usize) +! sz 1 <: usize) @@ -6766,22 +6769,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in in re -#pop-options -- --module A = Libcrux.Kem.Kyber.Arithmetic --let bitwise_equality #len #d (p1 p2: (p: t_Array nat len {forall i. Seq.index p i < pow2 d})) -- : Lemma -- (requires forall i. bit_vec_of_nat_array p1 d i == bit_vec_of_nat_array p2 d i) -- (ensures p1 == p2) -- = admit () -- --let eq_rw #len (re_poly: t_Array nat len) -- : Lemma ( -- -- bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) -- ) -- = admit () -- -#push-options "--z3rlimit 100" -let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) = +let serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) = @@ -6811,7 +6799,7 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let coefficient1:u16 = Libcrux.Kem.Kyber.Arithmetic.to_unsigned_representative (coefficients.[ sz 0 ] <: i32) in -@@ -1359,8 +1281,6 @@ +@@ -1357,8 +1281,6 @@ let coef1, coef2, coef3:(u8 & u8 & u8) = compress_coefficients_3_ coefficient1 coefficient2 in @@ -6820,24 +6808,15 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fst extraction-secret-in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized (sz 3 *! i <: usize) -@@ -1378,13 +1298,4 @@ - in +@@ -1377,4 +1299,3 @@ serialized) in -- // admitP (bitwise_equality serialized (Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))); -- // admitP (serialized == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re)); -- let re_poly = A.wf_poly_to_spec_poly re in -- assert ( -- bit_vec_to_int_t_array 8 (bit_vec_of_nat_array re_poly 12) -- == Spec.Kyber.byte_encode 12 re_poly -- ); -- admit (); serialized -#pop-options diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti ---- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.494847384 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-01-31 17:22:55.522846801 +0100 -@@ -2,195 +2,118 @@ +--- extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.845759626 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Serialize.fsti 2024-02-01 11:03:26.870758893 +0100 +@@ -2,193 +2,118 @@ #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -7088,12 +7067,10 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i - (requires (length serialized == Spec.Kyber.v_BYTES_PER_RING_ELEMENT)) - (ensures fun _ -> True) - --module A = Libcrux.Kem.Kyber.Arithmetic -- -val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.wfPolynomialRingElement) - : Pure (t_Array u8 (sz 384)) - (requires True) -- (ensures (fun res -> res == Spec.Kyber.byte_encode 12 (A.wf_poly_to_spec_poly re))) +- (ensures (fun res -> True)) + : Prims.Pure Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement + Prims.l_True + (fun _ -> Prims.l_True) @@ -7101,8 +7078,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Serialize.fsti extraction-secret-i +val serialize_uncompressed_ring_element (re: Libcrux.Kem.Kyber.Arithmetic.t_PolynomialRingElement) + : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst ---- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.487847530 +0100 -+++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-01-31 17:22:55.527846697 +0100 +--- extraction-edited/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.839759802 +0100 ++++ extraction-secret-independent/Libcrux.Kem.Kyber.Types.fst 2024-02-01 11:03:26.875758746 +0100 @@ -3,8 +3,6 @@ open Core open FStar.Mul @@ -7149,8 +7126,8 @@ diff -ruN extraction-edited/Libcrux.Kem.Kyber.Types.fst extraction-secret-indepe type t_KyberKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/Libcrux_platform.fsti ---- extraction-edited/Libcrux_platform.fsti 2024-01-31 17:22:55.472847842 +0100 -+++ extraction-secret-independent/Libcrux_platform.fsti 2024-01-31 17:22:55.536846509 +0100 +--- extraction-edited/Libcrux_platform.fsti 2024-02-01 11:03:26.826760184 +0100 ++++ extraction-secret-independent/Libcrux_platform.fsti 2024-02-01 11:03:26.887758395 +0100 @@ -1,4 +1,4 @@ module Libcrux_platform #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" @@ -7158,7 +7135,7 @@ diff -ruN extraction-edited/Libcrux_platform.fsti extraction-secret-independent/ -val simd256_support: bool +val simd256_support : unit -> bool diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst ---- extraction-edited/MkSeq.fst 2024-01-31 17:22:55.459848113 +0100 +--- extraction-edited/MkSeq.fst 2024-02-01 11:03:26.814760535 +0100 +++ extraction-secret-independent/MkSeq.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,91 +0,0 @@ -module MkSeq @@ -7253,7 +7230,7 @@ diff -ruN extraction-edited/MkSeq.fst extraction-secret-independent/MkSeq.fst - -%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) diff -ruN extraction-edited/Spec.Kyber.fst extraction-secret-independent/Spec.Kyber.fst ---- extraction-edited/Spec.Kyber.fst 2024-01-31 17:22:55.495847363 +0100 +--- extraction-edited/Spec.Kyber.fst 2024-02-01 11:03:26.846759597 +0100 +++ extraction-secret-independent/Spec.Kyber.fst 1970-01-01 01:00:00.000000000 +0100 @@ -1,433 +0,0 @@ -module Spec.Kyber