diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index b70951dfb..384e13a30 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -50,9 +50,10 @@ jobs: cmake -B build -DCMAKE_BUILD_TYPE=Release cmake --build build --config Release - - name: 🏃🏻‍♀️ Benchmark - run: ./build/Release/ml_kem_bench - if: ${{ matrix.os == 'windows-latest' }} + # FIXME: Benchmarks on Windows CI are not working right now. + # - name: 🏃🏻‍♀️ Benchmark + # run: ./build/Release/ml_kem_bench + # if: ${{ matrix.os == 'windows-latest' }} - name: 🏃🏻‍♀️ Benchmark run: ./build/ml_kem_bench diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 9f7b6fc2d..784c063cf 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -52,70 +52,12 @@ jobs: run: | nix profile install ./hax - - name: 🏃 Extract the Kyber reference code - run: | - eval $(opam env) - (cd proofs/fstar/extraction/ && ./clean.sh) - rm -f sys/platform/proofs/fstar/extraction/*.fst* - ./hax-driver.py --kyber-reference - - - name: 🏃 Regenerate `extraction-*` folders - run: ./proofs/fstar/patches.sh apply - - - name: 🏃 Make sure snapshots are up-to-date - run: git diff --exit-code - - - name: 🏃 Verify the Kyber reference code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - ./hax-driver.py --verify-extraction - - - name: 🏃 Verify Kyber `extraction-edited` F* code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - make -C proofs/fstar/extraction-edited - - - name: 🏃 Verify Kyber `extraction-secret-independent` F* code - run: | - env FSTAR_HOME=${{ github.workspace }}/fstar \ - HACL_HOME=${{ github.workspace }}/hacl-star \ - HAX_HOME=${{ github.workspace }}/hax \ - PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ - make -C proofs/fstar/extraction-secret-independent - - - name: 🏃 Extract & Verify ML-KEM crate (lax) + - name: 🏃 Extract ML-KEM crate run: | cd libcrux-ml-kem - # ./hax.py extract + ./hax.py extract # env FSTAR_HOME=${{ github.workspace }}/fstar \ # HACL_HOME=${{ github.workspace }}/hacl-star \ # HAX_HOME=${{ github.workspace }}/hax \ # PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ # ./hax.py prove --admit - - - name: 🏃 Extract the Kyber specification - run: | - eval $(opam env) - # Extract the functions in the compress module individually to test - # the function-extraction code. - # Extract functions from the remaining modules to test the - # module-extraction code. - ./hax-driver.py --crate-path specs/kyber \ - --functions hacspec_kyber::compress::compress \ - hacspec_kyber::compress::decompress \ - hacspec_kyber::compress::compress_d \ - hacspec::kyber::compress::decompress_d \ - --modules ind_cpa \ - hacspec_kyber \ - matrix \ - ntt \ - parameters \ - sampling \ - serialize \ - --exclude-modules libcrux::hacl::sha3 libcrux::digest diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index 03b6d91ad..a05d1e6c3 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index fe43c3025..4f3ed7102 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} @@ -168,6 +171,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 000000000..4259aca31 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,20 @@ +name: Nix + +on: + push: + branches: [main, dev] + pull_request: + +jobs: + nix: + runs-on: ubuntu-latest + steps: + - uses: DeterminateSystems/nix-installer-action@v12 + - uses: DeterminateSystems/magic-nix-cache-action@v7 + - name: Install & configure Cachix + shell: bash + run: | + nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install + cachix use hax + - uses: actions/checkout@v4 + - run: nix build -L .#ml-kem diff --git a/.github/workflows/platform.yml b/.github/workflows/platform.yml index 84c4bf71f..796fd6956 100644 --- a/.github/workflows/platform.yml +++ b/.github/workflows/platform.yml @@ -41,6 +41,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - name: 🔨 Build run: cargo build --verbose diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 8f781c1f1..ee0e3f090 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -40,6 +40,9 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Update dependencies + run: cargo update + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV if: ${{ matrix.bits == 64 }} diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml index 043d3d801..83a79e802 100644 --- a/.github/workflows/specs.yml +++ b/.github/workflows/specs.yml @@ -41,6 +41,9 @@ jobs: - uses: actions/checkout@v3 + - name: Update dependencies + run: cargo update + - name: Build working-directory: specs run: cargo build --verbose diff --git a/.gitignore b/.gitignore index f2eb8a8ef..71e87e917 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ /target -/Cargo.lock .vscode .DS_Store benches/boringssl/build diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 000000000..a8e8f334e --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,2016 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "anes" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b46cbb362ab8752921c97e041f5e366ee6297bd428a31275b9fcf1e380f7299" + +[[package]] +name = "anstream" +version = "0.6.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "418c75fa768af9c03be99d17643f93f79bbba589895012a80e3452a19ddda15b" +dependencies = [ + "anstyle", + "anstyle-parse", + "anstyle-query", + "anstyle-wincon", + "colorchoice", + "is_terminal_polyfill", + "utf8parse", +] + +[[package]] +name = "anstyle" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "038dfcf04a5feb68e9c60b21c9625a54c2c0616e79b72b0fd87075a056ae1d1b" + +[[package]] +name = "anstyle-parse" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c03a11a9034d92058ceb6ee011ce58af4a9bf61491aa7e1e59ecd24bd40d22d4" +dependencies = [ + "utf8parse", +] + +[[package]] +name = "anstyle-query" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ad186efb764318d35165f1758e7dcef3b10628e26d41a44bc5550652e6804391" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "anstyle-wincon" +version = "3.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61a38449feb7068f52bb06c12759005cf459ee52bb4adc1d5a7c4322d716fb19" +dependencies = [ + "anstyle", + "windows-sys", +] + +[[package]] +name = "arbitrary" +version = "1.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110" + +[[package]] +name = "autocfg" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" + +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "benchmarks" +version = "0.0.2-pre.2" +dependencies = [ + "chacha20poly1305", + "criterion", + "curve25519-dalek", + "lib25519", + "libcrux", + "libjade-sys", + "openssl", + "p256", + "pqcrypto-kyber", + "rand", + "rand_core", + "ring", + "sha2", + "sha3", + "x25519-dalek", + "x25519-dalek-ng", +] + +[[package]] +name = "bindgen" +version = "0.69.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn 2.0.66", + "which", +] + +[[package]] +name = "bitflags" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "bumpalo" +version = "3.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c" + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cast" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" + +[[package]] +name = "cc" +version = "1.0.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96c51067fd44124faa7f870b4b1c969379ad32b2ba805aa959430ceaa384f695" +dependencies = [ + "jobserver", + "libc", + "once_cell", +] + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", + "zeroize", +] + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "clap" +version = "4.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5db83dced34638ad474f39f250d7fea9598bdd239eaced1bdf45d597da0f433f" +dependencies = [ + "clap_builder", + "clap_derive", +] + +[[package]] +name = "clap_builder" +version = "4.5.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7e204572485eb3fbf28f871612191521df159bc3e15a9f5064c66dba3a8c05f" +dependencies = [ + "anstream", + "anstyle", + "clap_lex", + "strsim", +] + +[[package]] +name = "clap_derive" +version = "4.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c780290ccf4fb26629baa7a1081e68ced113f1d3ec302fa5948f1c381ebf06c6" +dependencies = [ + "heck", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "clap_lex" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b82cf0babdbd58558212896d1a4272303a57bdb245c2bf1147185fb45640e70" + +[[package]] +name = "colorchoice" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b6a852b24ab71dffc585bcb46eaf7959d175cb865a7152e35b348d1b2960422" + +[[package]] +name = "console_error_panic_hook" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a06aeb73f470f66dcdbf7223caeebb85984942f22f1adb2a088cf9668146bbbc" +dependencies = [ + "cfg-if", + "wasm-bindgen", +] + +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + +[[package]] +name = "cpufeatures" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +dependencies = [ + "libc", +] + +[[package]] +name = "criterion" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f2b12d017a929603d80db1831cd3a24082f8137ce19c69e6447f54f5fc8d692f" +dependencies = [ + "anes", + "cast", + "ciborium", + "clap", + "criterion-plot", + "is-terminal", + "itertools 0.10.5", + "num-traits", + "once_cell", + "oorandom", + "plotters", + "rayon", + "regex", + "serde", + "serde_derive", + "serde_json", + "tinytemplate", + "walkdir", +] + +[[package]] +name = "criterion-plot" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b50826342786a51a89e2da3a28f1c32b06e387201bc2d19791f622c673706b1" +dependencies = [ + "cast", + "itertools 0.10.5", +] + +[[package]] +name = "crossbeam-deque" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22ec99545bb0ed0ea7bb9b8e1e9122ea386ff8a48c0922e43f36d45ab09e0e80" + +[[package]] +name = "crunchy" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core", + "subtle", + "zeroize", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "rand_core", + "typenum", +] + +[[package]] +name = "curve25519-dalek" +version = "4.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a677b8922c94e01bdbb12126b0bc852f00447528dee1782229af9c720c3f348" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "fiat-crypto", + "platforms", + "rustc_version", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "curve25519-dalek-ng" +version = "4.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c359b7249347e46fb28804470d071c921156ad62b3eef5d34e2ba867533dec8" +dependencies = [ + "byteorder", + "digest 0.9.0", + "rand_core", + "subtle-ng", + "zeroize", +] + +[[package]] +name = "der" +version = "0.7.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +dependencies = [ + "const-oid", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "digest" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" +dependencies = [ + "generic-array", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "const-oid", + "crypto-common", + "subtle", +] + +[[package]] +name = "dunce" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" + +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "either" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" + +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core", + "sec1", + "subtle", + "zeroize", +] + +[[package]] +name = "env_logger" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a19187fea3ac7e84da7dacf48de0c45d63c6a76f9490dae389aead16c243fce3" +dependencies = [ + "log", + "regex", +] + +[[package]] +name = "env_logger" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd405aab171cb85d6735e5c8d9db038c17d3ca007a4d2c25f337935c3d90580" +dependencies = [ + "humantime", + "is-terminal", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "errno" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" +dependencies = [ + "libc", + "windows-sys", +] + +[[package]] +name = "ff" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" +dependencies = [ + "rand_core", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", + "zeroize", +] + +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "js-sys", + "libc", + "wasi", + "wasm-bindgen", +] + +[[package]] +name = "glob" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" + +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core", + "subtle", +] + +[[package]] +name = "half" +version = "2.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6dd08c532ae367adf81c312a4580bc67f1d0fe8bc9c460520283f4c0ff277888" +dependencies = [ + "cfg-if", + "crunchy", +] + +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#46bb5c19fb6f6397e15d9a4ff86c556482f81802" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "hermit-abi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" + +[[package]] +name = "hex" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +dependencies = [ + "serde", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + +[[package]] +name = "home" +version = "0.5.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "humantime" +version = "2.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" + +[[package]] +name = "inout" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5" +dependencies = [ + "generic-array", +] + +[[package]] +name = "is-terminal" +version = "0.4.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +dependencies = [ + "hermit-abi", + "libc", + "windows-sys", +] + +[[package]] +name = "is_terminal_polyfill" +version = "1.70.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8478577c03552c21db0e2724ffb8986a5ce7af88107e6be5d2ee6e158c12800" + +[[package]] +name = "itertools" +version = "0.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473" +dependencies = [ + "either", +] + +[[package]] +name = "itertools" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" +dependencies = [ + "either", +] + +[[package]] +name = "itoa" +version = "1.0.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b" + +[[package]] +name = "jobserver" +version = "0.1.31" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2b099aaa34a9751c5bf0878add70444e1ed2dd73f347be99003d4577277de6e" +dependencies = [ + "libc", +] + +[[package]] +name = "js-sys" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "keccak" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc2af9a1119c51f12a14607e783cb977bde58bc069ff0c3da1095e635d70654" +dependencies = [ + "cpufeatures", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + +[[package]] +name = "lib25519" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "libc", + "pkg-config", +] + +[[package]] +name = "libc" +version = "0.2.155" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" + +[[package]] +name = "libcrux" +version = "0.0.2-pre.2" +dependencies = [ + "clap", + "getrandom", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hex", + "libcrux", + "libcrux-hacl", + "libcrux-hkdf", + "libcrux-hmac", + "libcrux-platform", + "log", + "pretty_env_logger", + "quickcheck", + "quickcheck_macros", + "rand", + "rand_core", + "serde", + "serde_json", + "wasm-bindgen", + "wasm-bindgen-test", +] + +[[package]] +name = "libcrux-fuzz" +version = "0.0.0" +dependencies = [ + "libcrux", + "libfuzzer-sys", + "rand", +] + +[[package]] +name = "libcrux-hacl" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "hex", + "libcrux-platform", + "wasm-bindgen-test", +] + +[[package]] +name = "libcrux-hkdf" +version = "0.0.2-pre.2" +dependencies = [ + "libcrux-hacl", +] + +[[package]] +name = "libcrux-hmac" +version = "0.0.2-pre.2" +dependencies = [ + "libcrux-hacl", + "libcrux-hkdf", +] + +[[package]] +name = "libcrux-intrinsics" +version = "0.0.2-pre.2" +dependencies = [ + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", +] + +[[package]] +name = "libcrux-ml-dsa" +version = "0.0.2-pre.2" +dependencies = [ + "hex", + "libcrux-sha3", + "serde", + "serde_json", +] + +[[package]] +name = "libcrux-ml-kem" +version = "0.0.2-pre.2" +dependencies = [ + "criterion", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hex", + "libcrux-intrinsics", + "libcrux-ml-kem", + "libcrux-platform", + "libcrux-sha3", + "rand", + "rand_core", + "serde", + "serde_json", +] + +[[package]] +name = "libcrux-platform" +version = "0.0.2-pre.2" +dependencies = [ + "libc", +] + +[[package]] +name = "libcrux-pqclean" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "fs_extra", +] + +[[package]] +name = "libcrux-sha3" +version = "0.0.2-pre.2" +dependencies = [ + "criterion", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hex", + "libcrux-intrinsics", + "libcrux-platform", + "rand", +] + +[[package]] +name = "libfuzzer-sys" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a96cfd5557eb82f2b83fed4955246c988d331975a002961b07c81584d107e7f7" +dependencies = [ + "arbitrary", + "cc", + "once_cell", +] + +[[package]] +name = "libjade-sys" +version = "0.0.2-pre.2" +dependencies = [ + "bindgen", + "cc", + "libcrux-platform", + "pretty_env_logger", +] + +[[package]] +name = "libloading" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "linux-raw-sys" +version = "0.4.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" + +[[package]] +name = "log" +version = "0.4.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" + +[[package]] +name = "memchr" +version = "2.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "num-bigint" +version = "0.4.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" + +[[package]] +name = "oorandom" +version = "11.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "openssl-sys" +version = "0.9.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + +[[package]] +name = "p256" +version = "0.13.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2", +] + +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + +[[package]] +name = "pkg-config" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" + +[[package]] +name = "platforms" +version = "3.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db23d408679286588f4d4644f965003d056e3dd5abcaaa938116871d7ce2fee7" + +[[package]] +name = "plotters" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +dependencies = [ + "num-traits", + "plotters-backend", + "plotters-svg", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "plotters-backend" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" + +[[package]] +name = "plotters-svg" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +dependencies = [ + "plotters-backend", +] + +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" + +[[package]] +name = "pqcrypto-internals" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9d34bec6abe2283e6de7748b68b292d1ffa2203397e3e71380ff8418a49fb46" +dependencies = [ + "cc", + "dunce", + "getrandom", + "libc", +] + +[[package]] +name = "pqcrypto-kyber" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15c00293cf898859d0c771455388054fd69ab712263c73fdc7f287a39b1ba000" +dependencies = [ + "cc", + "glob", + "libc", + "pqcrypto-internals", + "pqcrypto-traits", +] + +[[package]] +name = "pqcrypto-traits" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "94e851c7654eed9e68d7d27164c454961a616cf8c203d500607ef22c737b51bb" + +[[package]] +name = "pretty_env_logger" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "865724d4dbe39d9f3dd3b52b88d859d66bcb2d6a0acfd5ea68a65fb66d4bdc1c" +dependencies = [ + "env_logger 0.10.2", + "log", +] + +[[package]] +name = "prettyplease" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +dependencies = [ + "proc-macro2", + "syn 2.0.66", +] + +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + +[[package]] +name = "proc-macro-error" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +dependencies = [ + "proc-macro-error-attr", + "proc-macro2", + "quote", + "syn 1.0.109", + "version_check", +] + +[[package]] +name = "proc-macro-error-attr" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +dependencies = [ + "proc-macro2", + "quote", + "version_check", +] + +[[package]] +name = "proc-macro2" +version = "1.0.85" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "22244ce15aa966053a896d1accb3a6e68469b97c7f33f284b99f0d576879fc23" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quickcheck" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "588f6378e4dd99458b60ec275b4477add41ce4fa9f64dcba6f15adccb19b50d6" +dependencies = [ + "env_logger 0.8.4", + "log", + "rand", +] + +[[package]] +name = "quickcheck_macros" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b22a693222d716a9587786f37ac3f6b4faedb5b80c23914e7303ff5a1d8016e9" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "quote" +version = "1.0.36" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "rayon" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + +[[package]] +name = "regex" +version = "1.10.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38caf58cc5ef2fed281f89292ef23f6365465ed9a41b7a7754eb4e26496c92df" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a66a03ae7c801facd77a29370b4faec201768915ac14a721ba36f20bc9c209b" + +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + +[[package]] +name = "ring" +version = "0.17.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" +dependencies = [ + "cc", + "cfg-if", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys", +] + +[[package]] +name = "rustc-hash" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" + +[[package]] +name = "rustc_version" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +dependencies = [ + "semver", +] + +[[package]] +name = "rustix" +version = "0.38.34" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +dependencies = [ + "bitflags", + "errno", + "libc", + "linux-raw-sys", + "windows-sys", +] + +[[package]] +name = "ryu" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" + +[[package]] +name = "same-file" +version = "1.0.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "scoped-tls" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1cf6437eb19a8f4a6cc0f7dca544973b0b78843adbfeb3683d1a94a0024a294" + +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + +[[package]] +name = "semver" +version = "1.0.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" + +[[package]] +name = "serde" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.203" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "serde_json" +version = "1.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "455182ea6142b14f93f4bc5320a2b31c1f266b66a4a5c858b013302a5d8cbfc3" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "sha2" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest 0.10.7", +] + +[[package]] +name = "sha3" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +dependencies = [ + "digest 0.10.7", + "keccak", +] + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + +[[package]] +name = "strsim" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" + +[[package]] +name = "subtle" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" + +[[package]] +name = "subtle-ng" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "734676eb262c623cec13c3155096e08d1f8f29adce39ba17948b18dad1e54142" + +[[package]] +name = "syn" +version = "1.0.109" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "syn" +version = "2.0.66" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "termcolor" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "tinytemplate" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be4d6b5f19ff7664e8c98d03e2139cb510db9b0a60b55f8e8709b689d939b6bc" +dependencies = [ + "serde", + "serde_json", +] + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "utf8parse" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" + +[[package]] +name = "uuid" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" +dependencies = [ + "getrandom", +] + +[[package]] +name = "vcpkg" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426" + +[[package]] +name = "version_check" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" + +[[package]] +name = "walkdir" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b" +dependencies = [ + "same-file", + "winapi-util", +] + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "wasm-bindgen" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +dependencies = [ + "cfg-if", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +dependencies = [ + "bumpalo", + "log", + "once_cell", + "proc-macro2", + "quote", + "syn 2.0.66", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +dependencies = [ + "cfg-if", + "js-sys", + "wasm-bindgen", + "web-sys", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.92" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" + +[[package]] +name = "wasm-bindgen-test" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +dependencies = [ + "console_error_panic_hook", + "js-sys", + "scoped-tls", + "wasm-bindgen", + "wasm-bindgen-futures", + "wasm-bindgen-test-macro", +] + +[[package]] +name = "wasm-bindgen-test-macro" +version = "0.3.42" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] + +[[package]] +name = "web-sys" +version = "0.3.69" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + +[[package]] +name = "winapi-util" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +dependencies = [ + "windows-sys", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" + +[[package]] +name = "x25519-dalek" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7e468321c81fb07fa7f4c636c3972b9100f0346e5b6a9f2bd0603a52f7ed277" +dependencies = [ + "curve25519-dalek", + "rand_core", + "serde", + "zeroize", +] + +[[package]] +name = "x25519-dalek-ng" +version = "1.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf7074de8999662970c3c4c8f7f30925028dd8f4ca31ad4c055efa9cdf2ec326" +dependencies = [ + "curve25519-dalek-ng", + "rand", + "rand_core", + "zeroize", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.66", +] diff --git a/Cargo.toml b/Cargo.toml index 4505f7d11..881de10d9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,10 +8,11 @@ members = [ "benchmarks", "fuzz", "libcrux-ml-kem", - "libcrux-simd", "libcrux-sha3", "libcrux-ml-dsa", "libcrux-intrinsics", + "libcrux-hmac", + "libcrux-hkdf", ] [workspace.package] @@ -45,6 +46,8 @@ libcrux-platform = { version = "=0.0.2-pre.2", path = "sys/platform" } [dependencies] libcrux-hacl = { version = "=0.0.2-pre.2", path = "sys/hacl" } libcrux-platform = { version = "=0.0.2-pre.2", path = "sys/platform" } +libcrux-hkdf = { version = "=0.0.2-pre.2", path = "libcrux-hkdf" } +libcrux-hmac = { version = "=0.0.2-pre.2", path = "libcrux-hmac" } rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API diff --git a/flake.lock b/flake.lock new file mode 100644 index 000000000..4f2422f00 --- /dev/null +++ b/flake.lock @@ -0,0 +1,642 @@ +{ + "nodes": { + "charon": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "eurydice", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718119153, + "narHash": "sha256-/7Lv10doYagB+h9LzoT8hG9ns5ejEsAXBnii2kNDSoQ=", + "owner": "aeneasverif", + "repo": "charon", + "rev": "0d3ba218b611b31cd9b800c237f15f7ffc787845", + "type": "github" + }, + "original": { + "owner": "aeneasverif", + "repo": "charon", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "charon", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701622587, + "narHash": "sha256-o3XhxCCyrUHZ0tlta2W7/MuXzy+n0+BUt3rKFK3DIK4=", + "owner": "ipetkov", + "repo": "crane", + "rev": "c09d2cbe84cc2adfe1943cb2a0b55a71c835ca9a", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718078026, + "narHash": "sha256-LbQabH6h86ZzTvDnaZHmMwedRZNB2jYtUQzmoqWQoJ8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "a3f0c63eed74a516298932b9b1627dd80b9c3892", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1693787605, + "narHash": "sha256-rwq5U8dy+a9JFny/73L0SJu1GfWwATMPMTp7D+mjHy8=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b4f7a4dab2120cf41e7957a28a853f45016bd9d", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "eurydice": { + "inputs": { + "charon": [ + "charon" + ], + "flake-utils": "flake-utils_2", + "fstar": "fstar", + "karamel": "karamel", + "nixpkgs": [ + "eurydice", + "karamel", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718124394, + "narHash": "sha256-1sYQb6Oy/BtMBiWJ7X+nOf8+ZVWBmmm+29NtrIj3w2s=", + "owner": "aeneasverif", + "repo": "eurydice", + "rev": "b2b62fffab78f91de07c20a7fa7385242fd54a0d", + "type": "github" + }, + "original": { + "owner": "aeneasverif", + "repo": "eurydice", + "type": "github" + } + }, + "flake-compat": { + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "fstar": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1717456679, + "narHash": "sha256-GjDR+YhmIBHJ/1WotSwcHYmXP1VvkZS5I2YpPJlzWDc=", + "owner": "FStarLang", + "repo": "fstar", + "rev": "6d124af2bda315ae20f9fe974ffc668f8bd5791d", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "repo": "fstar", + "type": "github" + } + }, + "fstar_2": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1717456679, + "narHash": "sha256-GjDR+YhmIBHJ/1WotSwcHYmXP1VvkZS5I2YpPJlzWDc=", + "owner": "fstarlang", + "repo": "fstar", + "rev": "6d124af2bda315ae20f9fe974ffc668f8bd5791d", + "type": "github" + }, + "original": { + "owner": "fstarlang", + "repo": "fstar", + "type": "github" + } + }, + "fstar_3": { + "inputs": { + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705191588, + "narHash": "sha256-xjSWDP8mSjLcn+0hsRpEdzsBgBR+mKCZB8yLmHl+WqE=", + "owner": "FStarLang", + "repo": "FStar", + "rev": "a32b316e521fa4f239b610ec8f1d15e78d62cbe8", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "ref": "v2024.01.13", + "repo": "FStar", + "type": "github" + } + }, + "hacl-star": { + "flake": false, + "locked": { + "lastModified": 1699634660, + "narHash": "sha256-/mAi8wdlO1HHYKVj8pN/y5FUM/AwVPNazYFSy9pDlpY=", + "owner": "hacl-star", + "repo": "hacl-star", + "rev": "7f42aba60b37bc011d19472284bfcd3b95c1538e", + "type": "github" + }, + "original": { + "owner": "hacl-star", + "repo": "hacl-star", + "type": "github" + } + }, + "hax": { + "inputs": { + "crane": "crane_3", + "flake-utils": "flake-utils_6", + "fstar": "fstar_3", + "hacl-star": "hacl-star", + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "lastModified": 1717675342, + "narHash": "sha256-ZeBd/7OFaw5QXdHhMbspSrc2QiEYKKxtWHIZ6mHsCBY=", + "owner": "hacspec", + "repo": "hax", + "rev": "46bb5c19fb6f6397e15d9a4ff86c556482f81802", + "type": "github" + }, + "original": { + "owner": "hacspec", + "repo": "hax", + "type": "github" + } + }, + "karamel": { + "inputs": { + "flake-utils": [ + "eurydice", + "karamel", + "fstar", + "flake-utils" + ], + "fstar": "fstar_2", + "nixpkgs": [ + "eurydice", + "karamel", + "fstar", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718042424, + "narHash": "sha256-6rpa26YdxXiV+PftX11ODFu1yiUAWHHRNgtOhf9mFoY=", + "owner": "FStarLang", + "repo": "karamel", + "rev": "22425a93c68d9e3794909f98854aaffdc0560510", + "type": "github" + }, + "original": { + "owner": "FStarLang", + "repo": "karamel", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1693158576, + "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1693158576, + "narHash": "sha256-aRTTXkYvhXosGx535iAFUaoFboUrZSYb1Ooih/auGp0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a999c1cc0c9eb2095729d5aa03e0d8f7ed256780", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1694343207, + "narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78058d810644f5ed276804ce7ea9e82d92bee293", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "charon": "charon", + "crane": "crane_2", + "eurydice": "eurydice", + "flake-utils": "flake-utils_5", + "fstar": [ + "eurydice", + "fstar" + ], + "hax": "hax", + "karamel": [ + "eurydice", + "karamel" + ], + "nixpkgs": "nixpkgs_4" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "charon", + "flake-utils" + ], + "nixpkgs": [ + "charon", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701656211, + "narHash": "sha256-lfFXsLWH4hVbEKR6K+UcDiKxeS6Lz4FkC1DZ9LHqf9Y=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "47a276e820ae4ae1b8d98a503bf09d2ceb52dfd8", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "hax", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693707092, + "narHash": "sha256-HR1EnynBSPqbt+04/yxxqsG1E3n6uXrOl7SPco/UnYo=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "98ccb73e6eefc481da6039ee57ad8818d1ca8d56", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "flake-utils": [ + "hax", + "flake-utils" + ], + "nixpkgs": [ + "hax", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1716862669, + "narHash": "sha256-7oTPM9lcdwiI1cpRC313B+lHawocgpY5F07N+Rbm5Uk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "47b2d15658b37716393b2463a019000dbd6ce4bc", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 000000000..433908416 --- /dev/null +++ b/flake.nix @@ -0,0 +1,105 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-utils.url = "github:numtide/flake-utils"; + crane = { + url = "github:ipetkov/crane"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + charon = { + url = "github:aeneasverif/charon"; + inputs.nixpkgs.follows = "eurydice/nixpkgs"; + }; + eurydice = { + url = "github:aeneasverif/eurydice"; + inputs.charon.follows = "charon"; + }; + fstar.follows = "eurydice/fstar"; + karamel.follows = "eurydice/karamel"; + hax.url = "github:hacspec/hax"; + }; + + outputs = + inputs: + inputs.flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import inputs.nixpkgs { inherit system; }; + googletest = pkgs.fetchFromGitHub { + owner = "google"; + repo = "googletest"; + rev = "release-1.11.0"; + sha256 = "SjlJxushfry13RGA7BCjYC9oZqV4z6x8dOiHfl/wpF0="; + }; + benchmark = pkgs.fetchFromGitHub { + owner = "google"; + repo = "benchmark"; + rev = "v1.8.4"; + sha256 = "O+1ZHaNHSkKz3PlKDyI94LqiLtjyrKxjOIi8Q236/MI="; + }; + json = pkgs.fetchFromGitHub { + owner = "nlohmann"; + repo = "json"; + rev = "v3.10.3"; + sha256 = "EBzwaHyDWF8h/z3Zfq4p/n5Vpz7Ozlc3eoWDKXWv2YY="; + }; + craneLib = inputs.crane.mkLib pkgs; + src = ./.; + cargoArtifacts = craneLib.buildDepsOnly { inherit src; }; + ml-kem = craneLib.buildPackage { + name = "ml-kem"; + inherit src cargoArtifacts; + + nativeBuildInputs = [ + pkgs.clang-tools + pkgs.cmake + pkgs.mold-wrapped + pkgs.ninja + pkgs.python3 + inputs.hax.packages.${system}.default + ]; + buildPhase = '' + cd libcrux-ml-kem + python hax.py extract + bash c.sh + cd c + cmake \ + -DFETCHCONTENT_SOURCE_DIR_GOOGLETEST=${googletest} \ + -DFETCHCONTENT_SOURCE_DIR_BENCHMARK=${benchmark} \ + -DFETCHCONTENT_SOURCE_DIR_JSON=${json} \ + -DCMAKE_EXE_LINKER_FLAGS="-fuse-ld=mold" \ + -DCMAKE_SHARED_LINKER_FLAGS="-fuse-ld=mold" \ + -G "Ninja Multi-Config" -B build + cmake --build build --config Release + ''; + checkPhase = '' + build/Release/ml_kem_test + build/Release/ml_kem_bench + ''; + installPhase = '' + cd ./.. + cp -r . $out + ''; + + CHARON_HOME = inputs.charon.packages.${system}.default; + EURYDICE_HOME = pkgs.runCommand "eurydice-home" { } '' + mkdir -p $out + cp -r ${inputs.eurydice.packages.${system}.default}/bin/eurydice $out + cp -r ${inputs.eurydice}/include $out + ''; + FSTAR_HOME = inputs.fstar.packages.${system}.default; + KRML_HOME = inputs.karamel.packages.${system}.default.home; + + CHARON_REV = inputs.charon.rev; + EURYDICE_REV = inputs.eurydice.rev; + KRML_REV = inputs.karamel.rev; + FSTAR_REV = inputs.fstar.rev; + }; + in + { + packages = { + inherit ml-kem; + }; + } + ); +} diff --git a/kyber-c.yaml b/kyber-c.yaml deleted file mode 100644 index 62bd1b3df..000000000 --- a/kyber-c.yaml +++ /dev/null @@ -1,50 +0,0 @@ -files: - - name: libcrux_digest - api: - - [libcrux, digest] - - [libcrux, digest, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_platform - api: - - [libcrux_platform] - - - name: libcrux_kyber512 - api: - - [libcrux_kyber, kyber512] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber768 - api: - - [libcrux_kyber, kyber768] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber1024 - api: - - [libcrux_kyber, kyber1024] - include_in_c: - - '"libcrux_hacl_glue.h"' - - - name: libcrux_kyber_common - private: - - [libcrux_kyber, "*"] - include_in_h: - - '"libcrux_hacl_glue.h"' - inline_static: true - - - name: core - private: - - [core, "*"] - # NOTE: putting Eurydice in core prevent eurydice from detecting spurious calls - # across C translation units from Eurydice to core (notably related to the - # result type), and thus prevents eurydice from flipping some result types - # being public, which pollutes the header. - # NOTE: putting Eurydice as public (api) is required, since some compilation - # passes produce calls to Eurydice.slice_to_array2 *after* reachability - # analysis, meaning that we cannot let reachability analysis eliminate - # Eurydice definitions on an as-needed basis - api: - - [Eurydice, "*"] diff --git a/kyber-crate-tests/kyber.rs b/kyber-crate-tests/kyber.rs deleted file mode 100644 index d30e7b266..000000000 --- a/kyber-crate-tests/kyber.rs +++ /dev/null @@ -1,19 +0,0 @@ -use libcrux_kyber::kyber768::*; -use rand::rngs::OsRng; -use rand::RngCore; - -#[test] -fn consistency_768() { - let mut rng = OsRng; - let mut randomness = [0u8; 64]; - rng.fill_bytes(&mut randomness); - - let kp = generate_key_pair(randomness); - let mut randomness = [0u8; 32]; - rng.fill_bytes(&mut randomness); - - let ct = encapsulate(kp.public_key(), randomness); - let shared_secret_decapsulated = decapsulate(kp.private_key(), &ct.0); - - assert_eq!(shared_secret_decapsulated, ct.1); -} diff --git a/kyber-crate-tests/kyber_kats/README.md b/kyber-crate-tests/kyber_kats/README.md deleted file mode 100644 index 17024363b..000000000 --- a/kyber-crate-tests/kyber_kats/README.md +++ /dev/null @@ -1 +0,0 @@ -In order to regenerate the JSON KAT files for all parameter sets, simply run `./generate_kats.py`. diff --git a/kyber-crate-tests/kyber_kats/generate_kats.py b/kyber-crate-tests/kyber_kats/generate_kats.py deleted file mode 100755 index 7dd7530df..000000000 --- a/kyber-crate-tests/kyber_kats/generate_kats.py +++ /dev/null @@ -1,91 +0,0 @@ -#! /usr/bin/env python3 - -# This file is a modified version of: -# https://github.com/bwesterb/draft-schwabe-cfrg-kyber/blob/main/kyber_test.py - -from kyber import * - -import hashlib -import json - -import Crypto -from Crypto.Cipher import AES - - -class NistDRBG: - """NIST's DRBG used to generate NIST's Known Answer Tests (KATs), - see PQCgenKAT.c.""" - - def __init__(self, seed): - self.key = b"\0" * 32 - self.v = 0 - assert len(seed) == 48 - self._update(seed) - - def _update(self, seed): - b = AES.new(self.key, AES.MODE_ECB) - buf = b"" - for i in range(3): - self.v += 1 - buf += b.encrypt(self.v.to_bytes(16, "big")) - if seed is not None: - buf = bytes([x ^ y for x, y in zip(seed, buf)]) - self.key = buf[:32] - self.v = int.from_bytes(buf[32:], "big") - - def read(self, length): - b = AES.new(self.key, AES.MODE_ECB) - ret = b"" - while len(ret) < length: - self.v += 1 - block = b.encrypt(self.v.to_bytes(16, "big")) - ret += block - self._update(None) - return ret[:length] - - -for params in [params512, params768, params1024]: - kats_formatted = [] - seed = bytes(range(48)) - g = NistDRBG(seed) - - print("Generating KATs for {} parameter set.".format(params)) - - for i in range(100): - seed = g.read(48) - g2 = NistDRBG(seed) - - kseed = g2.read(32) + g2.read(32) - eseed = g2.read(32) - - pk, sk = KeyGen(kseed, params) - ct, ss = Enc(pk, eseed, params) - - Dec(sk, ct, params) - - kats_formatted.append( - { - "key_generation_seed": bytes(kseed).hex(), - "sha3_256_hash_of_public_key": bytes( - hashlib.sha3_256(pk).digest() - ).hex(), - "sha3_256_hash_of_secret_key": bytes( - hashlib.sha3_256(sk).digest() - ).hex(), - "encapsulation_seed": bytes(eseed).hex(), - "sha3_256_hash_of_ciphertext": bytes( - hashlib.sha3_256(ct).digest() - ).hex(), - "shared_secret": bytes(ss).hex(), - } - ) - - if params == params512: - output_suffix = "512" - elif params == params768: - output_suffix = "768" - else: - output_suffix = "1024" - - with open("nistkats_{}.json".format(output_suffix), "w") as f: - json.dump(kats_formatted, f, ensure_ascii=False, indent=4) diff --git a/kyber-crate-tests/kyber_kats/kyber.py b/kyber-crate-tests/kyber_kats/kyber.py deleted file mode 100644 index 60b6463fe..000000000 --- a/kyber-crate-tests/kyber_kats/kyber.py +++ /dev/null @@ -1,363 +0,0 @@ -# This file is: -# https://github.com/bwesterb/draft-schwabe-cfrg-kyber/blob/a03ab13c241a1a0b6adc676d27be79843b03abc8/kyber.py -# with changes made to match the FIPS-203 draft as well as formatting changes -# made by the black formatter. - -# WARNING This is a specification of Kyber; not a production ready -# implementation. It is slow and does not run in constant time. - -# Requires the CryptoDome for SHAKE. To install, run -# -# pip install pycryptodome pytest -from Crypto.Hash import SHAKE128, SHAKE256 - -import io -import hashlib -import functools -import collections - -from math import floor - -q = 3329 -nBits = 8 -zeta = 17 -eta2 = 2 - -n = 2**nBits -inv2 = (q + 1) // 2 # inverse of 2 - -params = collections.namedtuple("params", ("k", "du", "dv", "eta1")) - -params512 = params(k=2, du=10, dv=4, eta1=3) -params768 = params(k=3, du=10, dv=4, eta1=2) -params1024 = params(k=4, du=11, dv=5, eta1=2) - - -def smod(x): - r = x % q - if r > (q - 1) // 2: - r -= q - return r - - -# Rounds to nearest integer with ties going up -def Round(x): - return int(floor(x + 0.5)) - - -def Compress(x, d): - return Round((2**d / q) * x) % (2**d) - - -def Decompress(y, d): - assert 0 <= y and y <= 2**d - return Round((q / 2**d) * y) - - -def BitsToWords(bs, w): - assert len(bs) % w == 0 - return [sum(bs[i + j] * 2**j for j in range(w)) for i in range(0, len(bs), w)] - - -def WordsToBits(bs, w): - return sum([[(b >> i) % 2 for i in range(w)] for b in bs], []) - - -def Encode(a, w): - return bytes(BitsToWords(WordsToBits(a, w), 8)) - - -def Decode(a, w): - return BitsToWords(WordsToBits(a, 8), w) - - -def brv(x): - """Reverses a 7-bit number""" - return int("".join(reversed(bin(x)[2:].zfill(nBits - 1))), 2) - - -class Poly: - def __init__(self, cs=None): - self.cs = (0,) * n if cs is None else tuple(cs) - assert len(self.cs) == n - - def __add__(self, other): - return Poly((a + b) % q for a, b in zip(self.cs, other.cs)) - - def __neg__(self): - return Poly(q - a for a in self.cs) - - def __sub__(self, other): - return self + -other - - def __str__(self): - return f"Poly({self.cs}" - - def __eq__(self, other): - return self.cs == other.cs - - def NTT(self): - cs = list(self.cs) - layer = n // 2 - zi = 0 - while layer >= 2: - for offset in range(0, n - layer, 2 * layer): - zi += 1 - z = pow(zeta, brv(zi), q) - - for j in range(offset, offset + layer): - t = (z * cs[j + layer]) % q - cs[j + layer] = (cs[j] - t) % q - cs[j] = (cs[j] + t) % q - layer //= 2 - return Poly(cs) - - def RefNTT(self): - # Slower, but simpler, version of the NTT. - cs = [0] * n - for i in range(0, n, 2): - for j in range(n // 2): - z = pow(zeta, (2 * brv(i // 2) + 1) * j, q) - cs[i] = (cs[i] + self.cs[2 * j] * z) % q - cs[i + 1] = (cs[i + 1] + self.cs[2 * j + 1] * z) % q - return Poly(cs) - - def InvNTT(self): - cs = list(self.cs) - layer = 2 - zi = n // 2 - while layer < n: - for offset in range(0, n - layer, 2 * layer): - zi -= 1 - z = pow(zeta, brv(zi), q) - - for j in range(offset, offset + layer): - t = (cs[j + layer] - cs[j]) % q - cs[j] = (inv2 * (cs[j] + cs[j + layer])) % q - cs[j + layer] = (inv2 * z * t) % q - layer *= 2 - return Poly(cs) - - def MulNTT(self, other): - """Computes self o other, the multiplication of self and other - in the NTT domain.""" - cs = [None] * n - for i in range(0, n, 2): - a1 = self.cs[i] - a2 = self.cs[i + 1] - b1 = other.cs[i] - b2 = other.cs[i + 1] - z = pow(zeta, 2 * brv(i // 2) + 1, q) - cs[i] = (a1 * b1 + z * a2 * b2) % q - cs[i + 1] = (a2 * b1 + a1 * b2) % q - return Poly(cs) - - def Compress(self, d): - return Poly(Compress(c, d) for c in self.cs) - - def Decompress(self, d): - return Poly(Decompress(c, d) for c in self.cs) - - def Encode(self, d): - return Encode(self.cs, d) - - -def sampleUniform(stream): - cs = [] - while True: - b = stream.read(3) - d1 = b[0] + 256 * (b[1] % 16) - d2 = (b[1] >> 4) + 16 * b[2] - assert d1 + 2**12 * d2 == b[0] + 2**8 * b[1] + 2**16 * b[2] - for d in [d1, d2]: - if d >= q: - continue - cs.append(d) - if len(cs) == n: - return Poly(cs) - - -def CBD(a, eta): - assert len(a) == 64 * eta - b = WordsToBits(a, 8) - cs = [] - for i in range(n): - cs.append((sum(b[:eta]) - sum(b[eta : 2 * eta])) % q) - b = b[2 * eta :] - return Poly(cs) - - -def XOF(seed, j, i): - h = SHAKE128.new() - h.update(seed + bytes([j, i])) - return h - - -def PRF1(seed, nonce): - assert len(seed) == 32 - h = SHAKE256.new() - h.update(seed + bytes([nonce])) - return h - - -def PRF2(seed, msg): - assert len(seed) == 32 - h = SHAKE256.new() - h.update(seed + msg) - return h.read(32) - - -def G(seed): - h = hashlib.sha3_512(seed).digest() - return h[:32], h[32:] - - -def H(msg): - return hashlib.sha3_256(msg).digest() - - -class Vec: - def __init__(self, ps): - self.ps = tuple(ps) - - def NTT(self): - return Vec(p.NTT() for p in self.ps) - - def InvNTT(self): - return Vec(p.InvNTT() for p in self.ps) - - def DotNTT(self, other): - """Computes the dot product in NTT domain.""" - return sum((a.MulNTT(b) for a, b in zip(self.ps, other.ps)), Poly()) - - def __add__(self, other): - return Vec(a + b for a, b in zip(self.ps, other.ps)) - - def Compress(self, d): - return Vec(p.Compress(d) for p in self.ps) - - def Decompress(self, d): - return Vec(p.Decompress(d) for p in self.ps) - - def Encode(self, d): - return Encode(sum((p.cs for p in self.ps), ()), d) - - def __eq__(self, other): - return self.ps == other.ps - - -def EncodeVec(vec, w): - return Encode(sum([p.cs for p in vec.ps], ()), w) - - -def DecodeVec(bs, k, w): - cs = Decode(bs, w) - return Vec(Poly(cs[n * i : n * (i + 1)]) for i in range(k)) - - -def DecodePoly(bs, w): - return Poly(Decode(bs, w)) - - -class Matrix: - def __init__(self, cs): - """Samples the matrix uniformly from seed rho""" - self.cs = tuple(tuple(row) for row in cs) - - def MulNTT(self, vec): - """Computes matrix multiplication A*vec in the NTT domain.""" - return Vec(Vec(row).DotNTT(vec) for row in self.cs) - - def T(self): - """Returns transpose of matrix""" - k = len(self.cs) - return Matrix((self.cs[j][i] for j in range(k)) for i in range(k)) - - -def sampleMatrix(rho, k): - return Matrix([[sampleUniform(XOF(rho, j, i)) for j in range(k)] for i in range(k)]) - - -def sampleNoise(sigma, eta, offset, k): - return Vec(CBD(PRF1(sigma, i + offset).read(64 * eta), eta) for i in range(k)) - - -def constantTimeSelectOnEquality(a, b, ifEq, ifNeq): - # WARNING! In production code this must be done in a - # data-independent constant-time manner, which this implementation - # is not. In fact, many more lines of code in this - # file are not constant-time. - return ifEq if a == b else ifNeq - - -def InnerKeyGen(seed, params): - assert len(seed) == 32 - rho, sigma = G(seed) - A = sampleMatrix(rho, params.k) - s = sampleNoise(sigma, params.eta1, 0, params.k) - e = sampleNoise(sigma, params.eta1, params.k, params.k) - sHat = s.NTT() - eHat = e.NTT() - tHat = A.MulNTT(sHat) + eHat - pk = EncodeVec(tHat, 12) + rho - sk = EncodeVec(sHat, 12) - return (pk, sk) - - -def InnerEnc(pk, msg, seed, params): - assert len(msg) == 32 - tHat = DecodeVec(pk[:-32], params.k, 12) - rho = pk[-32:] - A = sampleMatrix(rho, params.k) - r = sampleNoise(seed, params.eta1, 0, params.k) - e1 = sampleNoise(seed, eta2, params.k, params.k) - e2 = sampleNoise(seed, eta2, 2 * params.k, 1).ps[0] - rHat = r.NTT() - u = A.T().MulNTT(rHat).InvNTT() + e1 - m = Poly(Decode(msg, 1)).Decompress(1) - v = tHat.DotNTT(rHat).InvNTT() + e2 + m - c1 = u.Compress(params.du).Encode(params.du) - c2 = v.Compress(params.dv).Encode(params.dv) - return c1 + c2 - - -def InnerDec(sk, ct, params): - split = params.du * params.k * n // 8 - c1, c2 = ct[:split], ct[split:] - u = DecodeVec(c1, params.k, params.du).Decompress(params.du) - v = DecodePoly(c2, params.dv).Decompress(params.dv) - sHat = DecodeVec(sk, params.k, 12) - return (v - sHat.DotNTT(u.NTT()).InvNTT()).Compress(1).Encode(1) - - -def KeyGen(seed, params): - assert len(seed) == 64 - z = seed[32:] - pk, sk2 = InnerKeyGen(seed[:32], params) - h = H(pk) - return (pk, sk2 + pk + h + z) - - -def Enc(pk, seed, params): - assert len(seed) == 32 - - m = seed - K, r = G(m + H(pk)) - ct = InnerEnc(pk, m, r, params) - return (ct, K) - - -def Dec(sk, ct, params): - sk2 = sk[: 12 * params.k * n // 8] - pk = sk[12 * params.k * n // 8 : 24 * params.k * n // 8 + 32] - h = sk[24 * params.k * n // 8 + 32 : 24 * params.k * n // 8 + 64] - z = sk[24 * params.k * n // 8 + 64 : 24 * params.k * n // 8 + 96] - m2 = InnerDec(sk, ct, params) - K2, r2 = G(m2 + h) - ct2 = InnerEnc(pk, m2, r2, params) - return constantTimeSelectOnEquality( - ct2, - ct, - K2, # if ct == ct2 - PRF2(z, ct), # if ct != ct2 - ) diff --git a/kyber-crate-tests/kyber_kats/nistkats_1024.json b/kyber-crate-tests/kyber_kats/nistkats_1024.json deleted file mode 100644 index 3d5739981..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_1024.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "8a39e87d531f3527c207edcc1db7faddcf9628391879b335c707839a0db051a8", - "sha3_256_hash_of_secret_key": "ed1f6cb687c37931ea2aa80d9c956f277a9df532649661035c6e2f9872132638", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "5ef5d180bf8d4493ef8e8ddc23c22e428840c362a05a25fd306c6c528bd90f8c", - "shared_secret": "63a1039074f01f2651213ad9350d6561cb03a60400e74118bb4464d87b9db205" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "c9ede13be3dbb0edc3ab08226cae11771ff4c0b04a564b64a0d9ff10e373e986", - "sha3_256_hash_of_secret_key": "9b5876610793ae42f683d94f736d8d7e0e033bee588bab07a31c9cdb4ab99a5d", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "bef440cb5a14bfa652ff69fc431b59980147a2408df8a893f0fafded11d6cfa3", - "shared_secret": "856d56ee09279a13f9abdca14ecbe8ca9968495f09a0758b6d1c8376099365eb" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "ff2546623aee72025fb6746fba736bae0e80e257e66edbf09d8d4dc11049cda4", - "sha3_256_hash_of_secret_key": "57155298b53d3af5d6db214dfa91a9e16f8d5de570bbff5dba5f4cd84098f255", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "28e308a6f91068b01a7065b8579fcb6234ecd9bb8d3172b6dfc5a3a470050ea7", - "shared_secret": "c33a4432cc441b7683605c29afdecc81922cf234e02be8c2fbc4e2a7a3b4b078" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "25b786a67de17d61b2fc0e85a13924398aab931896b6174089569f08b7260687", - "sha3_256_hash_of_secret_key": "d188a2637dfe80dbd0fc25165eb4898923888a82c10f6ff0b8ddb5bf251c0650", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "8427a1684769e63ec43e97ecbe7b7e654b6e63433bccd23340849904e02767dd", - "shared_secret": "7c14fb353ba421705de44f2a12ddc5ad9b11e30e7b0e163cebebe2da79a7293f" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "d35e259a200d16048302df38d8e7f9e1c3352502c43f086fe166325048fdce9c", - "sha3_256_hash_of_secret_key": "020ba30e5832867a6db83cdb1e60ddf0b0a88fb33919edb84b246a345d11da6c", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "b52dc0a41015132b3e7a1ae6f544f12601869bf0673625964e5c4e05cbe656e0", - "shared_secret": "35d2a2ab0e91d365a3e2e99bbe3f5121f2eeb528305cc7730f679e10ec1c9b8a" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "5a5db7d619be642bd87294527b3f859372b279a1e6074824d9632b5d7f616e42", - "sha3_256_hash_of_secret_key": "630f093cb1ff96bff76ede70e970a009a9e5d28fed660e68127d31c3b6dbdb2a", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "4714a5497351399718258f490da0ce28ce8211aad6975546cb4351c8ebe61917", - "shared_secret": "8084cfff3d54b7680e737ed71c37e449f1f9d74bf6735696c46910b13d42d1f1" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "f0d1acd4fe1bd3bad938c23ec5a7f320766e01005e32769724abb4ebac578def", - "sha3_256_hash_of_secret_key": "664f3632f56ebc5c509931ff3b7e1845265e42a76e20550b683527d7d24e8df8", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "4ebd3e44b82b03c01ec2aa9e8805e53b8c8022e987fc9eca59c9a5cfcb1c4a84", - "shared_secret": "3e94b68a80291e957f9dd0a15b112ad75bfa07951ccb36c2de610e6755a4a0d6" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "7008db565f7ab9c362dc38dcd3e30e5da873c559e9a9222710e8d2e7f6417ce6", - "sha3_256_hash_of_secret_key": "9e774cb57c18575de3ec6a9677e40626c2026e47c389c7a3dc5422d8a83b747b", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "1cb3879c49c65c184d605bc6daa22f63affd2a005e145103e6c1ac1ad683d976", - "shared_secret": "900649130f9c28082eab5ce3d128593eeaae89667d7fa4da23fcdfc1573995fa" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "143b9c53320cdb1b7e8d71efd1f0a1ad5ad1e1ce84dd9fe7c92f19c926388e3c", - "sha3_256_hash_of_secret_key": "63707e33c30114732374ac21fd5be61e6dfa7dd85a36eef2e2bae6b3d0599a71", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "780162548f2d85c00f0276f1db2d6566421cf718679147740d279660fb742544", - "shared_secret": "084aafffcc38ac80dfc02548df07f6e7809eb0644385abce0fc569821a907011" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "f2d009cde4abd55a2c7417c9341792e60eaa8e26b53a3aae805746401c4c446f", - "sha3_256_hash_of_secret_key": "2a53faa8053fa21b7b07a96ea259c052ef78746c5d53e2857e9f30bd20d3f2b6", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "9b7ead45e0e00c615fce96105720d82ba431692f92e1a73e14b490219c8dda2b", - "shared_secret": "a7fd777a337219e1d0ad2cdb47fa18f4685ac343bc537dba6c97326340ab3ebb" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "1f06190bdfd692cf499be99bacc4beccf048c89926769f1b254cca9a9a44089a", - "sha3_256_hash_of_secret_key": "faa641eaff01077bd2fc261ccb91d5c3b468a940e25e8d5d794d564b663315c3", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "3a22350624e9ffcfeaf0a68c265dc03036e7d5bdbb102474fd2aed257fce04ed", - "shared_secret": "17672805d3953f1f374dc8671137dabb0136de43700fea82a2ca23292bd0d562" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "cc20155074cd7cbd43ec2380dc6a71b3a88c9a4bf168ab2bf426a899706fa597", - "sha3_256_hash_of_secret_key": "6084f1eb2fe4b9055d6004bfccadad7bd64f623595dd0b5e0c0100d647313279", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "43291afa9c1a8098770d5ed9dd4cd71688c52d616e9e68798f8718e4555e0caa", - "shared_secret": "8813fdb7bcec5369e6238322be653d920ba26e0aa63a3c3b4e4218c48c1d6dfb" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "77fbe004761fc37fe7597638e5dae8b44bd44c8d6efa2893a0a84b104ace6ac4", - "sha3_256_hash_of_secret_key": "608099f3fa437094212b3aa2696d592a9ba45f697b9c1020b69ec1d6e178b76c", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "368fcbdfa009642b3ca8fe0261d10d18db5566bc43938e193d9dae45adf2d41e", - "shared_secret": "b00167b499d5130ef82a91f83d1f1563185de735e74f89afea0b45ae1b90cea8" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "49cbe8daa7dac02d7795e907b037e2ae56624fdc8d7c6320f9e1e69dd0f6286f", - "sha3_256_hash_of_secret_key": "de7838a99458b56d0f1de343315d1a7d460269ded85551f70335b1e002742b5f", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "04c5a66da97cec8a22bca38de71927b176310004175b3496c5a2737e91b18e00", - "shared_secret": "c55179382eb5d4bbd91e45f4b3dcc5d1022110aa209c002600fe0d55a5b3333d" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "a333d474be9bacbea4c301148be2ddf13c3c25d7e4f52447a549a27b6d12710d", - "sha3_256_hash_of_secret_key": "731e7c1597fcea477249114301154b9fda1050e71617827da0c9cc149c1cb99b", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "841415e768ab08549533578cdb506a9f72e8d01b472b64746322328c0c035080", - "shared_secret": "91c0a23c78351e8f8de8e38c5a10e41e5290ef96266f93839169c05842820e41" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "35d109f57ea2764642ea3473a4f192cedfbe153a37f131cdf447b60e92310eea", - "sha3_256_hash_of_secret_key": "0420ee0853629da644872d3e2a9b0a89c9dece1a6748247d2f8f39721af21e12", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "82c120326a2ab109d5c3910a95ec69dc3b1c1c05570728164791870d9c9c1a3f", - "shared_secret": "ffd93f9141d4b2abf600c1c258ee78e0f752513bb002677221060cca3ff1e5a6" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "cd65fd07a78e48c1a02e235ec76fdb509cf9903a4f5a850c51d9d3fda383cc67", - "sha3_256_hash_of_secret_key": "951cf21e37dcba710b581e49a6df1c75c65186e9672d647e9cd7239eb4bb975d", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "0217f113b6d5786c3995b366adff6984d0c8d91a388f798a9556d7d3a8252b9c", - "shared_secret": "550b4e8c00bb5ece74059879fd14f5a0a89073d8a54f8bf1597f1ebf198a61fc" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "376f022313718aba325ef4c3b720e2c3ab314ace74e983948ba2e43ee3a6ebde", - "sha3_256_hash_of_secret_key": "e697899409d15ce13113a2ad86448157a248ff0701b40eec11fb4afac7b9f2fe", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "26c5a91a627899cf23122c5881bd00b0a4f76e0aaf5de60d1d273e8e635b574e", - "shared_secret": "e5b98a3c32a5563c49df725e661a9f44a20390cf83a9779ecf5e7d9f5aff0143" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "7944e5d79dabf7b7259df5ced02669c81b7dc4590e0b10764729d812f6bd85d7", - "sha3_256_hash_of_secret_key": "301fb18a9ec0d975414abc4d41ed0c553e2b9aa2b03bf2765476e3288f760ee7", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "c7474d6b8d9b3677b39b69030f40415e2234e637e200c689f90d6b37da3c4a8d", - "shared_secret": "169929e655f214d7ddca31eae7ecd2e01d9ee0601fd4a2c3a59eb701ed9522ab" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "692176b38737a053dce0551b63e3eca81884bbf95e1d8975671a2f7f1dfae251", - "sha3_256_hash_of_secret_key": "1ae55a55d87ea8d58b51f842c7d6990a1ae6932eccf5c39e97f56bb481a16b7d", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "7509dec8c1dd6f29855e08d61a56ade71c6bd9a47102a12b3d4c9784010bc5d0", - "shared_secret": "be36ca6f5e0d3da0b5c144ebccd725900a06782fae7b2707ce7c5cb6818c8991" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "2f54bedb19919171eca777186dd743b11ec9489aea09534c157faa75adf1c77c", - "sha3_256_hash_of_secret_key": "4bea180ffc80875ac731f18365224bd3eefc8d11fad63c7376adc1a37adc67bc", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "def0451ac37ac39a0ef5b94406de4e313b3d12d899d6a4e92f3ee37c84869efe", - "shared_secret": "9769b7f3571089f1a086606f3545dcd094097befd492e3c9889f9a97c7b181a4" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "7a9232085a0222b9c863931ec3bdbdd51be3f16d6cab3009c138e0c8cb692563", - "sha3_256_hash_of_secret_key": "a01d03ab913ef4672c49664d2c95fecdd98fcfc19e8d8b839e79a8f6fb9bdf42", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "45c35e22eaa9d63a6b57f60ad2e6a35290b290c01761030dea1c9aa7947c965f", - "shared_secret": "7a190640b245b6b4de7ac38fa6d4c50e935c0062c2089c926e4e8c31f233fbba" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "1642d52117145ea2956bd5e446b895609be84a9344ff0f5cd1ec62af9ea9e3c0", - "sha3_256_hash_of_secret_key": "e2d190c6c423252af301186a3e49892da8c22e4c0fb61586d119119fb7b07447", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "0e67bf478bf93c925eee2cdfc285161c1b6dd2ba3a479dfb5fd9203ffdcd3c85", - "shared_secret": "5de71ca6710d2d588f53059a15e3a266eab4ed2230502b597f088014fbe9b659" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "0163017a26dba83777c4c0f46f31375ba02680ffaba588a9fe91f97ccb99c445", - "sha3_256_hash_of_secret_key": "5d101bd4f51fad047a1161e7a95197f6307e7cb88e57fcf9fb28a2be43e9f4a0", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "7e38f78738ad21d1015a2e79860e8108e807a3e7070515185ae581345e08f6e4", - "shared_secret": "42ffbb3ae86b744b00f36a01f9cb34e8a08916f455c9ea0e5e6ce81bb5042cae" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "fb21cf5cc9a8a47a07cb2a154f73676d39a98a7d12a4abbd37378595c6332f46", - "sha3_256_hash_of_secret_key": "3c5041ff25ab5e854e792eccf12721be4f820020ed7895d5ccb7b1ba4bb7b193", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "e2b8a6842755e5a408a47a32c2093dcf3aa0d32448ddb1f1a154315634f1b701", - "shared_secret": "90ca5a797490eb35c3cc24af19fca6dc71d41aa58d68e0061c1bdb8481e691d7" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "591aa9c81277503a34441fbd6cb59c6d1ecd5e00298fa56be9df562576250c52", - "sha3_256_hash_of_secret_key": "2e9c26235e0db1383671ad4ef147c1cbe3724bf800be90e356a5a381e3d9aa12", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "02f85b52a3684cab8bc416b74de36ac686cf3a3a495440cd444c1fe7d84b2e07", - "shared_secret": "bd58345e9e19483cde256be650975b954e167bd8b0a9036a95c98ebf037e87ec" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "1c6c4009e28f6a20aad0c0b14b7cc0a01aeca507c366913ba5cadefe6656881b", - "sha3_256_hash_of_secret_key": "a9d3487d20af12309fb8d12b71a3fc3ad9109a9cc2720a0fa409ec5a491943b4", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "7a5d4cb38e9fb2beefd925d54155ae91d60bd95696db2de45e2307658341f2e7", - "shared_secret": "53d22dbfb623f5282ac68ff607b69b9ce559ec3b70aae668c684d90dcbbca13d" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "4576536d1bace29aa7c31f7681222ddd15a3cf6ea6bbd3528d2ec8610d68d134", - "sha3_256_hash_of_secret_key": "0f1d74d5cd2fd6a9aa7022a0f06bdb6272a0bc23f115796d6e04692aa44de4ab", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "8448f623dc438ea4a849544c4fbcf3dc493b18dbacb911b83ed651155a145c53", - "shared_secret": "cdca5387453ba0f0fe9f126702ada05c3612388b70185b6c2e69dbf98c2803ec" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "eea5db7a82254d19c0a0c552ccc92db9c3eef74cd73a9937b7b7298171313f12", - "sha3_256_hash_of_secret_key": "d4d3196a516686b8da051e915241f141b04af55e83effb968c52f23a19ccf79d", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "84e87b27235041a1815c98ca4cf9ce031d7700a48f602bc9dcc98f876ae50c62", - "shared_secret": "b15db77dc79f2d64e13445c4dfa997afb191e0bb2bbf6a210a5d64263b2408f5" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "72998cc3abc79487ca0a4db5b17514e9961916d30ab9b500430ba748c5c79226", - "sha3_256_hash_of_secret_key": "362b40ba4e015b703f639f4c784fa9f114f2cf65de5f6645e8f9d37fb33fd044", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "44b60f83deff617231e92c5ece08a24243841d3df34de2517c29bdc89ff51400", - "shared_secret": "8ca9424860c35214636855849bb039cdcb4c722c5b81ce18ac1a1090034dafc1" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "e9631b6d4237dd6884ae3647dd8622fc13d1cc689f3c8ed94ec6bcd4bbdb6980", - "sha3_256_hash_of_secret_key": "96736bf10a73d079e56f5812f65e3465957b8228423fdae4059feaf918fba361", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "eda93794649d2ba24fb277e8cb0e5788102a4796cb21388caa25eb10bafefc5f", - "shared_secret": "b056e2904d66c51dc817acf961f141c2de7d201ca8e52d19564d0fb4e1310aa9" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "847db13de94d97a88d5a3deae31c246f5f04d0c7d7f337859e024764337a08f2", - "sha3_256_hash_of_secret_key": "7fc950abb115ea2236036c300c95c76015606539ddd2409ff1b39a99b86a179f", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "af6d97857d131ebccf9d356e78a4fbbb66c7d5ad68fd42d356c3ef14aa756d47", - "shared_secret": "663bcd21601942f0ce47640325c9efcfc3eb3b022f0cfaed168893b1b6e5dcfc" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "f122b76b83c343de27054985634387fb7138f6f6f105cd4cd3f5b02698a964b0", - "sha3_256_hash_of_secret_key": "620b4d0dc53a26e175c69ae7a8f2d749d4adf1d0429852b84839d334e024ab06", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "51f8a50f2dbcb1255619a7a9868eece507b55d2138707a0550a4113a7e162d5c", - "shared_secret": "cad5816f1b2057a410cf917f52040aad9cdef2122ce59211ccef77c4a7c23a6b" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "4c3182ca7a48afe60eb85790dcb50b8005b568921dbc724130b0ce83f1278454", - "sha3_256_hash_of_secret_key": "44b1c2b3487cdda8a8e9205d95dca710093e981e7bf2ea30d1d2502b164375fd", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "f231d9b8e3cb86e9daddae8d4555779a9125a16a6d2984ef55914a27d7912fbb", - "shared_secret": "e8f4dd3d2bb2c2f110bd410b2c37beee6d3bc7c7c4dc477c358234c54bbbd4ca" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "4359601c371b50b50b5306de33cfd476d3b5f811700dc4918beb345840244e3a", - "sha3_256_hash_of_secret_key": "6f2d2c913b4a19bb07b531d74edb549659a35d1330b1ddd62c74dac4bc5f061c", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "a6130d387a04846c8b920f94f59d6c65b4954b6ced0f0d6a8566a0110c198a08", - "shared_secret": "249855eb724db68f7367385c45a3206fa19c521644f8841b7a73f536ca47c26c" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "e1f6c5a99a49d6b1b4aa18089439bb4c56ca465785bb36594ef2ebd3af20d564", - "sha3_256_hash_of_secret_key": "fcc14cdacdcebc6d1933f1ec9d430c643ff5fdbd78d2fe053a8880e6ee8ef129", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "73a09eadd34a8be74772db44187ab49a2bc086b91848c6ff09f1306c264f6fe4", - "shared_secret": "f1be516b31ed89cb70bcf428a2ba2c22b3919f8a9824a59b875ff1e697095ae2" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "b8aa8568431ffc4681caacecd4475c838cf7348402a06413e7a9590ba405ea5e", - "sha3_256_hash_of_secret_key": "f1e4bb0178d949637c06e252493235480d3ed16687e9a1c36df0721b29a7573c", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "24392701d3f5204f5cad5662bd6526a178567186cc070d951e03593e5722eb46", - "shared_secret": "6ec4f71386c0f0c16294e4d76966c69c512d4e5e00a6e05c5aa544e542454225" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "984f4c4ef2371654067ce0f22bbe4648dc9d87eee23842f31affcdc36328e8db", - "sha3_256_hash_of_secret_key": "240fe3ab98047b1985b22240622da9669f7ecec81801861ea0859704f3263f6c", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "f190fb70fe762db7125e3ba3b459e32bf99775c3c1efb84ae1776b50206db7df", - "shared_secret": "464274dd39f2862a97833631ac446642b3c3dd6467c7d2404aaa46a8f5f65b3f" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "74841a59db1202eb2e3744bb36b9c5a229a33cf9eeafca4b3d02d155d870b6bf", - "sha3_256_hash_of_secret_key": "e808e7b999c5bedc14a1763428a3f2b3eb9c3f90743f8a1922c87b5874acd79a", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "675ff34f87383d52203c979d1502e2fd35d9da09cc095b44caa073cf58562ba1", - "shared_secret": "99dd968e1f5c94c6c4d92e7eee393c802d8ea4a34d39de2048eebfb21a0a4b9c" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f7243d71bcbb46b9a423431b3b30947eda5fd81b526cce79a36730d8ee1be42c", - "sha3_256_hash_of_secret_key": "b1e6993caef04e00ffcf42c81ae97c6d89c5c19bc3b3e1235c48829151f8b4cd", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "319744b03f01b7676b3975b70d20698972d5492a2b0c8e0833837de36945c699", - "shared_secret": "0642533fe87a2913a37847843f7336a0e4c47f778afe5cc95433948a76ee7ecb" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "4092d5afa2f038f879184f7344800ea49a63543be9600bdc2b18420744588290", - "sha3_256_hash_of_secret_key": "18b8bfec268d6e1d6edd376689f2bc5ffbcdc859cee0a26ccf550fb42863d57d", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "4fb1c5f9a918a9077f822c79ec0697dd6dd7b23ff3cfffafaa272dfb1233bf8a", - "shared_secret": "a226b83601ae0e6f76f9f08b0a2f6eb30a3afaa39ecf5c5671e988a354fde9a7" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "ad7166f31b2650d125c8ef23b5825fe11afe25d0cda306fa6c7a824b4c2d31d4", - "sha3_256_hash_of_secret_key": "0124d8202fcb0c40d7a6cbc1570df65602f376854abd55ea664f66e3923b3d56", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "74501710705cbe8837e88dc8986d78310ea57196185e3ee3ecc8d17d8cafa7ac", - "shared_secret": "3040e7e4eeb844c1385a78dc3c8a6375880ce8fab92827460de1825a4915c3b6" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "37933cfd8c0e61085f2ae264d85c4ae05f8bd40bf29976c6d52e4f1c7ff709cc", - "sha3_256_hash_of_secret_key": "e9a6c0af326ca00c7f8ee0b6ef5661be3a84c39165ff60fea5510cb219b8f788", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "3fc676cfc433cccd2d248824c4f51406491cfd99bd05f863cb4200155ac471c0", - "shared_secret": "d990008c5eceab7097524d6755c663ba04599eda80560d59088b21cd73243462" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "ae96ec4edc7ee08108fe6c0411a96f48731066ae4be12edeb7fc667039c9c1de", - "sha3_256_hash_of_secret_key": "7110c8c6d14a3cf5dba3e5f2ecda1ed1490e62b032f798139b779054da20985b", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "9b33f0f26252a0e1b92f55f4c0f979efd5ef68ef1ed6f23bf23e5eab1c732ba2", - "shared_secret": "bd50423b4ef27559d67532abbfad2a3a388e3dbf4d7b6488c2b48f19cee07ad4" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "4e23909b028699d6677eabe6bac4bc4e8437acbc52b0b17f1df5760c0455c2b5", - "sha3_256_hash_of_secret_key": "63ace19297953d106cbc1df1a25143a15772197c05aefb070825ef568eafcf23", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "7747110bc34f1a35fea13d10fffb950a85bd6d9247c89b2071afce7544b312bf", - "shared_secret": "38e3d97b0547e648b2b722c4844f59ed43dcc4b40fa7dcfe6184c2fe62ab3530" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "513906f5bef81445bd210d63fc4c9b9ef0b61c17b0cd5b229a45908fcbaddcec", - "sha3_256_hash_of_secret_key": "11added546dd697edc51e8ed16ca3ccc9da9629c4ce0c8404d04de1aa8b8114c", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "569f8e9da2051bde67bd3ff8e81e3b4e749b198586e2ec8d0544e6a8793aa782", - "shared_secret": "cca4f1d172212f8c23eb5da77144640d821d2671f66f0b3015d0b46e274e193c" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "4f8b3e9ae47d3b5b95c080d4f18440c24b0691c19f06f5547554697bdfe97b01", - "sha3_256_hash_of_secret_key": "cf4be19205cf0c2bd0eb0c1e7aabd40e265792bfc302bb0f28716c406585ca37", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "ce6e0b8523fc48a54f1b10be23b1e990a390e4e823d4483681ffbd2ad09f4977", - "shared_secret": "dd7816a8a015b2001258e665dc0e576ae19b10dba9704be9c484e4c8ba645522" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c1b4fdc4929c2c7e4501ba7a9feb0be571e27c43fa96f9a7f934636ed9a86110", - "sha3_256_hash_of_secret_key": "5b475ff0aeb273c017d1e7d7cd380e41d50e634840e443a762608c09282f3007", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "556aebca384b3876ec2c00d446239855602625800bd1ecf1b7eb3411d101d442", - "shared_secret": "e911f73a4c23637a2708739bd5ef842ccc57d32993f30d6ee1f88acf5093ebcc" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "df4f164c11041dbe981d8ff2008757b7e694f564a298b92cd182129ade5e72bc", - "sha3_256_hash_of_secret_key": "1f836ed803ea8abe63224c016dc15468719599e06564c11e9f641eeb3634350c", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "5dec68120c8c2182ac2b2995eac56b91df2ee9c9bce8e801853e2cee14c0d8a2", - "shared_secret": "572994fb967815fe8bf36cf41560dc69aeba8e32b13e1d25128585dbb0e71068" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "ed722667caf175df48a3a346ec7cb1bcc37d67d3137ff7b7c70a07f202893a33", - "sha3_256_hash_of_secret_key": "272df80631771996565e673a4dd92318e87e625097f74fae14c688a24b558216", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "4214ca50c6c732d34dab0b460d7cd9e0ae97346fa50a67386fc35ca0ac8223fe", - "shared_secret": "92c63dee4666bfb34fe3095f65cd458654df578f6eac0ec75f5235e5da6a926a" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "0c4dc82d723965476a518ea0915c1554bcc61c814c80ff120c37e7e8ed6d5c40", - "sha3_256_hash_of_secret_key": "d9e7fabffb14d620ccf618a1e25375d4cf58875c38ecc73587cd09b17621ade4", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "651834fb53362a4c4af0b141885056f9db913c4be968c1aed3d7d3f5bd1048ec", - "shared_secret": "0e2179fc3d310aca496244699b05da9b7bbb7891ed41b675e5dd48355a586360" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "c934c11e2eaa7c3c4e764863e436ff12fc9f517c79df6344ab98611f57fe7296", - "sha3_256_hash_of_secret_key": "4f502a9abdfece85347362ac4c7e2beedb137e29a4b638c9bfd710de432b5e5a", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "06786544f2ea24bcbb677092f4602d59f9cc9d2d8211614dbb5b87edc6edc46f", - "shared_secret": "573a8fd5e5935badcf974c50cc36e191f0ae2c1458fb00d4117e675424d4e37d" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "5b07c8359e6ec4989c34b31293f4df965b5d95802afa5836beabb001d5cd4dae", - "sha3_256_hash_of_secret_key": "73973aaa43538874f8b16d44faefbd26dee5389a05fad2d4f966662ea9eb1df3", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "2d6085e31726d74e2ce2a28088ef3247b68b39d0d51c225df2521ba327bb3154", - "shared_secret": "c8d5e0dd64b4f3c6450fd24ed2918887d3ea2806479d3fcd5a19894f4fe401ea" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "37f1d7e636b4ab366dd5725957b9e5d2498e4ee1929f2213f9d05c882d96a106", - "sha3_256_hash_of_secret_key": "1b150644ef3edff5c406fc9a85e16fbc87cfcf8a6ac726284483947cc2fffd63", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "37d80e33f5bde211a9a3f634f8505a816e46195616c34a51d62b031822201337", - "shared_secret": "f0691ad2fe875e3f0993f25452c70f0c40891b998deb6a7f7aa3c0bacc59bfce" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "a5383897314d60ae0ab1a8b50d6f5de454a2eb8b0502d57001e6e19223a82ef2", - "sha3_256_hash_of_secret_key": "38e8404120bbd346e0483ff7eeb758bd655ed94f6c02e427468f0c5fdbd957f5", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "3e819dc1fbc939e49bf5935fc8ac8c36d8c16da057091442df74a76fc3125fa0", - "shared_secret": "bec215c6bb33e83574319c839db1ca6793931d35a7239bf4ad3c4a493fe5c5ea" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "500dd7b94b28b5b650d90962962bb9a3ae96e70d35723217f3f178cbe5659051", - "sha3_256_hash_of_secret_key": "5930b10cb88d66ad1ec117d2b134f921fe4ec980ed9c351951d47d33510585bf", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "cb20903e6ba3a41f594cd09056c0a7af4dea86039677761e88dd6818db0d0e88", - "shared_secret": "18a505a0543800a93ab6e2fc1d866e22337fc8387d32541008ff82a73ce7dd31" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "3c4467b507971523509bf97d2bdd733ad9eb94f312e4226d036e8fe827a20533", - "sha3_256_hash_of_secret_key": "76e696d5d7ebb4e2035507601f66f38d74db35d3c76b3622678a2c65ec7b0f69", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "df6a835ca5253cb64d669990a60fe03b44a4a2229beade86a2f3f2381d33f09b", - "shared_secret": "f155d993eadba79e6c2376daeb7f935d39286b10615ab42c5803d43f15960a66" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "69ffbf2275f12c29cbb69f90a8c881721ce39b49dbba550ab93a2c4c94bfc669", - "sha3_256_hash_of_secret_key": "76d6db646c55687ff9eeb3f359093a7105a7ef711bd60a4ef7f1a1bbd70ea24a", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "677fe79386a26743faa6fa1c79576e3f898da432af70e1f45a73b582b4c976b9", - "shared_secret": "4cc8728603d51b14fca46ebaf01e6b6347ee9c71d192591ee857c206d131886d" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "41bbd3f5c241a6d65b510dee6662e2a8f35757b0403dcd375e7a15991a7873c2", - "sha3_256_hash_of_secret_key": "256673d5b2a0225515bee64da0105c167d031405098819b6992d01c3cc711bdd", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "9306db283ad2a844ad6d266ff6c7bd8e9b4ffddef78d656c9bd06d52cdc52c74", - "shared_secret": "fe5dab115160a7200005216d7e6e7dd8527f9c2eec34f60c6710ee21f7f91730" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "290261ff6a1d2fabc75feab002d16cdc44bdbdd0967c728ebef0e9814c60b5e5", - "sha3_256_hash_of_secret_key": "beb5d2dc34b1dba8c87e4ca2659ed8ebec2d93be0e2d78285efeb9fd998f5805", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "7f94b2d97c0821593745e9b5301a66a81b75e71b15c8c21558c8b8b077d7af5b", - "shared_secret": "ba33ea19873105ed9690d40426b2cd24073c822eb86120a4fe8617b5201f9494" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "7ffefda144195d79e581c91cdf0247f4346e811f890f54f25226b4ab835871a4", - "sha3_256_hash_of_secret_key": "7b85555898660cb43a060e367d9a97112b48e3b8f99d437161cf6ba44b5c6922", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "310c7f22a80995c6e375122f1395604faf5f72fb9fd6819597aba8f370327647", - "shared_secret": "2baf80269b225c66a8c35c6f835f15bd6949ae2814cd8c405a0aed313a637701" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "13dd780ec5347c512cfabf4c2e6a44cb2b17993c7c746f93c1400a5db9f12511", - "sha3_256_hash_of_secret_key": "7732b2a074d1c0aa93106ca84711edcb7b8a369f3873cf89fbcebf0d32176f1c", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b0003e684b9ce6f284d9a746cb806442e5443430bed95f2e8ad7ee824fb3db2e", - "shared_secret": "07318e8edf0ca8f30f49fa906ec814e40ec52922f2c0ace243386ef2bf650000" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d5acaf411ccb64500879102d9cdf6d9fcad673d874a4153383806fe174b2fc1e", - "sha3_256_hash_of_secret_key": "e5c3fdb9d8e92c42ad48684f0fe13aece244d116f8a6d09a764aaa090b3375f2", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "9ada65c57d8292e9a999ac102ef855d5da932a54f80f3d976fe1ca834eee5964", - "shared_secret": "38b5d71f3a64feb2cd41d6b7a4ac5440707770dc4c472c3ed141165fb7e8818f" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "152641a683dd690d4ac3edf0261200cd9244ae7dab962eca2f3d22a554d0802e", - "sha3_256_hash_of_secret_key": "7afdb84b3806783db52ef1f5f0ff89ccdb051704cfd19eec3e2f0830c3b27550", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "499ffb9a28fcc692e7d61df4696b538f1bbb205ff82d604512220a9e19d87254", - "shared_secret": "368a5e417f4fc728f5080e8fe206ca7558909f6537f1012a58b2d9d45b7c6a8e" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "9cc95efe512c84010ccd7118a92522cead44cff28d6e223f76702a47694c8f05", - "sha3_256_hash_of_secret_key": "d9a18ebc4b027c9590d0e4eeed88705aaf5d166cc016cf6e0baa07f678f1f0d1", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "d202a577a7acba1801e03c446279da6dce6f262a6b1bf06d3c15283bf69fca47", - "shared_secret": "7d36e561b501a687939aa880285d32cd6d8b66e2e65b2a076d5aa516cb5b2e6c" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "8b12f00bf09aec2b492cf53686beb31c558d0493cc7b2b9a9dc7265fa9edb685", - "sha3_256_hash_of_secret_key": "9979de3ecfacdc04e1229773f36d7b4bdfd731ea0f1fc2f9d56ee1d07e9bb075", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "53f97fd2a138ceae2b327344c4947cbee6d6563a48d9bc5d8373c4bac5233a5c", - "shared_secret": "6be99cc08c8bf10372f7d5c27bc3ecd17ade8afb967aad41a1b33c0ff848a1be" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "3c98fa4af17fd014a60d11ca5e929e4fa2524f7db289ce0947ad90657990c153", - "sha3_256_hash_of_secret_key": "2c370afe3301b0481b50ae72e21cbb1be37d2877cd802a1d40e05d9b4e6be502", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "c134910358575ee3e211603b58b3d6085cebcb91f32a355ff437fe87ee812e3e", - "shared_secret": "f6fec6f62257d9a7041f119fff60f734c928e945fe131bf70338f273c0614ae9" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "091210fb4f6fac00a24167d9bd2761e601db0a3734e3c835d1e9c5865b1e379c", - "sha3_256_hash_of_secret_key": "fb4bf08e0cd8d2f31969f75b420578f8d6dcd845824e427a6261931f1e1b820f", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6076283588ebdb4630d85b2dc6dce53492e11dc8c9445597ec57042bf1e59634", - "shared_secret": "9c56f6d91af6741ac13f241f8c960433c0ed4adcc86130877ecc1dbc10573bc5" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "6c206507b89f46c6e9cd5e78b6cc78fb3677ee609cc090cf3782c876fd5f941b", - "sha3_256_hash_of_secret_key": "c9123a2bac61c5fc4304da90862d8cb544a31da2cc8b8126ca16a71278f461e7", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e57f70dde96de9e66ce28b7d1a3014cb095a8ad00d80ae7735fd499d57e2e6f8", - "shared_secret": "021b7e80dfd1258695b61aac785b0134ed6e9864d3cdf5ebd4b3ffdd9a5bbf06" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "0560200b8d070d1db2cbeedf3cb322ebbab3edb80cf474b4178633c210b2fc74", - "sha3_256_hash_of_secret_key": "a2424d9992c7e999a5b18e638a22d65e1e5d5029e5fac62a5091095897b3543c", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "b5928a28fea0e5b0321439f9df86c6f10fa6203bcdac0cc94da7f7d6764d543d", - "shared_secret": "2c876ef4c2bd6464c5e4274d5360e210ff389325c1da4bda5495294d7cd126be" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "3a2484828bce833f9262405b562bcade9ff04877838558409d2b60f1b689d137", - "sha3_256_hash_of_secret_key": "610db3251ec079ce8003a49d64ec03dd49d89e82ae9f12d26d50938f4a3992d9", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "723bebfc2e4e934fc9e35383c7f150d31d832e1516c66f8bb2effb449fefda23", - "shared_secret": "909b047e7f0fac27df2787ae406fdd66893a98d98e38a9f5b67bb5c8431a77c4" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "bb8615509158b63be5f5e51a0e690f2ad6fd0c56fa886bd85902abd52598bc81", - "sha3_256_hash_of_secret_key": "3a4a1360d366376a56362fee0aa22756122e3c40226c770797c0baa82192bfa5", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "47cead6dc9f155f4e61afb233c6a8519f016c6f2bf7b1668ed9333daac257507", - "shared_secret": "dff8310ce364ba5686b9d42a17922b8d5e9259a176e38d39687a5269455939f7" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5cf14252096e4988d8ecc4ac6d29ff09c55d666865863d03a68db523728910a8", - "sha3_256_hash_of_secret_key": "404e6febba9802464a188007c2137fc25a4c437611babc8fa8248a0e42e45357", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "84765944d4602d3fca6333b699d98e4c8c9b3bc1570d428398a29cc5a7fb96c7", - "shared_secret": "faa9833781a7a41691f236feefa0c743bc141f458ecbba98eac4a51ee1ca001c" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "345118a7b9bcc773f0ec10c3e353eb4365d2bbff3b812df4635d5c8265b5d8c5", - "sha3_256_hash_of_secret_key": "2eff0ff04aa2f95d9d2a877d2c3b4a09255fed2413da76e63506d0def33f42ff", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "602b3893213ac6168e24c7c20d22a9c9126a9f70b918df134860f394795836a6", - "shared_secret": "0f47139a8b007c4ba77c91ee885435dfcd38d38c0aa4f57fc147f08b4751aa44" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "772f50f7047714627bf76bc098e0b919145fcd8df6922ebac383e5c556738390", - "sha3_256_hash_of_secret_key": "c48cd8eced0093133d3d083baae0f69ebc3e239c373a41db9557c1a46a40d480", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "84f212f6cac0f0e7a6a27630c0c33f98063bd57243b26fa086d6a37161d75f81", - "shared_secret": "182d34d0e83216d26a9d13301fe75a3aeb15ab145433965996255120cc9a5f86" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "a9f015f625356a6bacbb5e565c70184940891589309a571b7166c2ee713b8fbb", - "sha3_256_hash_of_secret_key": "924859759e33e4100a02afca0ad0f0e631eeef3b4a70444267e921b0b6eb334d", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "935ed1ee90431bb81d67fa4c620c973f7354aa5dab63b51686501882e65a3961", - "shared_secret": "62a14f68d726235fc16e0ac57ad4ae0eb3fc029abb18567a4ee574b44924693b" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "655d6f749b0a013bec99e017f5e13bff76680a2f9386f2ac6938d7950d5fa1f9", - "sha3_256_hash_of_secret_key": "0511490e76eaba3b276ebadd300c394490589dec54468855977e96a33025e06f", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "c28eea97d0767b408e58bbadfdff091ba468c26b585f22bde6f3eeb1fc7bb631", - "shared_secret": "4ceda11055991ce1e5d910a240981e39a6a903b20ea6ae6a21d9d56d0935efa8" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "1c3c2aed0ff6944819c93f9a9fe77d14a16a385f644de118099fd4f7f57db9a0", - "sha3_256_hash_of_secret_key": "0fb711641d1830a3eb4ae1a4bc2fc610ea9a811fdc5274488dd31f9cf52ec04e", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "9fae0ef351454fb5c87cff7ed880d32dcc2f0654ab8c5a5b66b1e85d8e6feb06", - "shared_secret": "8d8257f05a4e76ad11783f7f6850c4f1c34017bf5ab47f89eae202132ada42ff" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "357d61586f671648188f070899d2eb3408158adf5e8056ef37ab6d8817cd8275", - "sha3_256_hash_of_secret_key": "b22e39d960d7079015d70fba54ae860285f3c182bd5fc8d84c255f5e0f86f800", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "388d730604d16fff83eaa4e21a540b2ed8b3138f81b4c1c4cd7bb863325344eb", - "shared_secret": "08a60196adf66426b4e7b90be90160e196944d012cc34a524e1e73ca125ba407" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "ef07b1f4886b895a3246241ddc084379eeb0f0ed84bdcd318fe72c9b546413be", - "sha3_256_hash_of_secret_key": "132633e3d33bcbc61ff70504e34bb033c92db5086bd924eab4ecbb8e4be983d5", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ea130b782f8d0167bd57d1cbead18c1a5a65ac27681847b85d8e09030dee8738", - "shared_secret": "13f3b79bb1e5d20ed95c7165a610e122b5de6cb02444cc66e0f1f9ec44c27485" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "1a2d9ea0d2280249d9d756975c6979a8770bf4b5f6addbd76d045a816bc1be38", - "sha3_256_hash_of_secret_key": "23678549b4e6e050b57ed1ad078705d33fe76ac976a9f70312b9cb45be554b0c", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "254058fc10c3327f551dfa143d17dcf4dc4319419050cb5e6841a8d5cb6ce9cb", - "shared_secret": "fcf4227a487e719499f86e44ff74a5339870e4238c20731e0c85f00229f2a1b4" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "a57b333a2f41fda2ea72ea11d8bd642d911f6afe90e60492ebeefdc17a932192", - "sha3_256_hash_of_secret_key": "b59171816497ec0c34b963be3ef6366eb051cdebdb145fe445e16b72aa37356f", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "4bb877beb1b9dbe916e61f9d6d7442deb7483128b6db494a0724e081be74ded6", - "shared_secret": "3f8cf35d0ba76d75dec611e5fb059db5197862b7e5cc6b116a730734932441f3" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "d3cd2febe168b1ddf776b954e96085a7d475e3c8cbde68f7c80ffc9fa46b0d43", - "sha3_256_hash_of_secret_key": "b41a159ad0a89e7a771ef11e68efc9d79e6add05b261d0e40620a6b667a6c6bd", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "62de1efed6f92fc50d8fdef1ff217cb04faf53196e5af3a7507cb6ea5f822e2d", - "shared_secret": "d48544c1ac452c0b821e080e02c9c83e95252fb033617ce270f58e2974679fc6" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "9499c1b006a0ec2c299c41c3f728c3bb7848957fb2bbbcd05b65233b89a2b1b1", - "sha3_256_hash_of_secret_key": "bdf5c3beb39ae62a6e29e858962c322fe525a307a163d68f765779b7848bec3f", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "3a0a1742b1e27f14001e3457a00748f232f550687a232fa409c2098f97e72bb5", - "shared_secret": "6b8f4cbb3c4fda3c067d7ba48bf24e24258ca7e26bfaf918b784d01ae74ec57c" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "aa14ea531df0a7f93225de1c75ace0d2692bc750b1b538cfd0d860ae9c5a8c13", - "sha3_256_hash_of_secret_key": "155cff081ef58459a00ae63a6ee0ed2698bdbd99c67b4c9dd09f8b0fc3de0120", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "8753aea7979a0d3f7aa35b9fab1b320d1b0965899bd51bfc8c1f6de79ff7d92f", - "shared_secret": "aa9878a81dd8165350b880c4af6a2adb9e50a48b9e0709f069c02184d3785181" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "e0013ff7eb7b8266ee94659f3372f5981ce1d87584cb1f0e80da2c0c95c16b4e", - "sha3_256_hash_of_secret_key": "7eece78f3f97759d0cfc8a69481271a425c56e540704b2fdaab8b2d920d19e21", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "777253af58f65c8a85f3feca46f8d32eb5d3d5d0664ea59cfdf47b89be9f005d", - "shared_secret": "5a23296c84df3d660e7c2a973c4e6bddad3fd814e158028ff92b234cffb1afa4" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "b503f8ec36d39fc7b4b8ada1cbb933b9db9ee118bf081ed75dd5dba7590f6c8c", - "sha3_256_hash_of_secret_key": "65d28565658fe991b77136b89255ec2d1cf65368e06f2b30bcedab87ffe39550", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "a7302707d52fc49f3e3637a742826bc8c8267e89c1fdf95b2ab7a0d8f1003c8f", - "shared_secret": "d790ec546719fb05125841bda9dd361e162ca4241e2b489a0f948b612309b649" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "03341657b159925cedc8967872a45a3c1f0122979af87a878a2019b3f17c8ba6", - "sha3_256_hash_of_secret_key": "6bb236b9c7a818f9edec1e5da339755dcb7ca1b663a5a208c38c75e7ad7dc12d", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "9a9301ca946909c3ee5d2171bc36322179ab4bfa825ffc0b826517accbc78298", - "shared_secret": "10086d1a59c41f84a089c239fcd8f8eea3b22c7796f9c1f9b1867b709cb77704" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "60c001172c4734a620c248654c58f1c10135657083de776116a6acf8a55f3610", - "sha3_256_hash_of_secret_key": "b10663e90392d6387c16dcad565bbe1fbc05f32495cf9878706bd0d61d289147", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "e4b3ce9e19c204a884f8a5adbe41acca97a22f1f5f2a13f1185021a8a36a131f", - "shared_secret": "82ad68065774eabcd6e78c027286ca7c7120987c4984e56f52abeb1ccc7a273b" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "647a136f20b22c63afd2b88d14fe7677cf5c2b78223a587068377021f6edfe9b", - "sha3_256_hash_of_secret_key": "e70be83a7585618e7b91bc9930a581625e2441962c823a27eda9f6dfff8528ee", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "6287ca7c4d1eb3afb6ecfc456a4ca9ef5776177dbd5115165424c66e2db061d8", - "shared_secret": "2d56c88020d399532bada6516f9a1acc28a565cf252bafd40043879bcd6de1cd" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "1cde599b2dfc69d59036434cc0423337513fb9506452bd8f42bb82661ad0065a", - "sha3_256_hash_of_secret_key": "aa80a266176a7ef8fb22fe21fcf3d3762cfc36734d8b6db3c6e1d4df1eecc1a3", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "31c85544389bc3163e6893d9298d947a6cd189b045eadf8dcc265e4b5c750fcf", - "shared_secret": "44052d0cc62801e0d9717c65ddcb560246cd901f104b4252eeaef903f7c26af2" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "2a50c7a070b3dc7e107eb1e8b96d62305c13327d729bf9d97c69f1fe6eed2b52", - "sha3_256_hash_of_secret_key": "6df052019662b83b16b4da0a85b17f2fe56ad269b294438c8ad298d2e2269d2f", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "c485c6e392c29c231c9eb04861fefff1fc27544443ebb316c74f9d4d7d9be68c", - "shared_secret": "2e95f47543ff640e6384d65cede004c4fc47e9e2f05649e694c18c7faf975987" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "5f166082ad3ab0c739cbf0a6bbe2707741d9b5f53a0e16199280a2376c9e5a17", - "sha3_256_hash_of_secret_key": "391b71e679b9a0a23a1aeba042ec7df439fa0a18c6442dbfe2bbe05d4fdb5fd6", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "499c37f74e94c6c724e218f339b8d60ab65190e0a56e39a6b4cf619db98bb57d", - "shared_secret": "42f1442e384b4e747794c944f4df154cde33cdff32bf35c2c5234919762030ca" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "40b3a72c164432e6ca838693ef25b30013e5cf56c1e6142828107a10cabdd169", - "sha3_256_hash_of_secret_key": "6f970259ae97422f8698120bfa8e53f4f89589773243db6e7a1859c94181a3f6", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "55e508c96b8b7c06cc9a88b4c9f974abd3e2cdd96ba6f0cf330ccaa3641fbd29", - "shared_secret": "a50a07f6b01ee4429848806031637c8ef8da23f253874124452e3771ef98b6e0" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "f475da2ec982c47d91b24bb5ec6c51910530eec26f38541b173b38927d23c568", - "sha3_256_hash_of_secret_key": "f8c836ce8a42d6d07f1ff40e2dbf16d264bb6ecd1cc0227ebf792a6bacd327ec", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "d63a88547104683878df29e59de826821fa3a95bdd668e5e838e08a671d887ee", - "shared_secret": "c299f650b03170f5cdef5da81e52c2a094b11aaf58426e8c41e06a26c7d5ccc1" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "2b22f73a770cbdb80da84f97f27a14c5df5b3372d52503d3a20c3cb2bea8b404", - "sha3_256_hash_of_secret_key": "a111bb1797a3baeecc223e4fc4accf093d2e069cfd40d45346d2aefc09acb358", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "e9c030db90931ef3d2a61077dc33529aad87535e809d1a255fb5b5925f202893", - "shared_secret": "5e1ac468279cfe354c4d0df6ead070071b19c9707338158ff7dc133684afe2ba" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "3d8fe8354d81146fd65af657da08926bd3a6ecbc2f81cb58d1aaacfe5b6e686f", - "sha3_256_hash_of_secret_key": "d1c524a715b2d05abc8e8729204b620f4551815cdeb00662b487d58e99c0ac7e", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "c256150127c8119ae42a62b90ac9a7119a3faa5442f058bbe5844d29c99c4eee", - "shared_secret": "7841501410e4158cf04f92b9d65d0cec732984ea66809130aeb594156829dd39" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "36fc15e2340175a2a64ca1cf31a4b38ed5f797aaa8acb0c3d2ed9c19c7099f27", - "sha3_256_hash_of_secret_key": "0741ce5533316ef689bd966721b1ee57a272d5eb557dfa6fab6de770a2e7afa0", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "0c6a7cce80da6e6a3c17b46959124b8c26a8a74b5068f707f582cb5b811e282e", - "shared_secret": "6b3fe0dd082bf384c3e08497d380516e78ca778de627c112d02dc8c393334d11" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "26a1b77ae8a807e9de16a9ede5da5aec3ca5f23f5ea00e455d4a091467e6ac6d", - "sha3_256_hash_of_secret_key": "2bb0f5318208eba32bfba206dfe174f976431dc12421bc7b3705fc7c0b4a06cd", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "ba2e94ce526ee4bdcd818855708af8173acac373696df4f910720fb296bc1076", - "shared_secret": "cb15c306ba8d5f4f8b723db93bfbcfd4fa02ef32ed8e39c2aeb706a463d9a40f" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "2460170e6cf1da1e7b92037f51b4e7674d9abf74f5c225c5c6ce16a971691284", - "sha3_256_hash_of_secret_key": "a364a1f435a2d2a341b59a1886af0d0f3580e56306869bbab819de741ac9f642", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "ff21fac2cb15307ebb70ec04904f636bfac9ba968e86984b4a55dcac70430c1e", - "shared_secret": "8dc8bc55a907bcbad27aafbba2cbd957c30794e3770d0984a6323b641e5fe53d" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_kats/nistkats_512.json b/kyber-crate-tests/kyber_kats/nistkats_512.json deleted file mode 100644 index 6a3125287..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_512.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "7ffad1bc8af73b7e874956b81c2a2ef0bfabe8dc93d77b2fbc9e0c64efa01e84", - "sha3_256_hash_of_secret_key": "26e1b5ea0f48b3c87d7ce87113b6a93a49d9f7ede7c5cb15b41382bd3243715a", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "a3856ee9fb112b154b397c91398576dda45391b89742603436588d81ce6d1b50", - "shared_secret": "c608777086ed9ffdf92cd4f1c999aedd0b42e5e8ef6732f4111246481e260463" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "13f0970c03d32967b06cca4cf58e87559128d14cb3f876a1ed10eadfe03fc1a9", - "sha3_256_hash_of_secret_key": "9c613d0d3313af8169e65295e8c4f21f0b5d3e78de031e78a12ec864d71b6548", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "557c682bda01552173367f40bd2b2c1ed64aae3f083c80ce2f812d0b60acfacc", - "shared_secret": "9401f92689a452b5e58c35cf06690596faa4ec0937a04493a359b59ab3b0fdee" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "083553153f7d65cd5cbe201e681245eda61e1ec2c7ee6b91a9ccdeb6b76943b7", - "sha3_256_hash_of_secret_key": "b4148d4bba0430ddca173618456704ddf440b9b5bdfd61ee46bd79590dd78ff3", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "7b7b882320575a3cfa5f0ca2165ed39383921da042f7bce896896fa90fef2aef", - "shared_secret": "f2c689c7a8180baf27a4573d3e6154d4f2bff7b3f34d44576e777e2ac1249e8c" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "9df5746a44b10c1886f62b068d18152a85792781160e1a1a19a25b5ca00555f4", - "sha3_256_hash_of_secret_key": "75a93307372e001d4fb028125dad61c4412ac864bf7eac7a213ad3dca6599981", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "72782e8ee6fe4e4442723e727b5d415f66fda7c363fe6dc7be22d9b8741852f2", - "shared_secret": "1dac4f6f8d96ffd931f67b03cee8c4e4bcb42eb8bbda5cb702dadde8340d1524" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "9415ce164fadececacd75fdad3284af20c52fa576699029d6e0ce77bf347d520", - "sha3_256_hash_of_secret_key": "97f1f85233dba2a50848add15f8f0e60f4ccf3542dc6da5f59e06f6b27c59c67", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "80f49e8f6f8d442a7678f2c33881a5264b58a5998b7d9a8e10b2febf59ba868d", - "shared_secret": "01adaecc8cd981e7f00187622defc0cbb8934464ca4675d86bc7d9b69148c85f" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "ca2232297ba8b986dacd401896cb6239f557720d91a2cfb7a73274bac7a0f6de", - "sha3_256_hash_of_secret_key": "17446e8436a68423ba4e22a57135d470c7e91fbe0a4da065bdc34897fda89b2f", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "a08cfd7a6374d902e153b862449efdee9f912234f3e7a7d2697ebf1909f59dfc", - "shared_secret": "6f13bdb1452d9e672c8fedaf9450c436e5fa77e8d58ce83300b8e539f20e9dfa" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "34486689b387ba25dd0e9aedbc53034924ea4ef9497b5772f10ca4d091e9e846", - "sha3_256_hash_of_secret_key": "94419fc5d865a97586b71a3414721f04473d4d30e5a8d6a1c438752f19504209", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "6b930dced8da8c0353569fe807e383e2d04836680fb78881ffc6974802131eca", - "shared_secret": "c81a637f63a802a5d2b336dd960175176b2b838ffb6de5adc501bef984fed26d" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "39d1850f7acb36ed2a35e9af6f94a06c31afadaae3545a069f892ecd8929f766", - "sha3_256_hash_of_secret_key": "98a2ef35596f2fbc7e462d5ee536f30d8bc3a5272d78cb14c0ce816fbb180396", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "2d277dbc8b03bbec796e778c74b4c3f408f3e47835398039236d7cd861762a9f", - "shared_secret": "3031994f1365446186b4a4d6190ac89f928f6706d08c6316d6f522cd7605adfd" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "edc8db1ca35744a75ca14516abe07472d0d1b723f70ca8cf0e5c9341fd2e8c26", - "sha3_256_hash_of_secret_key": "fa6de16f50b0c04b8be10d3262005227715f69de5089f0f6bafc1fe26603e525", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "c20e526b8837092f1847b40f9b5fda528dfb72780aceb510635b490acb5f7686", - "shared_secret": "61419eeacf26714b028d2f7e1e3769ae2f181a7e9311f3312911ead00486bcd5" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "b1eef6e8c88ff8da9cc4a9b01d4c08b6b585beb5bb9e084c6c47a717b51feea3", - "sha3_256_hash_of_secret_key": "bce9d6b2e45918ea5798910aa9baf289b04d8a5bcfa7e08235dccfc8b9479f55", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "811bf647ebaad03c81a84c6a82b4cab108267b1e9c1add3dff1803623471f9bc", - "shared_secret": "3871c9637cbea04a2ccd3b62c9399b0a7277a31caba8a8f015d59b0fed845bb1" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "f581c2fec9055830b38cb68fb506aa927443b1afd1b2b6faa6f92a325985c6ce", - "sha3_256_hash_of_secret_key": "9567f27ef67c3ada92a02cf25d8ee4a6db69744d3f6de5a0026dac023d04f37c", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "c855f0a4521640b9136035b5d02770dbe864b85a6f54f422ccf2b512e1c07b33", - "shared_secret": "3775b12681d854b7ff2eec05cd4ac2db91bf06f3c14db2eb35287129a960ab03" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "f12f3ecad62bd327f1c44ae86c0be6e7f15112b7f6f6d5ec7b13f4dfab718965", - "sha3_256_hash_of_secret_key": "32a666c02a41f7b9408c570a3304a80e947a1be650f5f164e376b8b34b72254b", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "632b389d951d4a4e570d2fee62dd87c3aa2cf0c036dc63462f3ee7e4543ef8b7", - "shared_secret": "87662dcdee8b176e2dc60d079be188f63501274bde0829f3595c99d1e564c2d0" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "4cae8b58e0434fb1475312355a8b40145043bed4b269aaddd654d2e562324bc7", - "sha3_256_hash_of_secret_key": "53793d47a6e9e527f109b7611f33063dbe0b8a1423ac02178934f59c3d47ddb2", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "6f88eea1ec597548ec3c0d22c60a92ac4b0c3e17e332983d01a0bdda1157ecf6", - "shared_secret": "c5676cf0cc81871d677bd7f5982e6493aa3ea4dffbb30dbaf59e90e4977d2f12" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "b899475c1802b1dd76a9783d93b4225dc558eea558ddc598cdc45a898b7bbfb3", - "sha3_256_hash_of_secret_key": "278b448b48a14a9be1ed211228cfab37d07e5f1e502478e3ad059c83a7c83894", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "36f6daad6b98df3f8e26456d06f112ca69231333e4ebd86e04fe7b8fd8c1bf26", - "shared_secret": "c5b03a417c10715a53f3a1efc044a81e266b40a1b16c87aa1f754146ac39b80e" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "1a7e0760c345cb5875303e20e4c72076c794e56ab75231750a190b45f374d979", - "sha3_256_hash_of_secret_key": "eb53a36a9f50baac64b4c7bcb97fecae54d3f66b8311b5a67c5daaefaa63f209", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "1b4728ec7c6e90ad99dbee3b83438050df88887de2e6d7a6ec55e7a2f7f1bbc3", - "shared_secret": "38daf9348e4d89149e4968131370ce3d38a4028727fb85d27f87a95b341340fd" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "0f96fb9e146a1c22cc5d23e9108af0dc5e13b7810b8f5598bbd5f8d4b54c8af7", - "sha3_256_hash_of_secret_key": "d494ee913886be1398be54856ebc83eb8cd7aab4268b976583be2e097edc2d64", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "3934a38f7c11d237b46c9d93a8ab8d3dfc76b3e020b5cfcd0344eae35a333e45", - "shared_secret": "60bc23845c0b116208c0ea02849cea3d8025a7220337c617c4bd304aedcdc1af" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "0bb63b48b8cdd1c7242bd4f017c519b43502656e23817bfd683150488f8b0b44", - "sha3_256_hash_of_secret_key": "195207c9e44942d5cfbf338fb9f20317d3ae8be85dac5f10dd60abd802a3caa9", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "ddcc4d878447ee699abdb85f1463b113784be6d4e42c46379b31c02715243f17", - "shared_secret": "2eb03b010e291fca1bb6ed09d22d50b9c7bec93c556f1f273e57048c9c56bb3c" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2d19bf7937eeab0d2a7570d43cf965547542a519be85bdd4921f7d710747ec6f", - "sha3_256_hash_of_secret_key": "cd59ca5c7954d87bc8d025683563aab0f9272d6c12cc03914220aa6ee392e6b3", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "86184bc66edef41a25ca3350698277f4e49713b821fd0745d276fe490ac636d9", - "shared_secret": "be892649db60b2ce07ef18c4a709714933542ab94ee3250cea6e7c6f5eee5d5f" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "6907e1096410ab332e10f37c93d86d9b4657159eac1faffcd1688d182d127844", - "sha3_256_hash_of_secret_key": "250d27ac4dc4447520c4c1193ac57d239857ecbeac2b1009dc08dca2114299ed", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "51c6ca6d7536a183416b16b1716cecd3d994dba4b5ba019bced87bb51f9cef0a", - "shared_secret": "75556d5854c44805ca5c4bb927c837ff635feaae939220592d89caf74592a0be" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "379c9176059f3a7ddfe021041301bcebbc91e997a0d5bf2ed1d9d125a7129834", - "sha3_256_hash_of_secret_key": "57df17dd8b9b1411af66d82f61dd61c4f5235f48d503c164ad0da02a598a69b2", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "a5773e0569d9e26225b05bd61591d1722c4c1396789ce3156ef749c115949ace", - "shared_secret": "469d60c303b10f517a932d9fc090e61802003e9cba3630224f2c43a4727230e1" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "f5515b23187af5dac6d1d090bc7bc01df34ec781561e3d3b8b62164f74946802", - "sha3_256_hash_of_secret_key": "2ab40ea093450e534152efb278b45038f1f2cccf13a654f1c5c27b8c389f6129", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "d1b469613c872181c4428440cec1ccf87b82303e4979de6eddd437decd8afecd", - "shared_secret": "b545dc066355b91cef05e65107fa11070c455209c55573cc549cd053c8e4155a" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "9dc0d69094efe63d751e6f9c1e92d2107a7b45fabb820222d30b11595c351643", - "sha3_256_hash_of_secret_key": "00f4a04ab804f2fa3ed80a0fa4530fd45ebff8afadf5f5b7d46a672c690ac3ac", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "774abc2c6dc9570eb781a39f79f49f2cc6870a43e8812559d89d1c59bb1aa5ef", - "shared_secret": "2c42bc4a172c928bc6ec7480785d63f7281a9e5acfd3f94335d6d7fe5fb9c5d4" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "16829a8aa9f8c4e949d4e6388448c2c4ec6a977f8c5fb80bd75d93a723bc9bbe", - "sha3_256_hash_of_secret_key": "659cb66f989532fdf5a741fd03862fb142a05a0fb43ae20bffc5116de1a66d57", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "ff53eb11ffac30f45bc8327d7e7d518f1c2d71bae0052ce8e15903c8d14978e7", - "shared_secret": "230a69c53e2192eed6c9b876d6b228fb666b19448e0a2ef8601910d624bc173f" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "90fe22b38a4fafc045cdbe0c9689745fb45760cb2f0f94f7d13cf8c834c4df3c", - "sha3_256_hash_of_secret_key": "10a89c990c7676890a65e1c776cf892ef1431d56fc115ef3115c0b8f91db0690", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "3d1fa5720670ea284567d32beaca2e56853f7b6268e32af381034f13e4cd4853", - "shared_secret": "327c548d7df90d813f3b3c92e908c4c55fe4c7277f91b6fa2271c0f149dfb273" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "c277a9588d9a781ddff6aa9ea8d259e5599d0adaba2f459598ebd5bc72786023", - "sha3_256_hash_of_secret_key": "40609cf26d205ce694ca8baa097bc1342d2462a26678eab90893da147e389d3e", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "bd274d905deacefc3d90a9ed76d59af4e814cfc06c118ec17662afa4f6b4fdd6", - "shared_secret": "0d95796efa11ef2b4f05d0cd9e1d8db26f3e5839fbba7cd84e00d468decc088c" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "d3c8cc315c4054d09deac08c6d5d364fd5d47a3c09041bee42c561f978e2d98f", - "sha3_256_hash_of_secret_key": "3e1b23ca9dc111c4a3cb0a585c7f4e5d1f27a71533eaa5347e285c7c35e81990", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "c866f33265de001b3308ec41682803d46dc61d423d61565aa5ab2f1367c93e3d", - "shared_secret": "cc047c6cad36dd056b84e6b9a4fb6b1b349d593e104ba94a67b107b291ca4633" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "dd1a07043fa0c6452500249601f25de742ab44213e2718cf0ddc5ff6a2a9aa6a", - "sha3_256_hash_of_secret_key": "2cfeaf5c1b4195f0374256027d3a888e9a093de8ff9181296d5b1b94048de38a", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6dad2899c49ef32329180b6b8749c28a24e070fe989027061dea25f0b05490b3", - "shared_secret": "2faf2dd50be618b025cd2b53365221f5258e175e4a445cf053c66b3d3a998c8a" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "f2a8cad42c743eb61aa338049ce917616899c803358541de1e58cbbdcf3c6328", - "sha3_256_hash_of_secret_key": "7a9ebb792c7193ffefe6e4760ebd0dec6f67c3f3b0fddb5abb4b7e931ee827e6", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "125f7da90bdf4bbeecc54e47e065b221a6ce42d0569530c136ce2c9415b17e79", - "shared_secret": "cd890d2eee7f747441ca9448c7192bcc274e8b0c3c80005cb6fdb4691186d85d" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "3394e8401245fd6348bfa697f6990b6671577ec7b35a45b0101730a801942643", - "sha3_256_hash_of_secret_key": "3ecbb219e90e2250ad5ba87f53975439cacc030c3e1641b87ba8c5b3d89a4aba", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "6cd30cb202554c18809da0819ced4cfe83021874fa9c48c3374b7544e3256f5b", - "shared_secret": "e7942359dfb015d5022b790b5e777a93a5963260ae352567d3fb7e27b2ef0bab" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "ec9c0d68c84cf3804f14e8daffdd1e28c28d3d55ee782c98c498b0d9bd4ebb23", - "sha3_256_hash_of_secret_key": "24a2b3c3efd979a1406e92d5c504d5004079965b5fd0492469f1b4250f7023ff", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2c6cfb957639661086b02d9a312e7483150fae87d84f21f56e48850af7e3b62", - "shared_secret": "5d7b6ecaadbae69fbaa9e004634ea609df6ec80801bbe73671f4e52169cc9683" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "a9d7d5a52aa2dc226832f6e4603322f60b1dc21207e3360712f9c6445d37e64d", - "sha3_256_hash_of_secret_key": "2e5342a1c2f58a48e044a26673799c63f88656f6d350a0d7e57bbf8811b2a5e9", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "b79a2fbd2e63aa66a526fbb42440224fad7ce91206df3684d1deb4a3e57bfafa", - "shared_secret": "547666f6c72c97a8f06fbd7cda4279165dc82489aba2119416e0dc46795bc464" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "fa7ba132b5dfa2e3ce67b64bc72d551f3290d428cfbd45ec026f44c8dc28334d", - "sha3_256_hash_of_secret_key": "34306d06720216257691fc65054ed32decd609312f5c5f061e7763ae73fe0aba", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "acd7944297fc3b0d2daa3b0cbc999a43de7e9f948d39b9c6a4746873e285f8a8", - "shared_secret": "88c80381cde3db2c1d40aedf8cf923b79b18cf76efe0e46edc3e25e17c7cd8c6" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "29f8a01ba71d04d6831c03d1ff294fb58ef6f4041772cc071074829c32a3ac9d", - "sha3_256_hash_of_secret_key": "95f9b4063bf05f89ca9f99e393b11c0f2105eafe40abb313f345b58e10519955", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "096f7946c01dc61a13dac8b85d9c377f9c86aaf8ddc02163a74169854046a1b0", - "shared_secret": "ccda9f28bb09dc0017a1df8e1796a3489c66afd2c3898a39027c843cf022b790" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "357376de9843d74252466888727f9dc1ef48d028c0f52c902aa0dfc3de374c83", - "sha3_256_hash_of_secret_key": "b8d675ce213c73f9792f328448850047f4410fc500212939ab2e234b619c9104", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "a0810d28d2dec44499bc47d48ae22984c17728547c3ff0cc859702d2a6962f88", - "shared_secret": "caea7e78e6f80e126a9f41ddc0ae5946a80cdf617635934b22c9097c5090ce59" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "30382cb59feee1b6b0fc129fecb8c74034da92987249bc20cc8ad4a2cfc1bfe0", - "sha3_256_hash_of_secret_key": "2600203271549828d0979adea52e2e976b7d9f85bfa6931d6c79e14137fad51c", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "4d20b7665cdea726a3240782143beb60585d4ae39bf18f4ab5343d4f44c7acd6", - "shared_secret": "431bba421ea89647d815a16f440d47f1604b67d9a2d33f2dcd21dae7e65bd5ce" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "f4e474fd64a6d945e85eb4ee7509cc99fd4054de99f819fdbbb05c54ca6e36da", - "sha3_256_hash_of_secret_key": "d8a3a0edc73fee057281add9e7cb328566fb22c5082978c69088d76e98ffff90", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "0f18bede2f42d6fdf32dcd2cf8937ee8d2909eef0aaca8586c3892d608712a98", - "shared_secret": "cc0a7809cf6787a4587e090249709f694b709ec8475a42b4705bd1ba312c098e" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "50688de263a82386f39a7b82592247bf5499f1836a3a941413c75f6331ce4031", - "sha3_256_hash_of_secret_key": "ff207007724ca5d696ba44cb106f525858111d55323c9fc0fb98d64d4f8de8d8", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "9dcc43fabf94918ed4f7936960d8c732deb2209090d1303d62d5ba591b51a142", - "shared_secret": "cf21da86b3e09c38ce5799637b1492a1a268dbf0ac716499c68bac11a774f41c" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "1a29c0f2dc4089a85db6865ec90faf2f4ddd25f210eb56e49741866bbca8cf81", - "sha3_256_hash_of_secret_key": "477dbc28e4f21587f274e7a3b673f743840da1501c35f0e9ceb8972970de6f86", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "877f477beda55ed2a7c34408c04b4a90596b4d94ac1830bc04a0ac9b73761ffe", - "shared_secret": "b56f557eb758ae10d22b5d65847cd811475b96f5a46b0ed3bc2f1b9b371fef0f" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "3fffc419d3d8a887ff789eb661b2af1ee5b32a302ca267b33eac2ea7e3340b97", - "sha3_256_hash_of_secret_key": "0f42068d2885e1a44b2ce4042675118f4fa35f58c1206b965b57ccb52c4f25f8", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "d8f7b4a0047c18a84ed13e3057e240cb578cdd2ac1e57dbbd6253eca9208d6df", - "shared_secret": "aec1264f12ddd2ee8e51b71d703ca5c2718dbd79858240635f9b076c749a5ffb" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "f1de70b1072881eb659a5e890a92c9313c7378d2e960a060b9c918260d4c2458", - "sha3_256_hash_of_secret_key": "ecd9d757d80352b4fb51c71976d7b2ddeb927052f9f7a7cc61fa67662d4dc86f", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "10b2b1dfe168aace0dce3776456c2e2605f99fdeaadfa3ff5e7a81f6bafcb76d", - "shared_secret": "6514a3b97760070116c64014c5695df60d0345b29ada92fe24b672586f5bf06e" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "b0c77b5407577a9a9cd8864efb80974aae107fa2801b6ccaf341d5456a86621f", - "sha3_256_hash_of_secret_key": "0feade68babcf09673bf843c59379520c19081f2bc33940a8dfcee07832ec66d", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "b204aa70efa18e31a11b6b92e6c7dab4b2f4766ec5d302a0e93e4feb05fe4843", - "shared_secret": "52344e5e173fc6088c9dc555cc90d8e5de19bdfa0d657ad8de1a3c24ea679bb3" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "255d2e2fe01c87cf70bc30703644fc255f83fb47cc5cc5ae2c0e49d6198cae03", - "sha3_256_hash_of_secret_key": "1b1050f38bdb785ed43daa264b60c7946d93f135c65e93c95c39fd1f2d7b5311", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "55165f35498250256c30d0f0fba6ec57db352a6ebc05ac42eaa8982b2d48af5c", - "shared_secret": "ce80f65731c8fac072f7153bbdc425f76189d01bacee8462060c62dfeddfaf64" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "63b304a19162abdc4234e6046109f99f955695580a8b782017e107e45575bd78", - "sha3_256_hash_of_secret_key": "19aba21e57d4b3aca7209fd5cbd15f9e7cb9f6777960d9452fed866e9e9234f0", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "5eddd27af25f9553e3a5b20e4de86280c65eb689ffa7773dbb5d24640bf51248", - "shared_secret": "3b23a3cfe57897fa9cb691ee9805739f40d2bf22930ca9ee48ebb7163cd66bb0" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "3c598a48b06d7474da19ca85aff6b2b3303b5d25b96088c52a08cc7f1e87c5fd", - "sha3_256_hash_of_secret_key": "03c563426eb21d277421a30ca8980d4de86f7aedead9ab9aefb3d7362104ec50", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "244dfd0105b643caafe35fdc184b8e23c7538370d545e6f08357e83f413de258", - "shared_secret": "272ecae17c3d107a8b008f60c8844ac01e09b8bee17eb4972f5f71774af2d54c" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "9911b6283fc6dee66e16d411fe39bbc9f53c30bb54f05044b96c740ca051c61c", - "sha3_256_hash_of_secret_key": "06751acd0a50beca92428cf8c803af429068d4e5c4f74cc59e6d3275ea6da737", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "dc8797dfa40479e4edee48d320320ca4a84c55789c94c34ce4f0a4be83ae0568", - "shared_secret": "eb456d8919c7e96c4e18d7a0ae27d47996e4f94c46c60b4649b327903acdc0c0" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "e78d350d2836d1d17e6ec375a0cbe0d6b2afe1ac036272dd41f8aa769c9d0668", - "sha3_256_hash_of_secret_key": "f74b8f9343146c1551a3cf9fb3d4e88febba4e98db745f36678d854230a8d7f2", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "400cda4e51c1eb539625bbe6679fc13b009e72cd442a1385759e7090e54d31bc", - "shared_secret": "3f92ab2eb867d4e2e658917fe95b19042cd768dbbcd895e83b7bfda621fc428b" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5820c7564d087683c0a4864844335bcbd62afa1ee542c3c1dcd8b72c80824b50", - "sha3_256_hash_of_secret_key": "11212a895ad32958d25d2ad32e917bd5bfda9dfcf08e316f733b74479469f9b2", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "fad3a5efa62eabac076fd38f84e91f3c20f7b263408366c476695a9665972ddc", - "shared_secret": "5890e86b38f7fb11708a63f5e98ad65d10db5916e6669e1b0161142e6d30d017" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "c56eb5880e9d9d0fe7901747f75eca1996c722ac47b76f34a4dbaaee0ef8a611", - "sha3_256_hash_of_secret_key": "8a90ed45b5910904e2e9f6a6e410d4caf024ef6436fbb75fdd179eaf09f6f362", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "16f18c8dfcb9aa496f8c6f8a76af4cf2405407e0f0467deb4adb7049595b0df6", - "shared_secret": "3b09c4579ad60b17eba6029141a6d9765e1abae72ec32f1b329a5e2af761a087" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "717823f0b58cdfacafc795aea529561d11374f02964cf635c27848671043766c", - "sha3_256_hash_of_secret_key": "f3c47ab6b2f2a0962faf49bbc31f3101d6f4b867952aa3bbee32408c1b88ee82", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fd6a149b033707358fc07243d95b0256153c30e65cbc9479ce05ad2f96204a37", - "shared_secret": "f15864351fe8e878ad66b402f012668e8bdf21525f09d5bcf4a4dad656d2e480" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "7a13afefbba39ad59c088825380398f43f1251b83b0ca9debba0102f902d7190", - "sha3_256_hash_of_secret_key": "da94e15b824e73150a408df01cf1c5e4128739524831a4c2f45d0724144010fa", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "9193450ad037d38d8e85a46a522d4f6562ef7c7aa1372a2ebbc7ecefd1286bfc", - "shared_secret": "1f1a7f0d0d86a52a6679c431c322263b185b0c90ce40db054928be438f38d47f" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "dd4cfbc29de3568663a3a044c3f897714363b0fdd3b6ee55f796292d34c7c79b", - "sha3_256_hash_of_secret_key": "6142d02fd4501c7bffac124bb8f26813009d2bfb91023a3fadea9506a40e1467", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "bb6e0249218f8bb4712d60e59f51cde2dfecfc1f828eff42f2707aa59f12164c", - "shared_secret": "aae9ca8c35deddcfd7dbaa7780fe31c102aa90cc594eb56edc782fdc4eb53b41" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "9ca90d64e28a5bbc54c36053ed333c530f72549c2afd77b10c2944fc833408fa", - "sha3_256_hash_of_secret_key": "510f84cae4d4307d7848f4c9665061657ae81526139a8b6a4076ad3df919abfb", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "36b3567939ee624d5088c4daa597c73349270a754d3c272ec3ca5e08bf896fec", - "shared_secret": "970fe36e57a253e88cc80c9da6867dd66fd8da1dc15c85a480a1a45eed708ff5" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "da073c98794493ec169c78eb75a39c1594ccfa635b8707325e0ab6cb8576e30c", - "sha3_256_hash_of_secret_key": "7829ef884941abc63f66889c3d44381f5450de1b95c6b6f79f909d74b27125a3", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "43f8a2c466c09c915fdbf0d0dc5069ae5333790e7efce86c163d360dd0fdc0cd", - "shared_secret": "8eb310431276a31c1913cfa2e2d6b0dedc8a208c7470251daebc5b1bb6ee78ec" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "c2aa254714dac09b9e712572b24154be391063afd3cd8cf4cc4ed8ef21f0cfe5", - "sha3_256_hash_of_secret_key": "2e552fd01c00cf43110aacac37d01c02e5f59c87133e3769d3b2bf0fd2e4431d", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "854806aa3266473aa5fa6097095d5f21707ab4df857d927e8848146bc4cc2bb2", - "shared_secret": "425a88aa4cbb6b6de122f1730aee536f1cdb8fc84751fc6eb2b42bcde5febcb1" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "8aaca951e0573f28d50831960a28dd11126f0eb080afc55f394e8eaf6379f6eb", - "sha3_256_hash_of_secret_key": "45592f0d94666d8201247fad4d0acdfdb4635a5e4fa85b7e25b2391639451bdf", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "035223323ac02f2a52f9c19da46b31a7e189073fd5ef5ceee6ab8dd1b062b6d7", - "shared_secret": "457efc40f2e99aa599ac1ef92f9efbfc93d17fcd793837857f6a5c91a8dd7da2" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "f15a8fc937b12ff78c54fc273fcd7dd5611e5835472ed377652ae64495f9cf52", - "sha3_256_hash_of_secret_key": "dcdb853d17884fb04396dc10d34bc84d594343ceadda564fcdfa9b4d47dd4e3b", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "a94ff1a0c62792c0e1dbe578210ba5a7f3cf8a9f9763a16362d66a3082e4753e", - "shared_secret": "99b58031465868d0617fa795e6be1c33a870a1e154a85a2bf61346f7c55f3b76" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "ef7ef8d7d81aa907fece4c1920c7ca9dda3bb9d57f09193487bb89d6422f10cb", - "sha3_256_hash_of_secret_key": "2bef3558b547044290d1232a580a6a473cfcd8d87ced6305f996d4db4f46e6af", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "0b60d83d562b66153e07bffb5bb05b7d268351377381b04f1e59201f961f1907", - "shared_secret": "387705c2ed600492a0b06f5587ae3c40be55e6d5592597e57cb8015de9e9271b" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "99b151aa6b4654589afc36b8343fcbdc09a3e5255b378d6ee5629cd8b3cfd555", - "sha3_256_hash_of_secret_key": "b7a7d95034017d523ae23e29fc400e9a0b320f9778ba1587b69dd012f2aa47bd", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "3a4ba04bec2aee99c5e4e2459f1aec52fc950ab67b61570d57a17c4f3d9031d5", - "shared_secret": "2a426534e3c23e28a237047aec83d24abcef8c7f77d85d8b27aedd7c50263010" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "339ba63f705606d8c7fbbd6e66dadbf23f532d5423802c836f2105a636e9e6da", - "sha3_256_hash_of_secret_key": "60aa684e7cbf79e9c70504608a4c0f2cf8dc207f71b1d0ef5e3a99013ee866cc", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "f5d1973f7c10d3ff7cdb66195ce52e182f40ce5b9f16ef67e31ce8632cf617e8", - "shared_secret": "ffaf18d4fdb39a4aedc80c7985843f6b87a02e36c69dcb00f3cb01a619a77779" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "1f9e26333b637ef9beb8881c63f9412b07c47a276af0e242062a54026bcee2bd", - "sha3_256_hash_of_secret_key": "f7f38ae2caba6d7e87b7bee8b127a9aecbc0b795345952d65bb4435e3720f89d", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "c42f9beac87086ca603d95377c5e539735752eee043653fbacef0d2824b91d86", - "shared_secret": "1b37c256820ae408a0005a1fe7461d54e53813e6e7ad58ca3dde46a53a44590c" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "64b9f8198bab9b3b2f2a1704cd4ddf6b3cbc216ddc0f062a72ef40115917fd21", - "sha3_256_hash_of_secret_key": "a3cf5841bedd9be95061b910333190834063e5cbcf0fd32673f8cf3f6b548d17", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "056998cb46e48667cb4bda6dfcff9321219b13fb1a682e90bfba6ca025bbe6df", - "shared_secret": "12871c83c35db351c2c0b4afe0f0ce9fe1f21fdfbe8c18a485d5c1292faa531c" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "de4ce515b882c849717a1ab34f2ac0238c868f415630c1155bcfb302d346dc91", - "sha3_256_hash_of_secret_key": "4b917d9daddcdc932fe0448063a24a592edbb0e6e40b5b53812f20a4cff7a0a3", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "e4eec4f31749692984bee94c59e2947afc769197fc18b20d2e34ec92e7d15ae1", - "shared_secret": "adf49431dcdeb29f729459cbf3c2b94151005c7b841eac921a71262d65dcff99" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "93b60f0d00c09af885b5a0cbe942fde6afc4841428104710823bdcc12319eb35", - "sha3_256_hash_of_secret_key": "953ab28bf8cf18e86b8c80efae0bb47582d720e787fd2af27d9789c1ffb7ea1c", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "ed5b2ff1ee4222029e7c0d858da6ff1a1417a74a501b80d1b5b6a4941329e892", - "shared_secret": "35e1521271e7ab9931b2c25d75f0f09a89b3f83a6bb62ceb99e8e00c5cf78afb" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "167a2fec4d72cac2ffd844246eebabdac0c074e4f984433744e31d299faa389c", - "sha3_256_hash_of_secret_key": "9afc4ddea68ca10e36d9b12d3c34595912eaafed49d8ffce01cbed09501f7527", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "a076b58fa98a7282c2cedc1e93c1473dd15b15c1ecef192955d8a813180b3217", - "shared_secret": "715519f07b29bbecfc0776e35417558e3bc50c76b8da6fd4c99391b7bc7873cf" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "955468734662471c953fa516b35b3a53053ff396b7e2798fe07a2ecd549d6c06", - "sha3_256_hash_of_secret_key": "8bbc886fcb7516e7888880921abfaa72823ace9d50cf0afc2f68c4a7c3dd2e53", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "87914dbce6a365f7335188d83f2394b0fdafc9b0676c022608401cd93d294f36", - "shared_secret": "5a4ba3737140bf227c0e618f74191b3de1c1b8e24b032036942de66a13ef5a91" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "f7310c0531060051469ffcd2f88e3200bec6c721bca1fa4c9e7bf1773d7ccb19", - "sha3_256_hash_of_secret_key": "16c976495bbd05ee6715f30a9323aa41ecc320e2e63479148ab3a51132afd7b5", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "37ff2acef57d0665358cc5ec7f489160d602d41c21cbb3332670f3cf0044fc39", - "shared_secret": "87528a4a961de06d5856004eba20a44590a1bd88318fcd1ae1dbfbfd41f152b0" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "152c13a9a4dfbade0f98e8a5136358f69c93f0722addc008952cf72e1bf350b1", - "sha3_256_hash_of_secret_key": "b93c3fb9dbddaa560dd52c6a1c37f6aeb2111e46b7b746419e3c27fa43a27211", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "b62ee0b20daf3a87406f7f8428d6dac79ad5f95c225956a564f896658ed51eee", - "shared_secret": "3652a13e36459a324958a2c45328fe4ca6163ba833400e643b0a6e51bbc594fe" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "97e5b18cff525ef46fd8a6aa6e5e4b8d953fe1e67b5771d1b99ff18e754553be", - "sha3_256_hash_of_secret_key": "55102f3a620209b46e41531919a1b6f091c86bbcc5bdcb52b18f9a070680bd66", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6d20fbb0cf418e91e295f391160df696348b3fa99542d12584c0da554b96153d", - "shared_secret": "c07d965e4a87e89e9fd5db44cdf225b20157a6842e2862ecb4f72d8aac933c2b" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "7b5c67fa6e0ff374f691540fff0b4d14d4ed8a8a8c48b14b2a35facb413a5ee6", - "sha3_256_hash_of_secret_key": "449e7b1644520512fa25ea48f468ce9f866ea08178e814f11561efd4e4aad792", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "e4f728484e23e99dcd35c5d3ca6d62e3a829e60a784faec5dd9fbb2d0cfa8bd7", - "shared_secret": "a502041eee317af1e9e6f9a9c12cc98415b358ff179d4d64ba5b7463a1f33b0d" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "8e49b73bae3b0285bbe1676eb6fad2641e7354e4c0a4feb0b74bb16708b01351", - "sha3_256_hash_of_secret_key": "23a598fad0141bdf07257c662d22549343a01d75eea9c1ebcdeb4a138c6e215c", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "cb2c217f6ad9c504c9fec4750db44d2c339017542da415ad81094290006e9273", - "shared_secret": "a354e870cd600e5a5951aad3491c31a80b0545c1662f830d7f0b6d144ed3733b" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "f5de62d662f480d4ed8ba235b4aaa4bfff19edebbbfbd96e5a9b7c4e89365c3e", - "sha3_256_hash_of_secret_key": "583ad55aa14bd6a4310d3ab7aa619cf59c93906251f5721a0bf880a866517f70", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "a9f97b3e253dcb15c8ef4c5576786d967e504e8f76c0bf46e051b8f123fce22d", - "shared_secret": "cd98ddb938549cc7c4fe56cda7f3ef213f1aea49fed4fb81b940c7e894be1e54" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "ec2fc5834e128c5e1460d8cb0c35ab340d706a6c8b52070a7e41a6405fada53f", - "sha3_256_hash_of_secret_key": "954a43f78ef0b5a279c0d020c08d930cc5e83a385c09afed508f9ef6f1a27920", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "f137abde6208e2c014a5a7eb1aac7b910a21df3a7dff68dcc40cba4f34b839d1", - "shared_secret": "e0d0d574b1287716bd7e0a44feea36ec28469bd36713fa8a53b0a104f322016f" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "5e7f49b87bb2319dba8d3485fe814aedb0b43173bc48f3a793554c3e8bf90c17", - "sha3_256_hash_of_secret_key": "74eb7c05fedc78406453b8f021f8a71cce4b3ad0c4d38bc8d581000a38908574", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "2018b7eddcf255f6a171af914ef44153fd60976c5c7368998a218b1d81e34e33", - "shared_secret": "bd97eac1e35a06536e713a2ca5e71e35277b948172cafef0c35e1558efb61676" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "e3f73c56254fac37209f5a59818fbaabf5abff3320b0b3ee00e20679b5728c12", - "sha3_256_hash_of_secret_key": "1e1cff1c4e09318bdc174bff8ef0817d6e7414355adf930bb35e71a7a0b95abf", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "d641fde487a3659350dc41f329e0d41741bd4389346da9270eda4f5829ce9ee3", - "shared_secret": "2ed540764a77b17c6b9608bf86d8d8703f80718044d52dc79cbc1838f91fdd7a" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "bc0a40ba03d27bbbfb91654fdcfab2dfb3e94d9607b99c1d7da1f2663bfa2598", - "sha3_256_hash_of_secret_key": "dd55c195b92ff410b9ea37577ddba0385bbf067b3053b0a678e8106c07b98c9e", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "7387b045cefcf3d2c659171ee41acf3857b9f63f1ba20c3f0832cfe41a26ef75", - "shared_secret": "1e5ba1b64fa8ad0494c96ba27e288ee2b479c24634285f8919e58e9b9c8be78b" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "e16da7f99bb7bceb75a6468a921ab9fe53aab2972ca616ee10697c204df1e350", - "sha3_256_hash_of_secret_key": "2db70f5bb4e8927fd7696a4d802817fa58c43f9b2618ed27c7584cce8acf3506", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "0159f5e60336eec1fda83aeffbee92eddfcac6f92b0fef7a4a38fb20d1a771ca", - "shared_secret": "96ba12c7f8a0d864ce1434b789c09753c2d1f7ade6a5a0e679ce2ea0b6d66c83" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "fb80edf4f67823ff4e53a8963a9c9937fa9f8e014b750e11b4c4bb1a361d6484", - "sha3_256_hash_of_secret_key": "fe67beff69ea75d4953d71c038559591b2a0349ddcdfeaf7596dcd02f57db2b9", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "6e68fe27fe416c12819fa8a48eb29351d1d74a9200c408b55294ea374046c3d3", - "shared_secret": "07dfc04ebbb7ae537b594210a9180f647d3d385d1c1bb56abb8174111eb246df" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "d9f630c3838eb161374710d9f01bc70d4ef928fcb1c38bed93e30f3633a05e01", - "sha3_256_hash_of_secret_key": "ca4a4ab954c3a4c8b960fdfb7dd7cf5e8d103f7936f31e720e5043010926829f", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "3b6a1f5d06cd55c98ce6f4dc5b17fce8cb05b33b1d89b618a027e4478d8b5e69", - "shared_secret": "81fdb9267988ad39ab57e2fc8d4c280e0000dac3471b0936083aec68b49fd92b" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "5c27fa929adc826f98fbf0a7fdce33c8f215b34e70450da0767240741894ffa4", - "sha3_256_hash_of_secret_key": "0116eb35f3138aa7371a058661a92a4bde258f823747b70ad40767c27d7bc7f4", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "83f17a1e23402e14a58a32343e1083434eb10b90a8080d01ba112b83ba15f7f4", - "shared_secret": "703958ce09d7d6a5bb09e88de8df95c8ee2598544d50193be50534947530fa37" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "dd8aa653122eb5e3a4c3c877e95e8ecfcfef1ac9e0e6af92cce8ee89d09188fa", - "sha3_256_hash_of_secret_key": "8a5fbb715cf44c86b736227e56b53d91ebbea432fb1f1d6d7cafe42da8457b2c", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "862f660f11fb4252070e948ea2c141202246d5117ec151e6d5fcd0783bd76bb9", - "shared_secret": "c86d221cbc5ff6a994d9111acbfff23f7dc0cd934412b17d89f0f27e3cbd1a15" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "b7c80e434104e9838cb08529592a5f81b0e8ead186663db8facc569b09e75c9a", - "sha3_256_hash_of_secret_key": "c5f84c36f3b8af4b4d90a040d929b116b402840f487d437f9b330f6ff3ec36fc", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "a372aefe804077da915a423dad55b76ff08a58d222aa66305599ff301128ae13", - "shared_secret": "c0146ba47b3d4178919879721f69ac896d6911d6e86de1e8f05797d467053222" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "e619285c692532735f1582d227b9a9e77b1eae4aab9eaa79f6ce7ac2fcac8318", - "sha3_256_hash_of_secret_key": "2d4ae4f98c61bd104fbc1ef512b946202f95ecaa0ad7353a686141be5fe18116", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "462b78ef50b2c1ce761fa7750ab5ed2a7315e474a92ddae74bd23013b0d9ad0a", - "shared_secret": "a33f72941e0947735925e5be668b3481e0cece75ef48ae6db0d66f0fb2ec428e" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "dd3761c0e96678a959f30997e96d6a59858528c5e10234398e2da2e50ffcc517", - "sha3_256_hash_of_secret_key": "c6f5f9285f93d2ee6d180353799df5fea713870ca06de901e9c12e8a01ead6b6", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "2e552ce25fe0771bfa135939d85bd68ed07959709da470df50be36aa8ab2890d", - "shared_secret": "3d77b9b4ade74443fc573c393b82c0cfd2bc2769327f273c14e66eab9f8d9ebc" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "6d9e513a7cd137583507ad7256844bcb9775ca82ef5f411331a7c37ce451181f", - "sha3_256_hash_of_secret_key": "1dd2623a7413ff14549690b642fe90ce16ebe7acea38be795a4936b8d86b93aa", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "b4c64b73ba056f9ee7c3587ba0825bcc7172a6da749cdd86c1ef60cf84515883", - "shared_secret": "812d6c4becfdd4a95f234e8fcae1d9b316266d1c519545bbb7fab8a19f3519e0" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "b252e5abf757e116a92518eb72df9f9ce66b07edf4d31be225585a6a827a35b8", - "sha3_256_hash_of_secret_key": "45ac74f2a699f1e3559e2d1442638290029688cec3da96c58ea697e1ed1d4178", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "4dae8b2d08afb311ef727118966c6c17652f1464e6cdd26ac23551d31b013415", - "shared_secret": "c8757f45a1e334ad99a0d2adf12e79ef2bcb96ea1876bc29a4ec5cd660923d82" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "18c081231277f424c5f3f1f6b4db91958611fa28bcf09ccb2573da64547e1958", - "sha3_256_hash_of_secret_key": "f32167b39e19dbc0db58a5eb79e735337ffe154c75b0f2c091e009d0cec366d2", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "3a246e10c7c20d77a9e4bd6d3a90d73ae456501dc989210c798293d0b449852c", - "shared_secret": "be765dc236062da9d3fef68c645b9a8a5494c351d37790c1e7cd1089d97971b3" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "0ac7db13184d6ae6e21a14a63a2ab3d6d5d1ee7f4a6011413a0295b752fd2c28", - "sha3_256_hash_of_secret_key": "f69bacdf5992e64369aa4325b70af9f0e8a399cadafe48d854c288cc4eec627e", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "d4200c5ed5cb4e30e8e74a5c8c30eacd48014d326ae72f73618c5680f04999d8", - "shared_secret": "e72888e8dc5fe30f0a9c01e2e4599a7046147a81da280c393a48bee1b43bbb5b" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "27ea5a76294070ab10a6edc502d82be3d240672e5fa61377e73e5e19d11f64a3", - "sha3_256_hash_of_secret_key": "33161a2b269ff022ff4699b05ac7fac1374d733e46800447164d3e528ff89dc4", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "8995a8a9b59bd5adbe1fa10cc20da5348737cce9088be7eb0ba1f6215d68b9a9", - "shared_secret": "e3f13c77fa9eb329c218e1bd5823d6e07249fa1b455770ae57b2a00aa8c69c5d" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "9898462f05bea461adb40faacdfdde363c06f58bc756f0a8417df63a66d3a544", - "sha3_256_hash_of_secret_key": "e10192b72796b2da465303c0bbe16f1e23e08f9680ba92fc22d568ac84352113", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "573aa757ef6fa5110ba7b948c325718f87c6bc9ccd596debff4e6c7dac1fa8f5", - "shared_secret": "a8498502e012b5cd006e77fcbb9fab801dc3748a0da37587dcd41310fa945e09" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "a24e6203d9b1aa5cd06c44f048da7225e33952617f12b4289494b3969857c2ff", - "sha3_256_hash_of_secret_key": "61f1e3b3a9ce59d25480d88dac106cebc81272c0c9449c9b22048f67419d940a", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "7f92312ab16635c5e90a6d41ac65e594e37754359331b0814e09da9c7eb945e7", - "shared_secret": "780b2d0ea585a6ea41dcf43197b9ca4648454e30a3057f0d47f6e79a2bbc365e" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "cb2e9159ab5225a75d02268af2dac89a0afb33fe83a45f552e2bf542868c0683", - "sha3_256_hash_of_secret_key": "d2ce7cdfbe3ac715b2c87b1231fe46d5385a77caab367570a955bb562d23183c", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "1113b9a38ec4629ad20ecb594b64ba242a5a4db7bdf32914f9eb34ecc76c4a1c", - "shared_secret": "7832b351d71984cb60e6e548e5b4edeedf9749f8b3bc96fd208b6bb557251de8" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "7f8d36076b3a8aa13b633650726f7e907806a0573402ef3af129f611def1a813", - "sha3_256_hash_of_secret_key": "0b38e04daf35259696487ffaad947f481756bc3e94dd1a73b81bf8a6da4a43c3", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "eefa4d255cbd39fb5686d14a6a574d4c75c6b138a45a09cec12287c281cc00e8", - "shared_secret": "468ee020867cb766cd0a9ce1bfe9e7dbb56ae66c131a4540f211837c1779e11f" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "ff2044ee6a3bfd4f7033dc4bbd6283b534cd3fbbf1c4af072fea1ba37d3262d5", - "sha3_256_hash_of_secret_key": "ed62dbd78c007d385c786f2607715a69a44804c4e88111861d175875bc0b09ee", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "d16b23897beae9fb1a6ca746d3c15ef52c8ac454cd518d5a90a561cb588a0260", - "shared_secret": "f04a17a3737285f2257a6374a0057776ea24bd731724851d12ac2e06e959fa26" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "c7ca6ebbe17f30f8ce49e15c40c1ea5456f43624148eaecc9f3018f7beb96bdf", - "sha3_256_hash_of_secret_key": "7886dadfd208ab926afd2376dc11a004d8b793d7a30623df27109f9a4d4b0916", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "4fdbbb522c23abd8a69c583c2c68ddc28fa4da85a6bf208a22d19e7ef40d98b3", - "shared_secret": "fcfab6cb3daf0c64b4ce007499f097f6421e00905fd4daca7da7a29b9c8f6325" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "61fb6cfc0f388e34fb28ed783c2733453005eea03d3fee4b01bb6364abc01c30", - "sha3_256_hash_of_secret_key": "b724f25cf64bdaab1cd29c9cd1f8ee6cf4104c26fa3caf53b77d61cb5c35222e", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "5ce7558ab39d932fd35fc346aaea5aff4bc90e65c17b5760996e84687dcb5402", - "shared_secret": "dbf4cd1f5cddf15322449ddfe147ae0605d0315ff9da6421069b47c3a67a65c4" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "9333445958cf50f9cfba453f058f562158bc253e535e4e2f07715531a1c6289e", - "sha3_256_hash_of_secret_key": "9bb80f6928e0d09847b4c7e77ba6bf2cd0f75bdd147e884b92d3c3f2e9d839d6", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "57651b24ece777c321c6e59ba774951e2a3c4720d370e3af928238ff60c9565d", - "shared_secret": "3f4848a2de1cdd8a0403da22f609809a20c2cfc0ae619be0cac350897fead710" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "ee6cb12a54341aeedc99f1040b01603c35f07c5487ffac7b4fc1925f49026916", - "sha3_256_hash_of_secret_key": "4e498a0606b1f9cd72b9d2493428730712bdaa4a7fed8099b15d9e2873bbdf7e", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "1fb55bc4e6d95931087b23945ce9448207fbbc14bd284f6bcda65fcf31d68fdc", - "shared_secret": "eed5b71764da1763a01184a1eb51dedb4eaa9dae7890b1c7dbc7e7132c30e737" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "42ad42d6d3b13c72b16287909bc4c0da04900536a1e48a1a28db4f5ee2d2e771", - "sha3_256_hash_of_secret_key": "d6f909b6679487a8718c843c4b894785ee046c4d86ad2794c22ee912113dad1f", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "54043d4b2be7ecb264847dd0bcde9076523e798aeee942be82d61d51ef0253c1", - "shared_secret": "4218fc9abb402e67ac946c7a7c6f9029108f67de469e1a9987d570f011b685c3" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "5b70c5bb1b7af3b643588aa7c20567d4259dbe6abd7617a61b48185de8f21e1c", - "sha3_256_hash_of_secret_key": "f03297b8577b131e39946a288f7ca9070e70c1e00e6ff126543556f60dbafead", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "c3d51c14b28feb48ee67945a2f9e2ababb8682a839ca1148ddc99f909e8c0bc1", - "shared_secret": "95a33968866dadc1fd8748768a99f6bb444e3d76a65ec5fee0c8a833978d4585" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "01782fce09e644e310c9286f1e381be9ea8c54a1804e61f2958c1f975aec185a", - "sha3_256_hash_of_secret_key": "3d1b220e747de4ca99a9882a00860ed00abcf2e6eea60cba5194977f97c87770", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "8dbc778809c9cb1de5301be5bce766f1acd7d8f74ecf30619c398250def57d74", - "shared_secret": "c9423277519ab439fca3f5fab4c29c8123a55eaf37d94d70e27afffeec1b3b9b" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_kats/nistkats_768.json b/kyber-crate-tests/kyber_kats/nistkats_768.json deleted file mode 100644 index 7b668915c..000000000 --- a/kyber-crate-tests/kyber_kats/nistkats_768.json +++ /dev/null @@ -1,802 +0,0 @@ -[ - { - "key_generation_seed": "7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2d8626ed79d451140800e03b59b956f8210e556067407d13dc90fa9e8b872bfb8f", - "sha3_256_hash_of_public_key": "d4ec143b50f01423b177895edee22bb739f647ecf85f50bc25ef7b5a725dee86", - "sha3_256_hash_of_secret_key": "245bc1d8cdd4893e4c471e8fccfa7019df0fd10f2d5375f36b4af5f4222aca6a", - "encapsulation_seed": "147c03f7a5bebba406c8fae1874d7f13c80efe79a3a9a874cc09fe76f6997615", - "sha3_256_hash_of_ciphertext": "bb62281b4aacc5a90a5ccdc5cd3dbe3867c502e8e6ec963ab329a9da0a20a75a", - "shared_secret": "729fa06ac93c5efdfbf1272a96cef167a393947ab7dc2d11ed7de8ac3c947fa8" - }, - { - "key_generation_seed": "d60b93492a1d8c1c7ba6fc0b733137f3406cee8110a93f170e7a78658af326d9003271531cf27285b8721ed5cb46853043b346a66cba6cf765f1b0eaa40bf672", - "sha3_256_hash_of_public_key": "2cedad700b675e98641bea57b936bd8befce2d5161e0ef4ef8406e70f1e2c27c", - "sha3_256_hash_of_secret_key": "0a84cc895da138b944accbef3ff1a0004b8a0d8af5d426d2b82ea4c0e585cc6a", - "encapsulation_seed": "cde797df8ce67231f6c5d15811843e01eb2ab84c7490931240822adbddd72046", - "sha3_256_hash_of_ciphertext": "c15158a536d89bf3bafaea44cd442827a82f6eb772849015f3fec68a29d589dc", - "shared_secret": "c00e4ede0a4fa212980e6736686bf73585a0adf8d38fec212c860a0d3d055d1c" - }, - { - "key_generation_seed": "4b622de1350119c45a9f2e2ef3dc5df50a759d138cdfbd64c81cc7cc2f513345e82fcc97ca60ccb27bf6938c975658aeb8b4d37cffbde25d97e561f36c219ade", - "sha3_256_hash_of_public_key": "3dbc65b722a8982d058e27d409f04f744551ecde9015b62607cf67bb8ececbb8", - "sha3_256_hash_of_secret_key": "0ffced333b5d13fff22b81e66d57b6e2a6dba0285fe2a82d5537df51a8d3eac3", - "encapsulation_seed": "f43f68fbd694f0a6d307297110ecd4739876489fdf07eb9b03364e2ed0ff96e9", - "sha3_256_hash_of_ciphertext": "aec80e6fe21e2616352b4c148f9fa0e30986541fb0969df7873b1336b23a8de0", - "shared_secret": "8f50401bc9b1f857fd870902d4065f6cec8cb825db3eb22573c6167442b6e19b" - }, - { - "key_generation_seed": "050d58f9f757edc1e8180e3808b806f5bbb3586db3470b069826d1bb9a4efc2cde950541fd53a8a47aaa8cdfe80d928262a5ef7f8129ec3ef92f78d7cc32ef60", - "sha3_256_hash_of_public_key": "94391b7a41175a41c15cd995ebc69c83b29e4bcea6c186611dc4a79578e37f4c", - "sha3_256_hash_of_secret_key": "e3904266e186b34a397014c95f6d314cd6e1c813348b02e977d0fd21d9bb681b", - "encapsulation_seed": "ea74fbc3c546500ed684bed6fe3c496d3b86d2d6dfaf223969b942e9a8c95e85", - "sha3_256_hash_of_ciphertext": "39fa8e1d0a5e4bb987618734ee4903771886030b2d8bea4b5a9b0cb672ebb279", - "shared_secret": "3221d7b046caccbded38e369625f69bac60c2d7efacad8f24170b10c5d222830" - }, - { - "key_generation_seed": "66b79b844e0c2adad694e0478661ac46fe6b6001f6a71ff8e2f034b1fd8833d3be2d3c64d38269a1ee8660b9a2beaeb9f5ac022e8f0a357feebfd13b06813854", - "sha3_256_hash_of_public_key": "c5dbd68b3a8c148b2e7ac049bb986e14dd1cebfa1cbf3edd6bae85a4d2dda082", - "sha3_256_hash_of_secret_key": "b3fa7958f4b7ccb68712ae948c3f08740c8b89a69e53ad4e9959234e6869d8fe", - "encapsulation_seed": "64efa87a12cb96f98b9b81a7e5128a959c74e5332aaab0444fca7b4a5e5e0216", - "sha3_256_hash_of_ciphertext": "ca9f95c38dc95f51b6b62ec709539f0d1e9fa64e49ce4ad10bbe62868f35cfc5", - "shared_secret": "1d746afc4160c75aaa6c6967f4eee941e09546a039027f05f0f8a483710ac334" - }, - { - "key_generation_seed": "7ec408f52c9aa723d0c41d9987682a5f4ce6c9da7cd0215af60bbaf5484ab353a08ccf451b049fd51d7a9ad77ae14a81569df8c9bd3a8f1ebea86fdcfb823082", - "sha3_256_hash_of_public_key": "62e0447f7b5ae8a806b741ca5c302230b555c3786c11f3eb43894a8f45e3f7b1", - "sha3_256_hash_of_secret_key": "1a3249c268754c86d2e02ba9d87c2b60b220bf2406b71037cfaf6b089477ffb4", - "encapsulation_seed": "8a95d71228acaa5f9ae6f9d9ca8ae55fde296463b41083a39e833e37c4c90f88", - "sha3_256_hash_of_ciphertext": "ec7bb1327a69aeaf626a76d344be1156eac160262128a64477a194805b926233", - "shared_secret": "722fccef7142c46f74eb57a10b13e420d6554e9d18507f660bd1be96d3cebbcc" - }, - { - "key_generation_seed": "c121915bfef6abdfc177dae2f5a24218f9abda2559afc6741b08e0e61ab433eb84ef52db5eaa6df8ec3a0bc5ffa730db0dde8c5f38f266d5c680a78d264a7b96", - "sha3_256_hash_of_public_key": "0c1d832af7b7282d8bd81a2237107ee60d81e28eb64d6a153ae0eaa1a25797c2", - "sha3_256_hash_of_secret_key": "fd6b5d3f120ca009871ca24552a6118917ea882f12f30dc8097f6614d9d36080", - "encapsulation_seed": "90d79d75d0bbb8921cf70d46bab497022a8e750efdc99e5f1bae653275441c7b", - "sha3_256_hash_of_ciphertext": "da36cb6137a777acb4afbc0932811f75ef1d6732031309ae7e2de1543aaf5c2c", - "shared_secret": "ee7c5fb6a63ace944e1eae1bd4b182263d918754c33753b904853551b2b46cb8" - }, - { - "key_generation_seed": "d86634ecf96cc2603761e284c0e36734cedec64e7ff486469e38539c71141c5a99daf37400cfe59841afc412ec97f2929dc84a6f3c36f378ee84ce3e46cd1209", - "sha3_256_hash_of_public_key": "2b757ac0425152bef72ed852ab1eb44f4359499407bb6a020ff843a31657c5fe", - "sha3_256_hash_of_secret_key": "27dbbc7918c31e9ab57808f439c4f4189cc318a62422457f4fed733be959c816", - "encapsulation_seed": "be8a32f97b9a8d596382c02fa2a0eeebc15c083e970ddaa4f2622b91d6718663", - "sha3_256_hash_of_ciphertext": "85efbfd0b096fa921711ea66b17bcf7c9a6240711b38a88830dbd9d716f07195", - "shared_secret": "77cfbdae47854e9e10765cf397eca9ab2bf2b7522817152b22e18b6e09795016" - }, - { - "key_generation_seed": "0610678ff4dc3128e1619f915dc192c220f8fad94da1943b90aaec401683a492da1804ddb5aa9b1c6a47a98f8505a49bae2affde5fe75e69e828e546a6771004", - "sha3_256_hash_of_public_key": "53b9d62e64f9069d9fb94ea2c0806459b201531f4fddd708d162981cc1fb3757", - "sha3_256_hash_of_secret_key": "f4b964b7ab3e09fdf3d91527da06a4d29ef28344709a41739ef56f18bd5b984b", - "encapsulation_seed": "da2cfaf69e25b2a89ff2557bbb6f69e01d8e2e7bb27a7a1ce7e40fead16f33b2", - "sha3_256_hash_of_ciphertext": "379a57a8f19110d5e0d747a2c184877d71f00fea95cd815b4c0e8782b12bec6f", - "shared_secret": "8be7a417efbdd3587c6f82ddd1d29956789d28c2413b8383590c5b80cc53e04a" - }, - { - "key_generation_seed": "d322d56d8ef067ba1f24c92492b9c56df3a6ef54a304adc1b69913766a1ce69756047447b810cc094d400ab204cf9ae71e3afa68b88586ecb6498c68ac0e51b9", - "sha3_256_hash_of_public_key": "9cfeca12dfe978bf0b7ad7271487cf61b2b8f7c60f389f33fc18439a95bcbb63", - "sha3_256_hash_of_secret_key": "a2e37a55c9b80fb423f40585180b011f32402d0320259285b6e278df6c20ba60", - "encapsulation_seed": "511c2ab40782322c06111e144e505328c4e5bfc890a5980a2bbc44aeda4c738b", - "sha3_256_hash_of_ciphertext": "44053f01ecb88811b9ee7a9ddd4234f94507c7cf64b6803b28c54bc605ec4e31", - "shared_secret": "79fcd201101e7e277c1b6cdc4475d63ea1dbc42ab94cf873bf0163c2aab0b5ff" - }, - { - "key_generation_seed": "2f1d8a3bebb34540324b9485fdf3d5be3b858f544abc3fc641b5728cafab03ba8d6c42e7270ee2b77b6045385f3d175984a0e260363166c73b0c70c971644363", - "sha3_256_hash_of_public_key": "9aa64a30bed5aa8300772066ef577f79bf4813e3315a15f2c28b2665e4dc7e2f", - "sha3_256_hash_of_secret_key": "837eb6ce037f235273d7686fd9d01bea14026e0a0f5f943884f18409cc4bc70a", - "encapsulation_seed": "dca92dbec9b260dd97e8886f876862d6effc3b91fcf3fbc986cf56ab93ae79a2", - "sha3_256_hash_of_ciphertext": "02798b5af1a76a2b478ee05c630e62618e5e2d7ee0c411a82ed2bf888706fe28", - "shared_secret": "6c4484b6d7b0a376f52abb1811c712368a9f34bd108ffe7ca31c36a6ec8140f3" - }, - { - "key_generation_seed": "31beda3462627f601cbc56f3ddf4424e1529c04737ef0ef2af6d7401f653b8a1812083bfa3b670e3eaf9b443702fb6db16ac1197656bbd61a8e25ed523b8d1e5", - "sha3_256_hash_of_public_key": "241e5c7b836862d7482d507973ae3fd8dae96eec4ecebcedb68fbda75e04b401", - "sha3_256_hash_of_secret_key": "95c79c2a867b3e8a4e4e545ff626cd49893b8e87eb188ed1516b159a24736c97", - "encapsulation_seed": "57c170e691d7a914a901b9a11c62b8b569b3806427557a9dbac9faa720ec3641", - "sha3_256_hash_of_ciphertext": "cf3b2e2dc822949eb13638299fc2d5102c7132aa6cd54dd7834b13f05a4dece2", - "shared_secret": "8554d6af350f13471cfd45c23882e43dc81d8a094f6299e2ad33ef4c01a32058" - }, - { - "key_generation_seed": "cbdff028766d558af4466ef14043a1a9cf765f7748c63cc09dceb59ab39a4e4d8e9a30597e4b52ffa87a54b83c91d12a5e9c2cd90fcac2c11b3a348240411a4c", - "sha3_256_hash_of_public_key": "6ad1d739f1598a16c608a240cd13dfaf8263d74866315e2898a3431cf19e4685", - "sha3_256_hash_of_secret_key": "1ef733faa4f2cb53cb5d8975aa6797b5f37fd918aeda02178a40584475cdf667", - "encapsulation_seed": "6b5a14e1473abf5a33d44975ca2088bd8fa6fddcb3f80e8fd5c45b9d90c24a5c", - "sha3_256_hash_of_ciphertext": "1706e6983032950b47cb6c8586178b42d515ce929c1434c1a8c9e36d8b4db7a3", - "shared_secret": "f9646f73de3d93d8e5dc5beeaa65a30d8f3a1f8d6392190ee66ff28693fbadfa" - }, - { - "key_generation_seed": "4c04310bea66305c6ca8ba6b8f61ca96257a67663afc11761f13fb5c7b324b6b8aec87a9a79204cee2986867a2906eb851b734b8b22b91d6749b1a5f07c44e3b", - "sha3_256_hash_of_public_key": "9510a2a0b4fcbd414fc61aff04a8df579660d14b13c40ec0470c45f639b65a58", - "sha3_256_hash_of_secret_key": "0bcfa8078582f60e218047d0016437601da8431f34ae6da12921f53958f32819", - "encapsulation_seed": "40e593754e6eddb7f9cf176ba2d5fd1087c90ad377556d0b0f686537b1a3165e", - "sha3_256_hash_of_ciphertext": "f9341d26e39b38a88ddef1708c96ee2068f569a59a4010745730d8290d637718", - "shared_secret": "1ee252e97b69445f7f109187645cd2879f55e10eb8361ab43b3492ff51f01815" - }, - { - "key_generation_seed": "38a0d5f41d7dc1896efd1b45b0485634cef149828751b96087a0a6dd81b4d58aa2acf359556df4a2abaeb9dcee945829beb71185b4d6bd18b76e5668f253383a", - "sha3_256_hash_of_public_key": "cfbe9649d9d1c384baad67b91b2f3e21f2fadd6bb582a0b9cb016051dd82c75a", - "sha3_256_hash_of_secret_key": "09b118f7c4d059baf27284d127d4e85d55b84e4c92bf3127eeb318d2f5765401", - "encapsulation_seed": "c152523abd8248bed40c3827bcf0f8e8127037a55c780695e2c28ea3e041a44c", - "sha3_256_hash_of_ciphertext": "94a8c287238191a107e74e31ec099086d83f198e6b0f3321da4d8f46ce01a0b2", - "shared_secret": "1e1ea5d6a18873c5c7fc8da79093f6d3db5b28fdd0aaa42726ad130c78e9bb88" - }, - { - "key_generation_seed": "97b5665676e59e3538ebadaa8cd50df1f9fda1502d9894c616a946078e56b621df05318b5f655efe36f1b678cf4b875108a18db2fa312261caf839f84bd956c5", - "sha3_256_hash_of_public_key": "a19c2c9c907b129d01cc44a95949121c39534cc98b6d105e60fe519a000cc2ae", - "sha3_256_hash_of_secret_key": "f1c00070780a7a2ac5b57ff3ff765ca75278bb661d1635cac92792f9454fe8ba", - "encapsulation_seed": "ad6466dd59f26b762fb02b19eedf5f79964da68bce0459b91c3a6ee5a7e01183", - "sha3_256_hash_of_ciphertext": "56e0b8ab3b302fae682938a45d9931e092d78877d1f8834bb43cd5c85582a205", - "shared_secret": "24619bb17c912fc992bd8272969cd5b6fd6b030122ee5af9365cac8b38e569fc" - }, - { - "key_generation_seed": "ef99224a03a85a46ef115474ec5b5d620da6795d6efcca4c9135d19958a9de62df7d92dda83e6b2ef4cce08c9134563063068a196d7b1a1a13623e48ae12528e", - "sha3_256_hash_of_public_key": "e4174b6e7542fbe80ab2bc06dfb802f691aff147ff90332d5ea739216c18d872", - "sha3_256_hash_of_secret_key": "f3f3a292f5cf01d6f7266461c9e8cd44bfc8f17e16035ab8d10af8177f389b86", - "encapsulation_seed": "1a4d5dff5847cfb48333e33bb00ca7301b144aa89dcd412ff5a3b1081d775b7f", - "sha3_256_hash_of_ciphertext": "5f878ca21c8c27ae9c41c43aaf1f3a2af62c73296e165c08b88c5b22592867be", - "shared_secret": "a990af801ddcf2009c82fe657fe3f068bae7e6bfc661e3e588354ba7d1b176e6" - }, - { - "key_generation_seed": "b12f6fd965ea9c5b947db80fc60c83d5e232dca82e7263027c19bd62e5a6ff550f6aa3e88f7fa8a96067f8cdaeceeac90c2d0b5e277e56e9c405ec9420c30252", - "sha3_256_hash_of_public_key": "2006a70fa33ff4a65b00553734c5bd8cca0a65eb3a115d96b8aa90f8fdc5f8f4", - "sha3_256_hash_of_secret_key": "7334d4a1755e1e639b3e9eadb5996cd910b55d1de5790469f229231d3bfb1528", - "encapsulation_seed": "34f44ec2092eeaf686f2ea170591a98527cbb03a4fa9477a7aef6b41a54feeb2", - "sha3_256_hash_of_ciphertext": "c2079637916c089b2afb9d6e9c6fa51308ab7720d5c2fca484c34ce614a14fc0", - "shared_secret": "11a2ceaa0c77f0602c4b2be3499e6df6b0339d9de90d04b2b12829f4758afaa5" - }, - { - "key_generation_seed": "9f52af92ca165fdc38788f2b59ba02e01c8281ff7c1e60504688043a5fe814b04f3029e1be4e1c0258c3a22ff5b50b2674cc094ba7018da2a61569845c17d26f", - "sha3_256_hash_of_public_key": "631e1de2556ae65d57e600c21e8e355a4ed586d667177ca0b7545cb5a23d669f", - "sha3_256_hash_of_secret_key": "3d4d2c680a1e6aa83861ad95043ded260e720ae80060320feffa309b4281ba3d", - "encapsulation_seed": "6250c81126572eec2da330271db36ee591f060fc7e53eeefe2e1c476c675fa33", - "sha3_256_hash_of_ciphertext": "2e9d6551050e32e204d7c062a4c18b8abdb91346e9f2c2708776827e0be4c514", - "shared_secret": "7571990ef1ef7e15cc920318fb75fd38c4ceb9abf7a4b1adc2175f99d1a0a275" - }, - { - "key_generation_seed": "851ea90fd3854cbf28fe39fb81f68e4b14345cf0d6eee7ec4ce772513df8410d1c0ec046899a777655233e4e1b5ca44e9afbdc67964bfd5d5e3dbb45e60d03cf", - "sha3_256_hash_of_public_key": "87f3829eff562789b3e19fafec92e4b5f95b45f3786f12d9c24915ca484a49ce", - "sha3_256_hash_of_secret_key": "9aa6c0546cf02085e2b3af65a7d7fd32d0f6d8080e1e7fbff6c39bcf3086ece4", - "encapsulation_seed": "35d470bcc5880872754810dfb3f2796da2fd7f397537146f6488c27804072b34", - "sha3_256_hash_of_ciphertext": "14da42e207477f4383faf4004e58675f0380e7d621421b3c36b877acf3a45d5a", - "shared_secret": "27ba4cb50ae44cd938585e0a4905d76053dd851e5b6af4fd787446079aa5a4ab" - }, - { - "key_generation_seed": "d304c9389cc973477f169788abcb9d511f843219d246a9b587822f422a70c2386590a2e5c7ed86cf2c5c2a898662bc9a81418720bbb632ef9cf0b845ed052d73", - "sha3_256_hash_of_public_key": "699fb2f061a75f111f4a7a60195d9045dc01716b6502cc107cbcedf122e8f619", - "sha3_256_hash_of_secret_key": "421f16805b1ceffcd64128b1296521ef812d3a8f4c5e3875a049f8de456b021a", - "encapsulation_seed": "8d667921c5db401a86fe1c35dfcf164a6bb2ab7400fd6a0b67eafd4a0ed11940", - "sha3_256_hash_of_ciphertext": "b2485ef56c39d468193e387e72794e0ddc9b5404c1a6d90c3b94a5f3e13ba7b4", - "shared_secret": "d17b2738213a98f29ee46747c93308ee7000fa404b9a0c1acf3f89654ca2446e" - }, - { - "key_generation_seed": "89a6e3be304a3518fb82b18ca730f0b359cd6ba90664a493fb4f8edaf965b9c3b6591121e25d64010c25a18676033e1d7278ac5f2d0b43a31f3a4156ae710465", - "sha3_256_hash_of_public_key": "d3413880d082f26986fcf452a84a8da934ed06198b290ada1789e74d9081a9e7", - "sha3_256_hash_of_secret_key": "7b546a42ffe6b65cd9c5b8857c2518f4f8e0bf835c894a68d1743691fc9aad9d", - "encapsulation_seed": "ec750b3939385a3f8df868119dc76f77ca845567ef068de6ada5478a56bc78b6", - "sha3_256_hash_of_ciphertext": "8290f3c4bec7c3b93f3d26e0be3b3fbfdd9c3f5806188fcf0fa1339133f29c7d", - "shared_secret": "954af53b4add522514b34cd2ab96669a76ca13f82aa2fd70826bc8ee790ccefb" - }, - { - "key_generation_seed": "d569b935ce015c85f792f8f7fb0d83c4f53b492959361dd4f75fb764d656450176eae84d11c4528382828f7a689a0d5cff87b8ca0bba97feacb39b935a8788cb", - "sha3_256_hash_of_public_key": "e6eec2929feac2a86c9dacfa6214e2e353fda2d547c3829f5678025ff8418a1a", - "sha3_256_hash_of_secret_key": "5fac243c82807d7357a61023226a7c270525d96932162ca5c09fc8f7b9ec6cb3", - "encapsulation_seed": "74f1d52af09b12c36eb062ea7528550cb4c18a3ce8e4f4ea9fac43ae383bc925", - "sha3_256_hash_of_ciphertext": "f1b10c800a42ae606c72eaad76accf059cccc02299fbd78a5d091f183f6c3f0e", - "shared_secret": "d0bbc576fb1aa43b6e76db0e87bc4ee3fa057c31642b37f3339217a1b041b521" - }, - { - "key_generation_seed": "5cbb141c2763425c274f7404fe530d9116e08c33f9f200a20b011cf563a28990fc9ebbe336dc464489861db8253606971bd0a9008a433ed17752d04023781552", - "sha3_256_hash_of_public_key": "c74f3b7fa6e2ef8ce99508c89cf3c71d666ab065a262581a5fb01b2c9b9444fa", - "sha3_256_hash_of_secret_key": "5c6998a20960109a4c9808f8f8575697b2b8d18c44c7e9dff97585ae43e6004c", - "encapsulation_seed": "4b3a70d85f640d1a2a852fb6fe96704af56a7415a8ee4282e9207bc3a2dc116a", - "sha3_256_hash_of_ciphertext": "e9ef0852ee47744b8c3e12cd728d9017465014eef51edf83a4502cb5218cee20", - "shared_secret": "91fbc37d4749ec6175c12f0d8eb6b6a8621e693c79f85f5cd2f557cafec5e7e9" - }, - { - "key_generation_seed": "293abb6d1c207927945417cf84883ef010823e11b487ed55239e466e83696d0cff8563038aad865a817cab9ce98846ba75be9363718ecf5fea538aea90b2a558", - "sha3_256_hash_of_public_key": "7378ef967195c977d43a50d03205044006715a6a8a8263d717f40170b49e6bd0", - "sha3_256_hash_of_secret_key": "30bd5f16c3f242248a4c4cddc43508bf54535958657bda4dcf105216ddf47eb0", - "encapsulation_seed": "26e38ac804fb5b4d59ddf747715e7e6041d875f99c7b638024b4af82d622da60", - "sha3_256_hash_of_ciphertext": "37843616c8a4f7ea9480740b6624f41650da2bb1664cf228d85d6d71a0624528", - "shared_secret": "d586b441b8eaf7d053cc96b6835f093426677a7c3acc51aaa3ddbb66dd14a623" - }, - { - "key_generation_seed": "74d87c7556f2671f2d666854a4d6e073e69f35421e6e1a428cccea49c37f972ce1fb7456ac0aa1b97068f452cba64ebdc138bcf5d36b0a0fada2a3b374141eb9", - "sha3_256_hash_of_public_key": "16fe956be4601573d72306a251f69bc2181253e2417e178341fd6553303ac189", - "sha3_256_hash_of_secret_key": "873c94f8bee9fe37265d5dc0c5d3bc1c706057c7efb3cd2cd5ca9ba45498d0d1", - "encapsulation_seed": "a319d2b8f114f1acd866478bcdeba6fd164dc4e37b0adfa8d8034afb3e197376", - "sha3_256_hash_of_ciphertext": "cc677a81c73ea5139eed8d85782978d06192715933bc5aef560e737f6d57d0a7", - "shared_secret": "409bfd9102bd4632c6b5d3610eb349fe3e3bc51e73acc78a8e994a070e20e10c" - }, - { - "key_generation_seed": "013bab0212d04ecd54b478daf72748003a25e2cb060ba6cc50bf95c292b8206b9da0c5da5f195b80fbb99c2e8b06926074f3f604b3f6195b5a5b9737876bba72", - "sha3_256_hash_of_public_key": "633bee89571e8fc16151491ea71234ab83289426559f90c67903a36e4afaa6f4", - "sha3_256_hash_of_secret_key": "3c3cff5f49a802cec693efbfc264f6a385210b1eed20f7bc5b07b51839961d14", - "encapsulation_seed": "ff646071b2509e6b75790917e08e4f0b0d9f0116ec6291c0b59eaa4b583ad830", - "sha3_256_hash_of_ciphertext": "6d94a31cff4761e3993308cb3e812a4a7f04f64d02ed3b46b418c2fc16189dfa", - "shared_secret": "5dd151a8015c0b16d79822832ff4cc0da7fd38eb73b7da59bc519d4d2374b808" - }, - { - "key_generation_seed": "ccb073c4b90be0ad746e26fb093b60c70110bd1dcbcddb566a8cffb7b3caf80e71600a8982c350df524cde514431ded7aec23576530894bcbf0ec0bfef0bb64f", - "sha3_256_hash_of_public_key": "3217d034b472a846cd317681c0f36feea187bd40e546dc4ad69c2e67fd9d8303", - "sha3_256_hash_of_secret_key": "1503bc141825d523c9505d34f50dc0a01d7bc91cdaee6b99f4a85a24ce800496", - "encapsulation_seed": "0584270ec26f3b9818e4af074d17b2d51037cc8dfdcbe3b140fa4fed5deebc54", - "sha3_256_hash_of_ciphertext": "a63613ccfd2ecf8aa3adf0103ddd9eeedbde3282443bcf02513b4ab87360cabb", - "shared_secret": "1c729b8e580e124e715f19ea6f2409fc6de741afa3d9919b2b8bf3e54c053b51" - }, - { - "key_generation_seed": "2e889f44e28901e9ac7ca6b2fffcb124c8979401b17064d7e1d51a7e3c3adbfa0e145e44aae52cfc609e6f47fd7a6f6af877190ff52256d0ac5b05b89c3f449f", - "sha3_256_hash_of_public_key": "d1756ecfaeb695001ac490f36c4638151bee98d367fb7adf0e06a470844068af", - "sha3_256_hash_of_secret_key": "a21acea0fd4354eb0c78d47caaf93c9f2434f1cf2d6b2194871ccd98f9522ced", - "encapsulation_seed": "51e05c7b4ca3079781e8293f4eccebeeb2f8c8b4c59468eddb62a21bcb4ab8a3", - "sha3_256_hash_of_ciphertext": "3b322134b37fe8f5d7268fb74d1634ab8b35d456a973f7b0b427fb40a93b6db2", - "shared_secret": "b95ac8b73c703ab1154152b3ac73f054596ed23d3be328fbe20f936ea95fa926" - }, - { - "key_generation_seed": "174aaa36410566dc15a5e62874218d7abdde0b2c0f30d877bb80b1abd5f5a0a450a7a2354f7e5cefa6f4a4e9a1c411eb9364506e9e1204a8acb3cb77fbd2c4ed", - "sha3_256_hash_of_public_key": "1b1b0a8682caf72df2e0a48513a7358edbc77a615d6be6fe2a7145be66b7c509", - "sha3_256_hash_of_secret_key": "3e214f25fbf4d1bb670a87367399e1b2a9da3491cac5a22a2c18dcc44f3f1bae", - "encapsulation_seed": "9eca0fe36c80fc5eba171c3ae66a5b1c923faa50b4521bb055e7bf51005c93df", - "sha3_256_hash_of_ciphertext": "a2cd589c24c4c75bc0a3864dc84a85a7f0f3ac11c8578757f8e94054a7c186aa", - "shared_secret": "8c3851393e5c5997cc95f06da96300f6dd85c041343c98db2e742aaa5f78b298" - }, - { - "key_generation_seed": "351fe4313e2da7fac83d509f3103caf7b4c64a4d458fefdf636785ac361a1390f072d9b5a99f9c7a0a011e4dc10f6b600d611f40bba75071e7bee61d23fd5eda", - "sha3_256_hash_of_public_key": "2c54df6e9020e1e44b11b471dea97a382a2fe8d1042565bcd51ef21cc0884d68", - "sha3_256_hash_of_secret_key": "c6bc9c9e797a02684d3ad8de47919b8d8fdbee09258d084c7a9dc963c80401ac", - "encapsulation_seed": "0c5719261caab51ae66b8c32e21c34e6d86ee4aa127d1b0195663c066497b2e9", - "sha3_256_hash_of_ciphertext": "0cd687f1c3e0d67c46cebf93c1217ddc972ad8662dd05830db350e1292542c1c", - "shared_secret": "4b681fff6a755e1dda908d070f0d9ac610d85c73079c1022fc67d255e36f1f71" - }, - { - "key_generation_seed": "9bc5315580207c6c16dcf3a30c48daf278de12e8c27df6733e62f799068ad23d5a4d0a8a41c4f666854e9b13673071ceb2fd61def9a850c211e7c50071b1ddad", - "sha3_256_hash_of_public_key": "bdcaf7b417da8b8933279b33068f6fda313826c2eec500b224cbe046abeb37a7", - "sha3_256_hash_of_secret_key": "c96e176b19f4135add434d0dd219024587d49fdb649bf470e84d9518bbfa2879", - "encapsulation_seed": "0e59f6f9047c784c1f00b24454aa4f1bd32c92ae7e626549972f86fab90e7e89", - "sha3_256_hash_of_ciphertext": "b38711e358893a864b475f35328b2450fffd5087d631844f7ab0995de2b8310d", - "shared_secret": "bbaa67f1dad879f2fb33bd4ead45aec354bc8f05c7cbea1e433509faac022edf" - }, - { - "key_generation_seed": "d8b907b34d152ff8603b73051f772daa71eb902c47b7e2f070508269d757e02e36b817736cbc5f7b1dd6eef5fe6332fb1a598f3871e5470d440fd2ea631da28a", - "sha3_256_hash_of_public_key": "61e27e954728e2e2e230c94ff009417d7372938e2c29c38af22184eed530fa1f", - "sha3_256_hash_of_secret_key": "8baa58b1d3fab8ec5cee8841c9012506cad40bf58a677adac88f1a6400506d40", - "encapsulation_seed": "a3963ade17d69debbc358dda82c7bebe2c39d25b36813058e7a161542e3f8c2b", - "sha3_256_hash_of_ciphertext": "7d47a21d95483a5845a4fddbb07b3435c29a56b5cf26f5d0abfa21bc39a2f2e6", - "shared_secret": "2c7b983d66978be80250c12bf723eb0300a744e80ad075c903fce95fae9e41a2" - }, - { - "key_generation_seed": "684a29e4e5480a5f2533e1526b5fac8cdf5927f3d85087c71f928c59690eb56575d12195ec32a8686d0600e45d4a7f54219b0d7a3826d193a51b9156ecf2edd6", - "sha3_256_hash_of_public_key": "672e53b28d579974d268132187e7bd72238639c6f2ca154d50d98c74096ec330", - "sha3_256_hash_of_secret_key": "4c72f0a7ef5c3274c49365cca5e6770bc709ef12bdbd4fd7c2eb5faa296cdfe8", - "encapsulation_seed": "97beafabf2c8575586487c7a80e8af5fc50f94b6051c1bc66a5ae9f66be3cea7", - "sha3_256_hash_of_ciphertext": "167b4e8b7517cad82ae0f49795918c4d33c79137a9c3e16000c4c55b30b1d382", - "shared_secret": "bbc58d06cc14f9e96a10acb1789d93b93933f1429cc53a1735b3cd995f086ce7" - }, - { - "key_generation_seed": "d76b3573f596eb286ab5231feec7499686b13021be36cb126c7ebeb9d7030daf248c0a21ea0bb6d6f56f12300e8584d8e9a34e0e6f52227281151ae4c305fb8f", - "sha3_256_hash_of_public_key": "b86d5b13bb8b72a9fb81245ab712f0d10f0e2e09b222143c420e3f2c3acea27b", - "sha3_256_hash_of_secret_key": "c25f2e16a0e6fbf0729e5ee89fbbdd71f00ff9a1abbb00cb47f26e9989eaf678", - "encapsulation_seed": "75461decd34c50d6a094b4a64fb75e5e9479f8f9250d82bb7d729dedeb2d4b65", - "sha3_256_hash_of_ciphertext": "8919940aeb732930c496fa9832b0c09382663accda45be1ee22930c545eb3a37", - "shared_secret": "e045e0391e15a66d6208467078f2ba5e429cc586c410ca6c5f3c032c21761955" - }, - { - "key_generation_seed": "b87439fde81c9e39eebe7cf741c685785532c1dd23e8ef868b9ce7a541010f3d1646460817a0fce5836bdfe124a7448e7adf7b8ecc2652ac6d280e986682df71", - "sha3_256_hash_of_public_key": "85441cbd71c18717e9de7359b920a9a3bb7f32e619806f4e4718c585085be624", - "sha3_256_hash_of_secret_key": "93b65d2df33d3e3ab0d53c1d0a21f3752e2c5962f7d960b888b2a8c495b1b133", - "encapsulation_seed": "2607dcf4fd6ca1c614c21b5e37c24981c32b91c8c3e6955777da8a3f5d9c9335", - "sha3_256_hash_of_ciphertext": "422509b01b8fff9468e867a2b5ebe5d3e27314de5c058b2c79a61ccf464f4df7", - "shared_secret": "0b8584b75838e084839d58c89cb1749e82ec06a0e85464c7546dd96870547d29" - }, - { - "key_generation_seed": "056661b38038da4fdd7426f32a81576c73ed84843b305168a374f934e27a4e1b79238a80dcfd7c992d84b2dffa67493e669243d4fa38c46b090bdf86bc548411", - "sha3_256_hash_of_public_key": "065fb6156acaac591f1bf3ce71c4a046be8c6c55eb9a84d29569bd2b144c73e2", - "sha3_256_hash_of_secret_key": "0121afcc6aeb8be9f1c5b06d5b65cc1c03e9366ed7b85fc511d853c5eee230cc", - "encapsulation_seed": "38c89bbe7145c29e9a831c11431eb9929cb24fb4992db20737e4687d397fd732", - "sha3_256_hash_of_ciphertext": "f1d3b745d86f860e508ad8b6d5c8a72ef833c280ec11e99516f4ead3c42509be", - "shared_secret": "3547a15b5748990a5436bdc4db283738eb7d64bdb6ff566c96f7edec607ccc9b" - }, - { - "key_generation_seed": "a1b52d871612a1c611ae0944f9e71858f35d3bd14f20e96a931720668bdf0a6b1f135cf64b6403e103afae34da038613e2853bbfc36baafa3c6a95347193f37c", - "sha3_256_hash_of_public_key": "ced77d358342759291c2bd225b0bd82d659d28a24bbc5eda8f47975b780cd129", - "sha3_256_hash_of_secret_key": "16e06287bd8d71c78f1657bbd6d5d12c22f6bad7658e68dd849d7751da950860", - "encapsulation_seed": "b2c35e33c72d90182791f0e12a0324f5b216efcab2c8da1bee025dfbe13f4152", - "sha3_256_hash_of_ciphertext": "fdfd351fbb15c92843b44489fee162d40ce2eea4856059731490afda1268b985", - "shared_secret": "852ba9be42763c5a74a75778eb839a3738a8ceed1520b0588f9dccdd91907228" - }, - { - "key_generation_seed": "952b49c803d6d6fba69f4375adce8594847a00bcae2179da49af2aed0423250262d7033947ae42ca53522a65fbafe18d3bc3e0cb66164e9a094fe4b44d8977ed", - "sha3_256_hash_of_public_key": "2fdb7c7e39ce1625c20a13a1c91aa5909d8b03b064d00877dce2415020370c72", - "sha3_256_hash_of_secret_key": "ffdb52b23a9ca4b71ec882031ebcb33a0ecc6731c13c817b24f3a06e48273778", - "encapsulation_seed": "afb7d6dc2b7eb6d84acc080c1be63c98afe7b07786b5801f716444a3e8e64800", - "sha3_256_hash_of_ciphertext": "215d83f872221c5fd4ee4da557e17299dc102c52dba1fc4bc3f8c16805da7f1e", - "shared_secret": "618a8496b8850609c09dd1d18798ee2bfff3ed7ef6f8b8034fffcec98f291d69" - }, - { - "key_generation_seed": "3c815e57e9233e975fa1630208aab206b71ae0db37a7a8789ac683d9f9b2d29801c8e376fdb140ee343106c093af7cb149b316ba79446ceb4e5e0cedb9b164f9", - "sha3_256_hash_of_public_key": "86bb11e7d9c1368fbba34ce3a2f169c2464ef5fbc11f73843c456467b6cdbd4e", - "sha3_256_hash_of_secret_key": "5d46659798d268f1314ad1e7c1735c480301f5877773403966e928bc3fd33d1b", - "encapsulation_seed": "28f5e9dbda122b2cf8f3754fe9e0c73a84ad4b0c093522e0b62cf815d60bbc3c", - "sha3_256_hash_of_ciphertext": "5ff5d6bdb110bac57e58a4e288d056a1384f9823606a42daef2ae82e0b7574b2", - "shared_secret": "cbb8b7a05f48b47d163cf8c2fad32bc586f47f2c2e0911da349f29b1e3286c22" - }, - { - "key_generation_seed": "588760826dcfbd36d9abe6ae44a669bb3ebba6a218eab69e30f18a3bd536576e0e860576285483bb5fd36e2f944d32c4317bebc1e441470c1372046a790d79d4", - "sha3_256_hash_of_public_key": "29253478090cb4d580bc2a912645bc685061e5d4437b3811eda69c865ea9923c", - "sha3_256_hash_of_secret_key": "aadce411f3708e9727e4a7e4e198781e1ef5e8f4c4c14add1e25f5758649e265", - "encapsulation_seed": "b0d713cbef0bb1df70cbb425d1e9373e9f7790fdc7980cc96a240dfc53f1e8e2", - "sha3_256_hash_of_ciphertext": "675039d66fcb631a050a8b24415b50f331350bd6697f9c977eef15c15d4cacca", - "shared_secret": "1eef87404f318351413d52ba8a07cfa5e72f235d6f91afd7fb8ad3e683ce0a55" - }, - { - "key_generation_seed": "47550e9edacb6ddce3d9ab81f6b61080dd4f2693854acb05e0ccc7a4fb6390fbf89d7d99d5c3e0d10d6ef9af054d842375f695abb28e3b8eb495100f04306e92", - "sha3_256_hash_of_public_key": "286de7dc142efe935e84b0aeebbd32d050fd9d8b008a94e59454b19ea401611d", - "sha3_256_hash_of_secret_key": "a6b53edf9efd7fa67a478456a5b6a379876c248f623ea45f4b541a8db00c524e", - "encapsulation_seed": "32bdcdb7059fe27f6409901980c080308951ffd90deffa8317b4d213a5f04495", - "sha3_256_hash_of_ciphertext": "f03d44bd9bdf3bfd486919fec2177b8b685a9981de4cbc2a9e98b7e9b0a528fd", - "shared_secret": "ca2c0bba56645e4fce4b7e38a7bb4b839e754bf2834a302a2614377eddd6ae60" - }, - { - "key_generation_seed": "610afb64be8cc1df288cfb016ee2f44c6c07113de7f6fee071fe0c3fe31c6215cd292e4c5f9e1a55e0489bceffb204d672a6215f4f3980a646d9f880817c52dd", - "sha3_256_hash_of_public_key": "029a2e12c3e6aa668afb5be8a82576813fac7b8e61c5a88aff94ecc2770c585e", - "sha3_256_hash_of_secret_key": "413ae41ee83e17b74ac654c2aca57abe8f8ed0409acf7cc8b301e3d6bb049cfe", - "encapsulation_seed": "4ed7c92d83bd03b2a25b567f17ae55542e2f6a4308ec0f3fe69f8ba5ae24331b", - "sha3_256_hash_of_ciphertext": "e8992f7b7b619c03cb9f0c991e3a9c20f91beb707c177ad4e02a5808d10d8769", - "shared_secret": "9155619e28de6cc0670ce70e0ad270f0e885e5f5f8d6d38426938ae1036d6ffa" - }, - { - "key_generation_seed": "e1953800acaa85ac02a906c72cb8e8d704e8d27820345f88f71e89c1f549afcc8c64c049c6dfc0f1476cffd520b055756162f7ec94243de6b14ac0b9e5fb366c", - "sha3_256_hash_of_public_key": "e3ec3671cc7675a321af8584a0961101c04a432772431e77f5740ba3b2ef488d", - "sha3_256_hash_of_secret_key": "93bf696bf0671c3845c4b246f29701a0978eec5b49de81589009e235903061e0", - "encapsulation_seed": "060ea5d2ed1dd88144a9885e79278590821c22917b55a48920f96b53ebe0e689", - "sha3_256_hash_of_ciphertext": "6634bd840d2dbb01463cfe5b4e3e54d1eabc081cfbdc14d0bc118911ed8d3cce", - "shared_secret": "d1f24383d5b8d0c3c0a6a5f8f7d38ccce13ec179a84b0b09bcda4c9988f3eb4e" - }, - { - "key_generation_seed": "c719f9b2d16399b7326ce4eca30dabefe8fdaab18e9f6df888b0a134ef355570e40771856eb77e4633504899fcb86c6a3d433d0b8d60e26f07bd61f1d4ed69bd", - "sha3_256_hash_of_public_key": "79836213a513bd4cfd42ed281304e3ee4560e4e0c60fa53781f83d5bd2bbea52", - "sha3_256_hash_of_secret_key": "65deb55fea451375ef335e7faac73917d32220fc70c95f371fdb16e712beeb26", - "encapsulation_seed": "10ef9426f8c4a13b52325c5bb4ead4596ecf2c6b5bd2d37d8350e90d4164fdd9", - "sha3_256_hash_of_ciphertext": "ba79883ad64a6f2b256004233d87809a8c390327a23c739334f773507e003aa7", - "shared_secret": "d2dab0b39b7f62de3ca9826f9dd15a4201191a0e0c690d3e52b305a9d3af2d0f" - }, - { - "key_generation_seed": "e9acbb774be970206c3a738e243b420805a509fa59fa902044be2f0d013650d2ded5edaec5de3bf5b4d7c2f2e18e87f499c1968993eff196753db8045e2c8ba8", - "sha3_256_hash_of_public_key": "0c2e803c2872400c49e1bb10232946ab939319e84ff32cd354dc15d082cde5a3", - "sha3_256_hash_of_secret_key": "d37f172803739d074d71a2be32125eb1ba4250128342e34b882fcba38b259248", - "encapsulation_seed": "a4bd30a64cbf29a4e290fa1cc1dfb99e68348713041e4409a1af23c5d80c15c4", - "sha3_256_hash_of_ciphertext": "13d437b2fd9d67ca0699a3dacd977fba5d072fa6b482043d63e8a9548ba6a3fb", - "shared_secret": "6869ca370a496af2dbaa866265d91ba6be54b9686b1b8dd5714f6ba861b0d1e8" - }, - { - "key_generation_seed": "c1b3cbffad4b306f9af0cdd3028876486dbe858875c9b6497fe20172a986c82b1c96249919cedc2369d8d739ab125e0d2ccb82dfebcd90240a545cdfe07511f2", - "sha3_256_hash_of_public_key": "5818ac8d7a38c781e3a0bc43d088e6d391d1d67d9639b260bb6f58a19a57150d", - "sha3_256_hash_of_secret_key": "280e4774d1b2401580216fa70fb24c2c214ac5dc7f3841710a42e14d6aa09663", - "encapsulation_seed": "f4b66a7d3b65b896dfe100b2cad24b175a1168cfd2ae11fd704b835f6bcd311a", - "sha3_256_hash_of_ciphertext": "51eb70249a1abebd5159f1069b1acda2304f25fc9cbd9f4a625b58df448b47dc", - "shared_secret": "502d92b2a7e1804892ffb8ff009987a58f35baa30c0392c83859fde82105a9aa" - }, - { - "key_generation_seed": "ff7495b8575b5a98e4fd21fb4c3e58cbb60f14bef21aa74cf8802e3153f14807bdc370460375a778d1a31d01c42b66367ed8d9e8f84551002f552f0e52102b5d", - "sha3_256_hash_of_public_key": "172cf4f8dace8a96b8f70da966080a5e3f132873ca7544343377a99b65e8147f", - "sha3_256_hash_of_secret_key": "31136804b6c14f3a0a00a3295a5fed8d606369e64d272d432c59d7fe0ccc3e47", - "encapsulation_seed": "1d7b03d3c5eefb8ae5799dc569aa668f1bcb8c86607b089d3530cf61d6380147", - "sha3_256_hash_of_ciphertext": "9b38b66fdfe80acab82bf9577676f6566b4429f78a14f7486b07c96ae7be921b", - "shared_secret": "48eb4b840c0d957f28808e434786c02a8f99d3464ccb3caf91cef4a0f8e70c4f" - }, - { - "key_generation_seed": "bdc3fba1c32751139fc45bacffb3ea97f26573d804a5f27a459293d95190ed8efd5a08f656a6eb8cd20679930a31caa6a6331c4b133a6838c223ef9f769f6246", - "sha3_256_hash_of_public_key": "268b6356f92c57da6dd34494b927e8764adf0ad519612ef0d1b8951e50966c2f", - "sha3_256_hash_of_secret_key": "3bf02cee24670ca40b7280d8047fa147b24c5e286dcae9c24bace9465bb19f61", - "encapsulation_seed": "554f3385b382f4a46314de37ee3885addfc5332bd4038785094e0a832e9e8c2c", - "sha3_256_hash_of_ciphertext": "fe8c3fcee4be152aff29e55f42f2fb1354ae55ccbe38400bc901ca032ede1ef6", - "shared_secret": "f9507f70421be90f21138a1e135329ee8228682cc948a6914ea58624d396df0b" - }, - { - "key_generation_seed": "447f6076a627bbc5ad7773fbfeb14b4ba9ac43a0f8b99fb6dcd5e452aa3c47ec20a7237801f470fcc2bd9fd7bea8322859b850f7882d362947432913dd068c01", - "sha3_256_hash_of_public_key": "4c6d304e0494d88d83b5e3aa5761df3b299551a24f28994d2747b2b08945bead", - "sha3_256_hash_of_secret_key": "5de91ca73756eee74da3cac78a1fb329a02f8587f212bb9bc0b29e0e654a5795", - "encapsulation_seed": "38bf0033b779edf5367d9ebc01c988af90904c560970815837380650e4749eea", - "sha3_256_hash_of_ciphertext": "805ce0ab06c568b614cacbfa4cce5e65929e2846932a90e9418513dd48cf3358", - "shared_secret": "24caabaafe2063f812eaf57c58b6c0376ed8ff778cec1980ee9c3228801a75a5" - }, - { - "key_generation_seed": "2d5df64d62cb07fe630310bb801c658dbf3d97993e68626745de39d37fbfc2b27b534537addaba4ecf14f02ab317d36cb9f0f50222ced7cf029dff8a0d3d2fd9", - "sha3_256_hash_of_public_key": "72be2f5cd569e6229f00014854633f7b278e90af4ea593411909467a03e29cfb", - "sha3_256_hash_of_secret_key": "a68ca31b91491a129af9f280cb4c60c046e7a7ccddf41c9bd98663f8512ca34b", - "encapsulation_seed": "048ea516d0ebbd9f709b47eaac66f344c571cf50f0d01c9466aa061a50b66a24", - "sha3_256_hash_of_ciphertext": "d27a36808f09d6165aefc5d253090027eeff0653268c55a0b3de2a751ec765be", - "shared_secret": "9f734b15fc7dd99bc10d6cc7de5d2c93ac789a5665e508a95d075dffbad25abb" - }, - { - "key_generation_seed": "25056d1b8113bb362dd979d98643d7a7ac9c4f95994c0ba060609b6d07002ff3f48a9254dd40b117941fa35a66bb50296327b725525deef70e128ca8045ec451", - "sha3_256_hash_of_public_key": "0831c75b153fa17d336a79ff6e88ddf485daf7b1b0bcf39d8df15319d52ac67e", - "sha3_256_hash_of_secret_key": "2b983d7cb50880cff761441b6a2c66b7a41642cfd2a8cc297a5df53f0ed1947f", - "encapsulation_seed": "686c921c9db1263e78ae753b1c9c2e7936b8229dca48c0942c56c6bca4f10917", - "sha3_256_hash_of_ciphertext": "0892527da24957468b1b8fab49ad2d7dd6d238eca54624fce6a3c2dbbbe8d194", - "shared_secret": "d27e55f2a1f9ef336c8537f11da9875e03cc7dde8951d81b0740457609654107" - }, - { - "key_generation_seed": "e4d34e12982aeeb1d62fd488d9b9e28557ed3429292239fb4f76fa9098009acae6c45c7fc62329b13c8d29844405db8ff6860de474bf727ecd19e54e6e1a141b", - "sha3_256_hash_of_public_key": "b30cedc4316b63d75b641fbad2f33241a3fc47ab8b3ee1a3ed597e5b04f77c68", - "sha3_256_hash_of_secret_key": "a49a7533c671e533deec55af218ee511c57014070e138c7059853e08c34b0a78", - "encapsulation_seed": "2387772e50059cabda53cb93ba24b19ae529496c03b36584169451525c4a0e7e", - "sha3_256_hash_of_ciphertext": "390b3b6f9a0f9d97ccd452c83bf47416b22fd06b4d8968c44ee6effa7980e68c", - "shared_secret": "ed5903d1cf02861444cad7fc3793b4e1b9b6d0324bf6babfb768bb2f84300086" - }, - { - "key_generation_seed": "cd6a99396eb3539ca663a51e42063a3a262cc1c5a5fce1566f0597b52ad9fa325a3407f591791a5db4578b5972093a95bec3b8e70c1d542c9b5c9789729f8922", - "sha3_256_hash_of_public_key": "ee044dbdf6787ff038dbf9c133557169c62fc1ce2580739369aa87df00b49648", - "sha3_256_hash_of_secret_key": "9e865967f0d1e7d3f6a49f2bb623ced2a7b1408a945e02adbdca35846b70e7b9", - "encapsulation_seed": "155c29c5f0378df0cd0e847a80a07143cf7522fcd880c9229eb9feb1ce340cd2", - "sha3_256_hash_of_ciphertext": "6858db6eafd97259e6d775d881f7a877010179d4f827680426946b9ac4571261", - "shared_secret": "0d301028c1cb31dedc8a702a9e95b7d3589f68a6a1f600af84ae0f543e625361" - }, - { - "key_generation_seed": "6c8c53ed6f65e6b2e324b84364e10de42d1c26a106d4d1c99eee79c78586fb55b9402bf02481ce4b27a52e87feb92c4399c7f2988d40e942e7496ad15ad2aa88", - "sha3_256_hash_of_public_key": "e965ac6995d525e324e8252d8e2c2da909a29b24baca8b68daa5122cb539a474", - "sha3_256_hash_of_secret_key": "91051a381626e9465fc7ab20a1944eca64be461330bda53e7d1838a74597392d", - "encapsulation_seed": "a9cb9a61a3324b1ea5afe693b32784e2871096b2ca14a11acc9577c52359a241", - "sha3_256_hash_of_ciphertext": "42bfb5584610497fbc8080a664139afa534b39a417cb69ab0d2a16c8737eb1cb", - "shared_secret": "354d86b389021a3196b75c6582927b3a005fbfee0951f34d9cd5c8f415fa50f9" - }, - { - "key_generation_seed": "2107204cd995f1df14314d5381f8c5440f09a347502e161cffc0a2ec3dcfbc7324c3da70fe850e80aa818301d60c70f3038153866dcd5d179e22db59b8991bb4", - "sha3_256_hash_of_public_key": "a3d8a85f38cfda38c66ae39b2f9186ef7bc1e0c98e8976a6cbc6c4875d73d7fb", - "sha3_256_hash_of_secret_key": "cf7e797f8f7229a08206034737e54fe46645ab2fabdbfc8662b45a2604876b65", - "encapsulation_seed": "e99fbae8a024ebbbdcef32ce213f6aa942e3eca925e5da4c09975d773b33a175", - "sha3_256_hash_of_ciphertext": "ce7b65856502b280e02a36d906e018c6a23cae99f27ef6d65762c87ddfedff56", - "shared_secret": "3afcfdc446f93a8169024a24fc0383692843cfd6b4854a8e490892fc35aad4cb" - }, - { - "key_generation_seed": "63a925685a8ac5bbd918faa33ac397d1ffbcf99135d9da7c3d6ff7aa4c50af3d3afdb8a246a56ee71465591831c371f2eb87467b0559dedd776ba063ee6d2f93", - "sha3_256_hash_of_public_key": "aa73b40dedd61e6fdaac86971965c03ab14ae69e8130426fdf830bd57d0974ce", - "sha3_256_hash_of_secret_key": "1e7f3f1e5632d1df538b564304f56689742d1f652d8d32f019b45183af68a20e", - "encapsulation_seed": "67a216f37d67f5e74f782f1badbce1cc8c80a6130aec305b421899a4faa0a6c3", - "sha3_256_hash_of_ciphertext": "b6c40fd53bcd9ee1e70bc6783b402ae34c24dec724e63262d8583c90cd10256b", - "shared_secret": "ebba9a8bae936c829c1445c68595da96919041ee3d9b0fe27ca93db691146874" - }, - { - "key_generation_seed": "6a1aee5e708c1b47f02bdacce4f56c860f74fc7cfec1ef3b58285b1c8ad7fec2230e05b7114ff0395cc6634db1eae8258072d09c09f291e92d6620b177dc50d7", - "sha3_256_hash_of_public_key": "cf754f2ee43694865a09ca7beb0deda9b1328fd0abdf30ca5c338e27e8be04b5", - "sha3_256_hash_of_secret_key": "928592604aa44df8f2072f26e9511129f61da0b7f57acb3f6896635a9764ea87", - "encapsulation_seed": "52b19fea232c9154a3e431e9d69cda40013cf2d485c3cd027ad24e645420420b", - "sha3_256_hash_of_ciphertext": "a4b50ad169b436877652a6c64dbbffdd63f53274ddcf58f3c96c3929215aa956", - "shared_secret": "f063c0908deb2e61faa0c4c0f5051b2c8af7265060681df14bacb30f0228b3b3" - }, - { - "key_generation_seed": "6396b328b100e4c7f4bcae69875edea1a1982421558c608c13c592bf7b5d0fef1100ced48add211a5c937b8d6079d8e271af3f949edc61f70e60453aef20dea9", - "sha3_256_hash_of_public_key": "3a842153dee9e035299d7e268c9492d71188f9fb24bdc2dd20c1ddca647a1523", - "sha3_256_hash_of_secret_key": "28ee987bc4ae5a321d2669950dbf87596fc4b35c29f192836005064aa3dadee1", - "encapsulation_seed": "64440adb05db3308b189bf999f9ee16e8ee3a6ccbe11eebf0d3ae4b172da7d2f", - "sha3_256_hash_of_ciphertext": "126b64a28d82d06ca81f7e86d33f4949634924e04528d1142061320eaadcb841", - "shared_secret": "02d2e466e170bf45d3e9d357e2f04c34cda408cf147e9ff7a6e8c715f2c88ace" - }, - { - "key_generation_seed": "a453bcacdd2b0d4646009e5ed451c3c45f08fb827ef733db3c517a9dc1af93e67a3cc8aa3239d4c52ce4c95afdeff6efbfacac10d294edc0e7cf4535059bfdba", - "sha3_256_hash_of_public_key": "da43cae3c4da51d69a57eb87094a03cd3a9c3e6b4ed864cc691a60f0509cc646", - "sha3_256_hash_of_secret_key": "b204cd1c3122b29a3d99cb77e11427fc102375699928c5a6fe816f96bb212627", - "encapsulation_seed": "c8bb46b3a7344ad170c2052fb042b5a3b62e0590562ee82577b1081f6f114d16", - "sha3_256_hash_of_ciphertext": "228dfe300e3fabe4d4e550754ebcbbf72a796209c1d24e7ae93abb79e1cf17dd", - "shared_secret": "6a5b0842c122ab6ee251399492b061d2ab3e40843f4dc01c12fbd5bd545c600c" - }, - { - "key_generation_seed": "47ca2b77c5b717f423222c2730ca5cb9c856bc951d01b2b2c80bd76ccb5539b78f1481d7cab000e33fa07de8dc9627a85e76fabb4428a3376e66300cf12a0787", - "sha3_256_hash_of_public_key": "6533c524a32345eefdadc74a3c6ad7e981832797faf1068955b79f118dff9358", - "sha3_256_hash_of_secret_key": "b9dee52055b1f9a2b25a0c1be4d9f30d2ecd7c5a09f0f5294de2d49a55ac9fe0", - "encapsulation_seed": "2e2b70609f3fe029a14d09d5d659871ac776ce2797a0355f16e2eb68f5613fd1", - "sha3_256_hash_of_ciphertext": "2d7e8fbd6f2257b05eaaa2ca1643c452b4e0b623c9ad72027cca8dd8b7b5b91d", - "shared_secret": "2486c0a6cf17d9635dbca1f8395784cde54dccb7df10fced92183f983478fac1" - }, - { - "key_generation_seed": "aaf6eb40e596a5e3e8218871e708b089240dcbe7fd3641f0e5e41e071ce49107e2f8d320ac3cb0c52efdc753282f092bc39baf4a18783a48ea031a191865eb78", - "sha3_256_hash_of_public_key": "e2f60f27da7f318eb94a74b437f8e0bc9513e9bcc38dad99c174c1d75e0145f1", - "sha3_256_hash_of_secret_key": "68eaa8143a71bd5f6df29b128781e3f2a5fbc5d20534afb223ddcc64bc767f5a", - "encapsulation_seed": "4725dd8fb314bfd8ee23731c2341dbe114606d9abe6434c471b5573e7df193bb", - "sha3_256_hash_of_ciphertext": "b5b2de55cfaea8fe543f67c4f45a69780c3e2d932e56e0b574d9b40b56ddc1f1", - "shared_secret": "85690ee044e4d8e0540ff984775b59bb5134383c4e229e79e37d7d77632fadaa" - }, - { - "key_generation_seed": "6500f32c93415cfdbc0bd31d78d5be95cb9060c8cfa2013955b56f8b6868b322393308641a9a4647f230201e1389624a296b55192a9819fcb19ab77c25f95445", - "sha3_256_hash_of_public_key": "d4bf608793939ecba27dff5889d4d921c583999a57e20a48085ac549573e6abf", - "sha3_256_hash_of_secret_key": "5f9a14a9c41fc228306d79417015408f31bc9c3d97579616bd68a3d3444f9bd2", - "encapsulation_seed": "818d3bb8ebfb32bf464775f7139bac0a5bddce80ec5798595992f9403002cd5d", - "sha3_256_hash_of_ciphertext": "99fb7b7767fa94e74936a6678acfd5a2306b156f90f4608d507768a25403a16f", - "shared_secret": "d179d901a0570bd23aa52570c5c233a2240d4724e81d98c9ceedb74187eb75a6" - }, - { - "key_generation_seed": "7643cef2d62cc5aaeecf754653ea62294cd2208e5bf3ddeea209e3dc45373d49eac9d531a532770837a854b4f5531f6e0c8d6c10183b30d3435498c2dd142951", - "sha3_256_hash_of_public_key": "65f03add3941d22c80d50659f501f8cca1b448d84462ccb93d5f065889484bc0", - "sha3_256_hash_of_secret_key": "e4513cfd1dd2153d30d15b023421cb8e8456e6a40e612847e1713e915a29a87c", - "encapsulation_seed": "c92aa5fb91c980d9cade9ce99d4c75b2ffa7d6a6ff9bd59def1aa701f2a0992b", - "sha3_256_hash_of_ciphertext": "4cd7f0af86623b34c0b137a0516b876daa73ffd65d75871ddc828f86a7e9b224", - "shared_secret": "6d574af7fcb241fed8763b2d0a352870baf85ef686e90eea31f8500c35945ef7" - }, - { - "key_generation_seed": "f8ee95521060c03bb8dacc79f7eb7db640f545f315613a35d447a09e504cb4e13fc3d8392cb53f36ed647364a04e37278a0e0a45b720f4a75c580c9920eba98d", - "sha3_256_hash_of_public_key": "b8a3b8cf4709204a2fdb19889b0022ea655dfd58ff27e17d530510e1eef45793", - "sha3_256_hash_of_secret_key": "1f7cdadf3d4707efe1b7a6173d8f7b8a9f864ab388c3271d79ec424d9da3e896", - "encapsulation_seed": "7e8086a01dc5b3bb9eda25bcc45d27f99874841b97237968495800e007696ac5", - "sha3_256_hash_of_ciphertext": "1ca889a71a087ccee4ee1a178c3c55ce3649583f3db924e5c1003ccabc44091d", - "shared_secret": "b1090cf26276a81c22ef0e4479a4c705fe294d3b892051ddce7eab16495e0783" - }, - { - "key_generation_seed": "b8bd0493a882e3a49b4e0f6256fb1fea0912562fd9ba26ec3d6c9cc12c8973abd7e4b5d8021c486b9c3114d7cbbeb7cd49eba8a61bc2bcae1f1bef30a1daf76d", - "sha3_256_hash_of_public_key": "46fe6c37136273736ccb11df5b6d55debbc087de802404b72a003c5e8c809719", - "sha3_256_hash_of_secret_key": "3177ed170e84ff15fa1e744adc9ce806e431a68f15a7a026c6092bf593dec6a1", - "encapsulation_seed": "bb321ef14d44d8698df879fd52450567657f52a2df8d111185dcd7d4f30a72d4", - "sha3_256_hash_of_ciphertext": "aa9a0ea1823a84bc84649d26e249899437844827fe7c63d4828a5144929fa00a", - "shared_secret": "2fda9fa72321be3a0946d6d914c7ae714b9cc175619ab8abfd1f1fd499e0dc27" - }, - { - "key_generation_seed": "c0407e41ddf48d333978b89bcf2db01e4613425b456249e76a6f25b8a2827bf5b2dca81e3f5f748d23c9d356a2209f6b2d60247b2e45c9808de497f64f124643", - "sha3_256_hash_of_public_key": "a074ed1f76e97d68434ba4af2af0e549204222679e9e643580c35af3cdd247ce", - "sha3_256_hash_of_secret_key": "8f9b3f631d0fb04477846ae09aea725f1cc65b2cdefe2108cdb399c36db9b487", - "encapsulation_seed": "210a423dadd899b810f011794b79aa7f860823ac1962370e791287d3a1afa384", - "sha3_256_hash_of_ciphertext": "a4fb01f55eb2986c1f90cece43330bee1b16d7bda48d617fc94aa14fc540ec4e", - "shared_secret": "23798e8b9eaa0b369842cad83a2bc32206f791229c830d7593b9150161168011" - }, - { - "key_generation_seed": "334382d39164d1989696a2ff77b25a28af8bead9883b5365eb6fcca7c1781cc9aba5068af837be962f439f233593d193ce5e08f7d66efb3389885927b89d2523", - "sha3_256_hash_of_public_key": "26659f74fc9ec372fe18be4ed6aa28b7cd84ad1c0f0115dad011a11d20fda9ed", - "sha3_256_hash_of_secret_key": "5e3f83cb08ff80183879af9ade3631bed2a468e429ad027a5afeafd9a6f66362", - "encapsulation_seed": "bc856afe24213e3d14c3d6f9b89223bbcfb2c890722d770fa3492c1e46d1c302", - "sha3_256_hash_of_ciphertext": "6a4204db4803d26d7b8a769033e047f3b4cb616bf5451b88a1fb3ff219bba9cd", - "shared_secret": "d5c63d2bd297e2d8beb6755d6aefe7234dea8ecfba9acda48e643d89a4b95869" - }, - { - "key_generation_seed": "6995143e8eb8a6e93840f76eec844f67d2b5f75b1839a5040337e61f9806764a0f4dff8e56f68440836a072412a30d851ace2c7c6f02d60e7a8420001a63e6c6", - "sha3_256_hash_of_public_key": "2ca3d8ad2dab1dd8a2f4320658fe6eacabf70d907920593919119cf374516336", - "sha3_256_hash_of_secret_key": "2798448395f6ae3223550e7d5255e6a605b430229f5809b6efd0683a6b9ca402", - "encapsulation_seed": "5fc00f89563e44b24cd67d0ce684effe5731619fd08e7d72e2406eb016afb66b", - "sha3_256_hash_of_ciphertext": "dbd5fc0e1df33ff8af9efd5e281a2b98160f98653803cbd54e3a07292b37fcc7", - "shared_secret": "29d6a229adf49a1139794209307b0ca24be5825b2771809232fb718660162475" - }, - { - "key_generation_seed": "995eff7e0d195c6d0533f3dc194d47e60f9ad14696144cde694d60a95f3e96b4b28f7e7a15a005f92400ce33db073d49b53871594a88fc45e0f94207b5f0f2dc", - "sha3_256_hash_of_public_key": "de62eff56f6b49a156d065d85eaf0aa21ca229a20fa4e1372a410ab1c4ab6e7e", - "sha3_256_hash_of_secret_key": "6766cef3fe644a233caddf208074b58e6e83f8a78aecd00911c29a08f6f0b0f3", - "encapsulation_seed": "ea22a76065db4b565ee1807fbd813b43bde72b0e08407fb867c6a18995025e50", - "sha3_256_hash_of_ciphertext": "4c669e33b0227c9c2040cdacdbcb7d22b9984372587985ed8f860ffc8d037e79", - "shared_secret": "2a56a7a6d5b4c0500ec00a92e322e69be9e93006240889552072482966c54f56" - }, - { - "key_generation_seed": "3e809ec8dd0fec0d911a4e3fac20f70fbb128c5de94dc7184ca7310ae9157a98d8128601c28b1def8d393a0db283229f7c7383152a814e7cefe8ef9d9768c473", - "sha3_256_hash_of_public_key": "66f161d27dc34e1a2f4b98b14a2b221d7eae26a593bfe432487d9994cb480656", - "sha3_256_hash_of_secret_key": "2237f6cbb452d375878b82c474a7c948ff587a5f3ed02bbba1459fa7ff8ef802", - "encapsulation_seed": "e9602b34fe73ad57f4bf6ead99743d645641553a5b9b9bf2e7016629e3e9bd76", - "sha3_256_hash_of_ciphertext": "8a2453a21a031cb8966924607a28882426fab2018826192e9bf833bdd38e0631", - "shared_secret": "ecb62b03f640ae4a9d89685fa0070efa93c24dfcff0d555142f9de25b62f861c" - }, - { - "key_generation_seed": "dbf1c465fff3d9f783bd9ee61a573715e45691147b8904439b5ffaa64f94ff7bb6d75eac6c76ced1b0a025b40a55440712ad8424672e761e9bc400d63812006f", - "sha3_256_hash_of_public_key": "7537e68ccf14e8b7e57090d8f648529dc461ca3950288879e88116acaf57b4a2", - "sha3_256_hash_of_secret_key": "bd8e44337eef01251217c4702c99232c001b33870953473d83a7486fd25484cf", - "encapsulation_seed": "f72b9080a6c051bbdb9b0abc1949034be0f89a9f73fe277ec4d4740c78d04a83", - "sha3_256_hash_of_ciphertext": "6077c60641c03aa8b36213dddf938311ce6b7b8801f967d42713e73249fe7c55", - "shared_secret": "6cc30699701927e07b559d708f93126ed70af254cf37e9056ec9a8d72bfbfc79" - }, - { - "key_generation_seed": "1f7cfd2b70863154e8a69d1758532e86c20cfc763d67c758bd10a13b24e759b5273b38bddc18488024ec90e62a4110129a42a16d2a93c45439888e76008604c6", - "sha3_256_hash_of_public_key": "82f68b15681cca5c2852c18d6e88bcb102a059c1d21936582adb71790cc0a335", - "sha3_256_hash_of_secret_key": "fd483ddc211c5c27f453bca56158e1f8084f075a7b06f5098cc3204427bf8197", - "encapsulation_seed": "f1e5542190db8ecf4b8d617a04fd3783ad0df78bf8dab749afb57db8321d151b", - "sha3_256_hash_of_ciphertext": "5c6cfa16f63b1aa93a2b5edc2f4b14c9782f286f53deedf3153f329a2ae2d57a", - "shared_secret": "250e7f67bb34dd5477471e3a701fb71a8138a1920eb807824380f88a944a6fa3" - }, - { - "key_generation_seed": "3a19577908efd37697b8edc7fdaf47d1bd3ad01a1b77faf794bee5b9c3192a6fa3729672816f3eba84c9638a79676eeac0f22c8a48e0c5d50a26ff0844c66b99", - "sha3_256_hash_of_public_key": "104fbf09445794c0ea0654f5caf70ee09d51c8386d4e1f467b10633c710ac2a4", - "sha3_256_hash_of_secret_key": "73fb93953ae666a9df1bf933ba56b8655ea9e319c0110c78d49f8480ae1aa3fd", - "encapsulation_seed": "74efa414ae171bf60b6f884cb7e5ce12028f49365daccfa23e845d551711660b", - "sha3_256_hash_of_ciphertext": "e51772e769f778067916e81a561ba6f64fae6096a2b4d4b945d9117e7c36e2b1", - "shared_secret": "0210935a18f1add5ebc2e1107bf40a628ef9cf8f6e7cdac81dc0291bb50a5a3f" - }, - { - "key_generation_seed": "ae0f65e29f38804a6759f70f4d01e2aaff7fe1c91ebc4f892dd0de3ab2e68ea5e03ff73e02a217659f53d8c47556bf3d8c94040f630d63605e2d0f923579370c", - "sha3_256_hash_of_public_key": "0f353d6a29813d354471eb8b4c38df93939eb3b1db80ddd1cdd6558a9f2687a3", - "sha3_256_hash_of_secret_key": "8a9edd6278707108652f3a5bc244592cb7a82c24634583ed2d3eb6a176b216b8", - "encapsulation_seed": "0b4c3cffb2ba4380ead13dc0d8acad2356b448a810da1df29f264c44aab6d24f", - "sha3_256_hash_of_ciphertext": "a00c37bd326205575fcbbc100ed54630aa0f2d6dd9e69807d49151ac9a81c429", - "shared_secret": "34169fc520e944f94ff1fa3799db802a4c1b26cb2971bf196259a937ab8362ca" - }, - { - "key_generation_seed": "6084a235f79dd093ef6d185b54e69df33dacee73a9bf2f379004421a10e3a79d9f684fb055ece19459eb464e91e126a7a6e3ed11ccee0046da234d964c985110", - "sha3_256_hash_of_public_key": "12e89c47142418c26396ef0174c02f69dc00022d56494d31af935490edee6385", - "sha3_256_hash_of_secret_key": "bc13b19f01d4cab36dac2154e0fd8fb7d2fa012596363942847f1b0bb3715f90", - "encapsulation_seed": "1c82471dcdfca3a6942061ab4f3d5bf0d197321437c706d9cccccce449447002", - "sha3_256_hash_of_ciphertext": "aed1a4ee810b81cb8ee49ee00e94ff4553f0ad2176fe4d27a09f4e68157fcc3b", - "shared_secret": "b5901e97eb656a09d2dd132528148ad07a0a89f638717eb53516a9ad19aa36bf" - }, - { - "key_generation_seed": "acd1c0217fad5caa4235544dd9de153ab1880ccf4c76f16f236fae4e4bfda04cf03a8abb0a5010f400ae5722a75bdf5a2f6d5b546b34d73857cb1bfc7e587aa7", - "sha3_256_hash_of_public_key": "2fac52ca60594e514333ead02cb1bfa5cd1d9ecda4a0b25ccdfc47ad3f632a85", - "sha3_256_hash_of_secret_key": "2743b7a9dd83a6b9bb5c2685f28b5629b2e31132ac64788a0929557d3449dfc0", - "encapsulation_seed": "46fe60a18124125ab93e0c578f1c02f1bd1301595013001c7f3c2fa56cde294e", - "sha3_256_hash_of_ciphertext": "7a039d19c45cc557036189cbbc63445b3504a689db56845ece99d593f165c6af", - "shared_secret": "df5117706beedfb521f0f021069fe9650d0844194339033de6997dced05268c8" - }, - { - "key_generation_seed": "241191401a63afa750f05662e354dddbc683c776ce3222beb83e3cf913d7ed7ca59b3bd23b49a95bc1fad20070fec930b6060bd827d742b077092e422268e15d", - "sha3_256_hash_of_public_key": "3eb856043b822df9d60b55fccb537afa3cacca9ef50433bde1dd9831e534d192", - "sha3_256_hash_of_secret_key": "398ae3423ba5c6bb05920e83e8939a104c3e4ad91647edc7db1667efe438cbfa", - "encapsulation_seed": "52fb7cb6a633fd2e83f2892bd9441b48fe59ecee6d026f5246fa7f2a5e55ee3b", - "sha3_256_hash_of_ciphertext": "05c9617befed785811fcc44d0fce5ae3a1ec66c4d1217ab42e4b754d0ef6207e", - "shared_secret": "eed6ecb831c881508f99ea115745448a7b312a4fa97f65044ebcede172dee2fa" - }, - { - "key_generation_seed": "b9a6b0c05677e957d41a34ba03bd06f2a9092e31f63389397d7e70fde6409d18e99c0e7b82be89bc3c1eaee6680aa4efd394e40c2b3f30523c8117f7c26a8969", - "sha3_256_hash_of_public_key": "306aed2a804a1c9bad4ab9e59f6126ad7c8633cdd0c2dd9d4c6f639d312ed47b", - "sha3_256_hash_of_secret_key": "88b28cf6fe19424ff82fc2bb096423b71f0cb8cf985af31bc15ceb4ed18a5e62", - "encapsulation_seed": "0f81a5f97082121244403da3feeb734f6084b314b8d94beb11627aa6ad1914e9", - "sha3_256_hash_of_ciphertext": "315ef84926802ecbbb437f8f50927d3a391b55ee6e47dbd19aa9adeebb808008", - "shared_secret": "d6cb77dc96f9ae4bf8b2fc0e277935b3b7b7a59f749ff2c08ad42659dbce386b" - }, - { - "key_generation_seed": "28a96c71577ba00c94f99fe965bc595a26db2b3ca6ab5cf8e443cdd8462b17929c35d165453e5fcdc6f9df64526d9de698f2bd3e6bac6c7fdd86601b9ba5f4a5", - "sha3_256_hash_of_public_key": "9bb3963cc1c5cf2b2d1c6ca76226328ab765a79999ccc71fe98d5bf3b34f51b1", - "sha3_256_hash_of_secret_key": "d8c2492023fb1175a84c19b3ce20f03dd12b1c26b65176d5582c319124bc0e24", - "encapsulation_seed": "31af9345365549ea0360169ed57daf98cc5444799d4c75d9f1f5d615e9df8a91", - "sha3_256_hash_of_ciphertext": "ae36e333ece7ca60c9bc2c4ddd01ca88443fd73bab08502656873b703af8925d", - "shared_secret": "1592f1413331f1871b41ff298bfa669bca667241790370d81163c9050b8ac365" - }, - { - "key_generation_seed": "c08ba2ef8c3a0a043afad931652d7a19e6e8cb670f840de5f1fa03309b2ca9ec5fe6141a25f7ab9f875f79e0a82d6ea5cde5a017ab637d5fdb7c42646a1d71df", - "sha3_256_hash_of_public_key": "6d029bb2121c788b5b6ead7226df664490dae362c4befb615717d81c656b3273", - "sha3_256_hash_of_secret_key": "0f2c7bd16d9289c3c27136df0cb6ebc624e80144cb92e6f0c897f58a53617ac3", - "encapsulation_seed": "774ae54093d694ef40b63b62c73e6c98295f606feb8699807eda1d030ffb996d", - "sha3_256_hash_of_ciphertext": "f8a85f106c6144edf1c7906ec26e292f0390aa9d45a22e67ba2ea018ff565c4d", - "shared_secret": "966f35c6bc47b4525d9af1ba350e8f44ea448cd1d90cf4e9c55ae5878920b7cd" - }, - { - "key_generation_seed": "0e3b30e102d707538c2671060f603bb0b8a014103f132d63b09ece07e4a4c75b11eafeca9e810796c34e8cfce9d59342884456007b01ddd12edce6d10ed87e4c", - "sha3_256_hash_of_public_key": "64c819d9bf66855f6ae70627f04da8378547e5867e2eb9759fe0971efd601c4a", - "sha3_256_hash_of_secret_key": "e85b62236d5c6c691a9076dc58bd5da80999eccc8df973c7d0e7e65d8465ea7d", - "encapsulation_seed": "9f27a47604ab5146caaf0aafe6d149424f8d66e39ba3baf5e6c73b19221b7e21", - "sha3_256_hash_of_ciphertext": "e9149359cc37143b0b565bd413a04f41a7833c5b76012a9263a086ac34071684", - "shared_secret": "aa333af0226492126c6985130ac7df2226a64d6d5c5314ce3f7a99add6696d49" - }, - { - "key_generation_seed": "2478f7d3de6041e7e5cd11c5e2ef483d1aa6218eb126444091535f6ae532fa7311136e2681df2ef881b51a092a9badbe72c9772c169808521c47149578621e28", - "sha3_256_hash_of_public_key": "db315cafbaec2f8a0142f45affff65289e826c9244ab1cb03f9f65df3e3cbcf7", - "sha3_256_hash_of_secret_key": "be98d62e4724c0d960ad4839298d4571f9871033b63bdf10d3b0e589db376ffa", - "encapsulation_seed": "90044031b7597b5e60a4f946b713e8996d0426d2cb013243d9b7d8f8ef159a0f", - "sha3_256_hash_of_ciphertext": "9f9368ba712cfee95f28a808cb2c23116a0c8da3910c0def2ef4e55947d7101b", - "shared_secret": "9535303e6035e30c6605c9e0f10c553dcd73828d8525cb190fea79937e093331" - }, - { - "key_generation_seed": "9d405d3ebdaf35fa8722de431b669722acaaea2fd10b814310b17f78b66147d16ceb14f7662be0c42779459f69a145c0e2ce9f0bd9a0cd1bf32ed5694cc9ae32", - "sha3_256_hash_of_public_key": "c8d853e65b5b118e28b7cb6f0d5d6f282e0ea20fd72f3690a6b232b20a8a55ec", - "sha3_256_hash_of_secret_key": "7a5e854bad628be7b99f524f52a97b0959c0ee67a7a10ad24b970e6e3aeeeb80", - "encapsulation_seed": "a7a31e140891ea37d2b6424b59b1f84f89220f32dcb73e037eb912b389d34a48", - "sha3_256_hash_of_ciphertext": "31b04a4127558df57844413928b29b11547de5afc088d568a962fe080c97f190", - "shared_secret": "0caa79e0054182c15e54159fbe36d9fb09481331a560ccd9714fff81db5615c4" - }, - { - "key_generation_seed": "9a86490f0615f3edf789cb0654066e9ee339cc59f968281f3b89213f83c692edfaeb2ef44d2f608621e831187ce79b2d2f4a20f1568bbe76b0d3d5af36111714", - "sha3_256_hash_of_public_key": "f69bd52cb1d071f1cc7720f949d44f66f40c917eb30f3a4b0eb519ecad2d03dc", - "sha3_256_hash_of_secret_key": "b6ef04e6acbcd1bb072d1cd28412cdb00ee40d04ce5b39442a2efd6756292167", - "encapsulation_seed": "70eb3f791faa91f1f982fa477dbcddeb2c55691c07f93b04cd31b37544c94b42", - "sha3_256_hash_of_ciphertext": "d8fac8ffc3d8dfebe66c219f4189b780d5ba8fe28d5ab79264345639740913b0", - "shared_secret": "744ce1aa5a9c515c6571ad6e2f5985df8434e35e9f714cf3659f184b5db4086f" - }, - { - "key_generation_seed": "6dfd9b575872560c7bdc2732c4a28dac4db04e535eb8e402c3dffd145c09ce47a2985c1c4d203778597947d710dec806e36b0cd949fe460ef141213bfc525e5b", - "sha3_256_hash_of_public_key": "10e01965f9c196d2f5f90ce3ce8f552f8a0d76ba8f5345365392febc50560012", - "sha3_256_hash_of_secret_key": "2b5c6d5fe9b09ab5a027522e699401223ae9d304ac912f1b15f0f647dd9a0a7f", - "encapsulation_seed": "30f4095015ba88b6d969672ca3f438c395dacf7d476ea7a9e805ce932d270a13", - "sha3_256_hash_of_ciphertext": "e8b01628c7d63f16c59e67352399a760581f341ed41535013490502e884733be", - "shared_secret": "726f7d790df4c860a0b2c40de9d62c85d0ff70c704ce5a1b3f6bf1b3e3f66cd8" - }, - { - "key_generation_seed": "6fca9f4e384d8418075cc064c70730801bdb8249899d456a77130d5beeb3662cce7683f8a03d3cf04e46970ff7d6a12494ae12558346dfc8fd9370bf944a0102", - "sha3_256_hash_of_public_key": "7c3991fa7983d0dd6e7157cfb152538466e9d5c3998a2b8ed862162b91ca851c", - "sha3_256_hash_of_secret_key": "72e786018ae9ab8293fa51cb7ca3ff0435e7cccbd5ae02b4680b92c148590265", - "encapsulation_seed": "cf31220f44de862e1719570e1b26e897790159366a385452334fe24cdcae28ba", - "sha3_256_hash_of_ciphertext": "5b2e8a3e38c13b53393c8654e92eeb6251ddbe50de4b3c5203a06977491f2fbc", - "shared_secret": "68f3e22d1b2d8c57bff32160e550becfce535fdcb327394aabeb60eede263213" - }, - { - "key_generation_seed": "e58f71bf175c0550a67e00e0f7b3b7fc36bc2707bf0c93044a492626de36301a7f7054814869cf7625e45647bc1547aff288dbb90699b2ad84893f3b755d9722", - "sha3_256_hash_of_public_key": "8aacd8940ff6fc27f175342be74d48075f8ae9320cae20a41c879c27c1bf815d", - "sha3_256_hash_of_secret_key": "f7399dbf35fcc57a9bff87b0087755faa75267788cd0921b9ebc5cde8b656271", - "encapsulation_seed": "bb5e65669a44e5d5c709bafa98c16ccba6ac2c4ae923334f69a11543eda64f5d", - "sha3_256_hash_of_ciphertext": "aac868f2299bcd272afacf50f1ab0db3d092d33565cffb5645d8b92271e7e893", - "shared_secret": "7f6085840a30c6b1fb9dca782e0c78a2264d54726c04c3127956f131165426c8" - }, - { - "key_generation_seed": "e3fc575ed51513e62aba655d24cd9c8f1c6c848aaffa946c49a53ac3ea59e474d82c2f1bf2e6aebde5660fa73356982e12999d8fdafbb3cb186341d0386dead0", - "sha3_256_hash_of_public_key": "149e0b6b49fe8adba1217c2c57c83f2b8c5f1d92f319e502b184a65869214f75", - "sha3_256_hash_of_secret_key": "6dfa4d29af6a0e8413d5591339c15d2e2cfac3f502f49acca3efb53b53624666", - "encapsulation_seed": "9ddb3aa9c7905d1a438c93bcf78e3e321813580371ab4e1289e2dbf3701972c2", - "sha3_256_hash_of_ciphertext": "ced7a64ce643faebac8ffd39c6a4594732b35f1d6899978ba192b87003d3ad27", - "shared_secret": "96e30641ea4280168da37291a3063342ced8e77b33b5415819938c0bd7264ffc" - }, - { - "key_generation_seed": "470b4943f0fe7fd0d8ec5185aba0d1db09d112934e4fb4787e2bbc6b88466e7b8b2809fd40008be70a6b184981101724bc3d5ec5e1956b510b82fd5ad0668a5a", - "sha3_256_hash_of_public_key": "29b1bff7f12eda28dfedfbf0ac16e27008c9fdc62c35e53b28a312bdc91c40bf", - "sha3_256_hash_of_secret_key": "762a61eb847c017ece920f51d5da7a9036ed8b835bfd7793527321ec635e2fd0", - "encapsulation_seed": "26d90b190a6c3d0d9a86cf66005154e7086749e966e7187c249ccb9329fd3b8b", - "sha3_256_hash_of_ciphertext": "bf49310a35f9ba7994645f12949e658b0dd43d3de76386dc20d08c650522f86c", - "shared_secret": "47e54c85cc0e2503629a8bfdcfe038c3cf692d723d462bab733c7c8e0aa37b02" - }, - { - "key_generation_seed": "6df4385db978d27b27d2aa5e452e4152b36f097503d9581ac3390105c5727e7dc95fa08ed106ce84660e8a4c90bd2b22634e40769aa0090a101c5dddad45edc5", - "sha3_256_hash_of_public_key": "b990059e901097d00e0ebaf40c5d5dab009c66798489d357e760478ce884cce5", - "sha3_256_hash_of_secret_key": "37a044795bd330e4dc60a6d84bc6e99664d1be418b0239661d2ff16d1501573f", - "encapsulation_seed": "7db6d1a129d6123f1f805b79ad3b413012ea86aed42a05e98e7b1f32f9fbbdec", - "sha3_256_hash_of_ciphertext": "329115908d0763110a387c99778e4746861e80367ee90fd821cda9acdb93fd64", - "shared_secret": "8569bd042465a2c4af628425cb102b15ed4f5feee16090e2234f3a884a0fa938" - }, - { - "key_generation_seed": "dbacba825728444921b227cdba54446b3f6881b47be9cd02832f78b023b1bee0e15274a8e2bc08fe818b117ba28c5dfae74d54fcdf6f20052f79be333edc8dde", - "sha3_256_hash_of_public_key": "175eb63c3144108548720ce7ee0f43a9ff3f52a9924efe9f2f59318bb93c86b5", - "sha3_256_hash_of_secret_key": "1993d7639b79f5e4871a7c58a69fec50f96c1424c2c0ee030ac054ae1b88a56f", - "encapsulation_seed": "1d129b27be7384c359d04311fe5c44917d1fde4bfb57314f483ac617edd5ac49", - "sha3_256_hash_of_ciphertext": "8f4225838f2964a986336bacddc40836a98c32cca68c6afcbcf9ef68d9a3760b", - "shared_secret": "c184e0b019c2db772e2c1ca6f97f47478d99cf0c4c5ae1406f51d15815022123" - }, - { - "key_generation_seed": "690eb71fd7052b906eaec09937a8ed374e0b02afa27c2f14399932be5839fad281c38c2cb5cfafac81b96a810ab749b61806b6d54c9f8cf4bf1be0192423288f", - "sha3_256_hash_of_public_key": "9bc32a138a2fb5b6072464172abe0fd97e9eabf357c3fa5391d94a415b53abd3", - "sha3_256_hash_of_secret_key": "3db4ab1393cfc8b1c708cf8efdb1c443c975878898b60182c22af66375cba13a", - "encapsulation_seed": "bbc773ebd2df42c36ae05952d6a64c63a5dfb82ceb3ef4f8d4df3a30ec8c0467", - "sha3_256_hash_of_ciphertext": "f1c85f9530d4471eb1401fcf422a29533738c485a6be25f0b554ebf40b49d49d", - "shared_secret": "6d72e23c8a4cc60b2f14adc788a5c480033bbf6eb111070912bc83ad7b89280b" - }, - { - "key_generation_seed": "32e0ea9089fa928482c0770da545af1bb871a03ce38604138b0d08ea2a10ca2bc06c5bef7b6508409daf847a64c8d30d0974fd3ba7476dc76c46b458a036d884", - "sha3_256_hash_of_public_key": "7ef43a72ef04766f1e899d25c9a005009c788b5faf985123cfb3fb97975de26d", - "sha3_256_hash_of_secret_key": "77431cb18010a604d56fe5a623bed2ffd028a741f176fa09546e9a45a48caa5e", - "encapsulation_seed": "5b17a6adad541efcbf5ae4b0c0452cd2ce32e4f0f8701801c5b63e197c1fcbf4", - "sha3_256_hash_of_ciphertext": "83ddab2e25614544649a1e497b5b21c40a3e154e8a22c270f63cb0c40aa868fd", - "shared_secret": "29e6b1edac0a9aa33066c113167e42c64d70215ed04963d8be2d4c2dcd0f6589" - }, - { - "key_generation_seed": "6fb2ec719f2a0dea152bf3f64b9d148f8ab8ba88f64e61f5db53e12d59f525574f797c007e4061f95c7d56cfc7ee5c49e849dde3fea8f25e7876df2a18515c34", - "sha3_256_hash_of_public_key": "2c0db43f39b672b2cd912f907cf76a0f6fda925eb2d205546431be0b37b20411", - "sha3_256_hash_of_secret_key": "09844e203f4d8fa30728ab388b9d654847febbf5c9cd939cdc11c9c9be24ce9c", - "encapsulation_seed": "61ab87659525de9656af41246f20e1dbe85c24e335e7ecf9493f46168bc14e94", - "sha3_256_hash_of_ciphertext": "a2108ea2c446b566a50c228928893e2e4bde5fafb2184af92eb1314113bde0d6", - "shared_secret": "cfd1b82181543656807880f6e2576f0b095bf84629b3367e9bdede24662ee42e" - }, - { - "key_generation_seed": "527fb88c8bd9a4d6031dad15e63878abd2b559e7e08d61f69e8e78fca964ee6ae32d432b4f9f751bde0496c580a181ffed762aa35454a02d3f1f47ee0394c89c", - "sha3_256_hash_of_public_key": "aae8e61b905723fa092fb95b839f6de3670c39ce0498c27b87d20c24e7f64e22", - "sha3_256_hash_of_secret_key": "3880f7ca8fc33575a7a6d8bb46fec86a3f12e0068630507ed245d8bc278fbe5d", - "encapsulation_seed": "eca2adc3da1fb15f34033405ec08ef2f46163df4bfcccf8842c600ce0bc2026c", - "sha3_256_hash_of_ciphertext": "ec48b3ec403609a0ce2d1268cadda8184ab9629cc5913135ffdecd420eed1aa9", - "shared_secret": "f7331b0a4674969838482b7184fa92e5246f11f5b5e284c3e179effff7eb6329" - }, - { - "key_generation_seed": "ac6fcfaeeef795b6ef9e062f02bf42975fa01e7d91ba832f74e05269a72684d05aeda108ea4d6c6bc0fb958286850422bc357ca67b83c986048e0d0087fa11ec", - "sha3_256_hash_of_public_key": "64e085f67e48f00a7a7f82963e8c67176bff839a54fa1008328c0612f98d83d3", - "sha3_256_hash_of_secret_key": "0bfbc25d9df751f4c30907095eb6d9a75ed07fa23218ad0fffc469f0e55553c2", - "encapsulation_seed": "c4f15bec2d7701339d0ade4835193bea3632edcf89e74992620d9eb623a0d0d4", - "sha3_256_hash_of_ciphertext": "fb74b727ad120c18915dca475f3082cd34ded7ae20a308106384ffb5caa029d3", - "shared_secret": "c89d62938a5caabfd5b30d82ea88aced52ef5f8ec0528e59a654e1f6aff1cc2f" - }, - { - "key_generation_seed": "ba2fb9318d4dbe7488057c33e95e6f054583a2800c41bb83083c330a914a12cfe63f8ffda3565c2424c89b20974b748a65a5aba75133fcb3156dfb6626a83bab", - "sha3_256_hash_of_public_key": "8dab879de09b58d0fc7ade140393ffb5343abbddabdc118fad519b14436a964c", - "sha3_256_hash_of_secret_key": "7c53072fd98ea7bd8c5e873688b1a5650fe7e11c791407ac8c118b7958cf414b", - "encapsulation_seed": "28878249e2ac2b6263422993923a0c8bd05ce56e385ed13c943b03d226856947", - "sha3_256_hash_of_ciphertext": "a1f1579c4ce8eb725e697623321b3d9f55f4b1d0def10b898535ef6614e9923e", - "shared_secret": "204d9272682710b52fb39b1176af3ff737848978770310df0c67996f6cb596c3" - }, - { - "key_generation_seed": "aa6dd1e5799cdf7af9c4fc632b3eb9d51d66e85c8e0a21ec98664fc51ab63c7dfda268813efab5204efa60f78bf81d320d01ac09ac06244f7afbd2d80fd356d9", - "sha3_256_hash_of_public_key": "919a696301240cd6129f66be58e19d99b0d827d9932785cd9ea3d92f7ba54463", - "sha3_256_hash_of_secret_key": "cb1d7301f15951883cc3f287d4dd8fdf5c9b7022f558dff551c2ade5f5065755", - "encapsulation_seed": "17fc65f7fbd7c75ceec421dee84dff5a8cb22764a182db17e0ebe857f54d60eb", - "sha3_256_hash_of_ciphertext": "f02654803493821dd9c2ed23f9e46a36addd5fca0da706bbeeda87a2df9fec4f", - "shared_secret": "76e5f7623e3e867fd12f28dfda4311f7cd90a405b73e994e857f693573fd2b8a" - }, - { - "key_generation_seed": "195d6c86a3df4c21e3007d7f2768b43c74cb3060e0eca77f0a5d3271542b9a84ae77e0f9f21eabd8c0c6eea7767f4e10fde5c2d79b8400bf96b19014b457ec21", - "sha3_256_hash_of_public_key": "cb6d7232426bdbdfdacd373c9190722e7bf342825f7d829185dcc9120588fc76", - "sha3_256_hash_of_secret_key": "a85e24cc2eafdfe40d82f46471112e1359628b9955f3feae9955b48d563ac952", - "encapsulation_seed": "fa0489f3730100609488e951e6aaa15c0f193bc1dbcfcd013bc418d6c507b176", - "sha3_256_hash_of_ciphertext": "17336b9ede3a1c26abe725828a5afbe746035a73dfd4a8fbde5040fbabeb2b8d", - "shared_secret": "874ac966970f29935db73c231e71a3559b2504e5446151b99c199276617b3824" - } -] \ No newline at end of file diff --git a/kyber-crate-tests/kyber_nistkats.rs b/kyber-crate-tests/kyber_nistkats.rs deleted file mode 100644 index 5f7ef9005..000000000 --- a/kyber-crate-tests/kyber_nistkats.rs +++ /dev/null @@ -1,78 +0,0 @@ -use serde::Deserialize; -use serde_json; - -use std::path::Path; -use std::{fs::File, io::BufReader}; - -use libcrux::digest; - -use libcrux_kyber::kyber768::*; - -#[derive(Deserialize)] -struct KyberNISTKAT { - #[serde(with = "hex::serde")] - key_generation_seed: [u8; 64], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_public_key: [u8; 32], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_secret_key: [u8; 32], - - #[serde(with = "hex::serde")] - encapsulation_seed: [u8; 32], - - #[serde(with = "hex::serde")] - sha3_256_hash_of_ciphertext: [u8; 32], - - #[serde(with = "hex::serde")] - shared_secret: [u8; 32], -} - -macro_rules! impl_nist_known_answer_tests { - ($name:ident, $parameter_set: literal, $key_gen_derand:expr, $encapsulate_derand:expr, $decapsulate_derand: expr) => { - #[test] - fn $name() { - let katfile_path = Path::new("tests") - .join("kyber_kats") - .join(format!("nistkats_{}.json", $parameter_set)); - let katfile = File::open(katfile_path).expect("Could not open KAT file."); - let reader = BufReader::new(katfile); - - let nist_kats: Vec = - serde_json::from_reader(reader).expect("Could not deserialize KAT file."); - - for kat in nist_kats { - eprintln!("seed: {}", hex::encode(kat.key_generation_seed)); - let key_pair = $key_gen_derand(kat.key_generation_seed); - - eprintln!("pk: {}", hex::encode(key_pair.pk())); - eprintln!("sk: {}", hex::encode(key_pair.sk())); - let public_key_hash = digest::sha3_256(key_pair.pk()); - let secret_key_hash = digest::sha3_256(key_pair.sk()); - - assert_eq!(public_key_hash, kat.sha3_256_hash_of_public_key, "public keys don't match"); - assert_eq!(secret_key_hash, kat.sha3_256_hash_of_secret_key, "secret keys don't match"); - - let (ciphertext, shared_secret) = - $encapsulate_derand(key_pair.public_key(), kat.encapsulation_seed); - let ciphertext_hash = digest::sha3_256(ciphertext.as_ref()); - - assert_eq!(ciphertext_hash, kat.sha3_256_hash_of_ciphertext, "ciphertexts don't match"); - assert_eq!(shared_secret.as_ref(), kat.shared_secret, "shared secret produced by encapsulate does not match"); - - let shared_secret_from_decapsulate = - $decapsulate_derand(key_pair.private_key(), &ciphertext); - assert_eq!(shared_secret_from_decapsulate, shared_secret.as_ref(), "shared secret produced by decapsulate doesn't match the one produced by encapsulate"); - } - } - }; -} - -impl_nist_known_answer_tests!( - kyber768_nist_known_answer_tests, - 768, - generate_key_pair, - encapsulate, - decapsulate -); diff --git a/kyber-crate.sh b/kyber-crate.sh deleted file mode 100755 index 289058737..000000000 --- a/kyber-crate.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash - -set -e - -rm -rf kyber-crate -mkdir -p kyber-crate/src -cp -r src/kem/kyber* kyber-crate/src -cd kyber-crate -mv src/kyber.rs src/lib.rs -mv src/kyber/* src - -SED=$(which gsed &>/dev/null && echo gsed || echo sed) - -cat >Cargo.toml <src/hax_utils.rs < {}; -} - -pub(crate) use hax_debug_assert; -EOF - -$SED -i '1ipub(crate) mod hax_utils;' src/lib.rs - -mkdir -p tests -cp -r ../kyber-crate-tests/* tests/ -rm src/kyber512.rs -rm src/kyber1024.rs - -# Build & test -cargo test - -# Extract -if [[ -z "$CHARON_HOME" ]]; then - echo "Please set CHARON_HOME to the Charon directory" 1>&2 - exit 1 -fi -if [[ -z "$EURYDICE_HOME" ]]; then - echo "Please set EURYDICE_HOME to the Eurydice directory" 1>&2 - exit 1 -fi - -echo "Running charon ..." -$CHARON_HOME/bin/charon --errors-as-warnings -mkdir -p c -cd c - -echo "Running eurydice ..." -$EURYDICE_HOME/eurydice --config ../../kyber-c.yaml ../libcrux_kyber.llbc -cp $EURYDICE_HOME/include/eurydice_glue.h . - -if [[ -n "$HACL_PACKAGES_HOME" ]]; then - clang-format --style=Mozilla -i libcrux_kyber.c libcrux_kyber.h - cp internal/*.h $HACL_PACKAGES_HOME/libcrux/include/internal/ - cp *.h $HACL_PACKAGES_HOME/libcrux/include - cp *.c $HACL_PACKAGES_HOME/libcrux/src -else - echo "Please set HACL_PACKAGES_HOME to the hacl-packages directory to copy the code over" 1>&2 -fi diff --git a/libcrux-simd/Cargo.toml b/libcrux-hkdf/Cargo.toml similarity index 60% rename from libcrux-simd/Cargo.toml rename to libcrux-hkdf/Cargo.toml index 42d4846bf..65de2d0ca 100644 --- a/libcrux-simd/Cargo.toml +++ b/libcrux-hkdf/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "libcrux-simd" +name = "libcrux-hkdf" version.workspace = true authors.workspace = true license.workspace = true @@ -8,9 +8,9 @@ edition.workspace = true repository.workspace = true readme.workspace = true +[lib] +path = "src/hkdf.rs" + [dependencies] -libcrux-platform = { version = "0.0.2-pre.2", path = "../sys/platform" } +libcrux-hacl = { version = "=0.0.2-pre.2", path = "../sys/hacl" } -[features] -simd128 = [] -simd256 = [] diff --git a/src/hacl/hkdf.rs b/libcrux-hkdf/src/hacl_hkdf.rs similarity index 100% rename from src/hacl/hkdf.rs rename to libcrux-hkdf/src/hacl_hkdf.rs diff --git a/libcrux-hkdf/src/hkdf.rs b/libcrux-hkdf/src/hkdf.rs new file mode 100644 index 000000000..c3a9036fe --- /dev/null +++ b/libcrux-hkdf/src/hkdf.rs @@ -0,0 +1,75 @@ +//! HKDF +//! +//! This crate implements HKDF on SHA 1 and SHA 2 (except for SHA 224). + +pub(crate) mod hacl_hkdf; + +/// The HKDF algorithm defining the used hash function. +#[derive(Copy, Clone, Debug, PartialEq)] +pub enum Algorithm { + Sha256, + Sha384, + Sha512, +} + +/// HKDF Errors +#[derive(Debug, Clone, Copy, PartialEq, Eq)] +pub enum Error { + OkmLengthTooLarge, +} + +/// HKDF extract using hash function `mode`, `salt`, and the input key material `ikm`. +/// Returns the pre-key material in a vector of tag length. +pub fn extract(alg: Algorithm, salt: impl AsRef<[u8]>, ikm: impl AsRef<[u8]>) -> Vec { + match alg { + Algorithm::Sha256 => { + crate::hacl_hkdf::sha2_256::extract(salt.as_ref(), ikm.as_ref()).into() + } + Algorithm::Sha384 => { + crate::hacl_hkdf::sha2_384::extract(salt.as_ref(), ikm.as_ref()).into() + } + Algorithm::Sha512 => { + crate::hacl_hkdf::sha2_512::extract(salt.as_ref(), ikm.as_ref()).into() + } + } +} + +/// HKDF expand using hash function `mode`, pre-key material `prk`, `info`, and output length `okm_len`. +/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] +/// if the requested output length is too large. +pub fn expand( + alg: Algorithm, + prk: impl AsRef<[u8]>, + info: impl AsRef<[u8]>, + okm_len: usize, +) -> Result, Error> { + match alg { + Algorithm::Sha256 => { + crate::hacl_hkdf::sha2_256::vec::expand(prk.as_ref(), info.as_ref(), okm_len) + .map_err(|_| Error::OkmLengthTooLarge) + } + Algorithm::Sha384 => { + crate::hacl_hkdf::sha2_384::vec::expand(prk.as_ref(), info.as_ref(), okm_len) + .map_err(|_| Error::OkmLengthTooLarge) + } + Algorithm::Sha512 => { + crate::hacl_hkdf::sha2_512::vec::expand(prk.as_ref(), info.as_ref(), okm_len) + .map_err(|_| Error::OkmLengthTooLarge) + } + } +} + +/// HKDF using hash function `mode`, `salt`, input key material `ikm`, `info`, and output length `okm_len`. +/// Calls `extract` and `expand` with the given input. +/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] +/// if the requested output length is too large. +pub fn hkdf( + mode: Algorithm, + salt: &[u8], + ikm: &[u8], + info: &[u8], + okm_len: usize, +) -> Result, Error> { + let prk = extract(mode, salt, ikm); + expand(mode, prk, info, okm_len) +} diff --git a/libcrux-hmac/Cargo.toml b/libcrux-hmac/Cargo.toml new file mode 100644 index 000000000..3e86f6e4b --- /dev/null +++ b/libcrux-hmac/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "libcrux-hmac" +version.workspace = true +authors.workspace = true +license.workspace = true +homepage.workspace = true +edition.workspace = true +repository.workspace = true +readme.workspace = true + +[lib] +path = "src/hmac.rs" + +[dependencies] +libcrux-hkdf = { version = "=0.0.2-pre.2", path = "../libcrux-hkdf" } +libcrux-hacl = { version = "=0.0.2-pre.2", path = "../sys/hacl" } diff --git a/src/hacl/hmac.rs b/libcrux-hmac/src/hacl_hmac.rs similarity index 100% rename from src/hacl/hmac.rs rename to libcrux-hmac/src/hacl_hmac.rs diff --git a/libcrux-hmac/src/hmac.rs b/libcrux-hmac/src/hmac.rs new file mode 100644 index 000000000..3eea90a22 --- /dev/null +++ b/libcrux-hmac/src/hmac.rs @@ -0,0 +1,56 @@ +//! HMAC +//! +//! This crate implements HMAC on SHA 1 and SHA 2 (except for SHA 224). + +use libcrux_hkdf as hkdf; +pub(crate) mod hacl_hmac; + +/// The HMAC algorithm defining the used hash function. +#[derive(Copy, Clone, Debug, PartialEq)] +pub enum Algorithm { + Sha1, + // Not implemented + // Sha224 + Sha256, + Sha384, + Sha512, +} + +impl From for Algorithm { + fn from(value: hkdf::Algorithm) -> Self { + match value { + hkdf::Algorithm::Sha256 => Self::Sha256, + hkdf::Algorithm::Sha384 => Self::Sha384, + hkdf::Algorithm::Sha512 => Self::Sha512, + } + } +} + +/// Get the tag size for a given algorithm. +pub const fn tag_size(alg: Algorithm) -> usize { + match alg { + Algorithm::Sha1 => 20, + Algorithm::Sha256 => 32, + Algorithm::Sha384 => 48, + Algorithm::Sha512 => 64, + } +} + +/// Compute the HMAC value with the given `alg` and `key` on `data` with an +/// output tag length of `tag_length`. +/// Returns a vector of length `tag_length`. +pub fn hmac(alg: Algorithm, key: &[u8], data: &[u8], tag_length: Option) -> Vec { + let native_tag_length = tag_size(alg); + let tag_length = match tag_length { + Some(v) => v, + None => native_tag_length, + }; + let mut dst: Vec<_> = match alg { + Algorithm::Sha1 => crate::hacl_hmac::sha1(key, data).into(), + Algorithm::Sha256 => crate::hacl_hmac::sha2_256(key, data).into(), + Algorithm::Sha384 => crate::hacl_hmac::sha2_384(key, data).into(), + Algorithm::Sha512 => crate::hacl_hmac::sha2_512(key, data).into(), + }; + dst.truncate(tag_length); + dst +} diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti new file mode 100644 index 000000000..2a049de11 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2.fsti @@ -0,0 +1,199 @@ +module Libcrux_intrinsics.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_Vec128 = Core.Core_arch.X86.t____m128i + +unfold +let t_Vec256 = Core.Core_arch.X86.t____m256i + +val mm256_add_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_add_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_and_si256 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_andnot_si256 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_castsi128_si256 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_castsi256_si128 (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_cmpgt_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_cvtepi16_epi32 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_extracti128_si256 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_inserti128_si256 + (v_CONTROL: i32) + (vector: Core.Core_arch.X86.t____m256i) + (vector_i128: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_loadu_si256_i16 (input: t_Slice i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_loadu_si256_u8 (input: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_madd_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mul_epu32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mulhi_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mullo_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mullo_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_packs_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permute2x128_si256 (v_IMM8: i32) (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permutevar8x32_epi32 (vector control: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi16 (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi32 (constant: i32) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi64x (a: i64) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi16 + (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: + i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set_epi8 + (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + i8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_setzero_si256: Prims.unit + -> Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_shuffle_epi8 (vector control: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_slli_epi64 (v_LEFT: i32) (x: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_sllv_epi32 (vector counts: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val mm256_sub_epi16 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpackhi_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpackhi_epi64 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpacklo_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_unpacklo_epi64 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm256_xor_si256 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mm_add_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_loadu_si128 (input: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_movemask_epi8 (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val mm_mulhi_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_mullo_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_packs_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_set1_epi16 (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_set_epi8 + (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + u8) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_shuffle_epi8 (vector control: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val mm_storeu_si128 (output: t_Slice i16) (vector: Core.Core_arch.X86.t____m128i) + : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +val mm_sub_epi16 (lhs rhs: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-dsa/src/arithmetic.rs b/libcrux-ml-dsa/src/arithmetic.rs index 6263884e2..661472d18 100644 --- a/libcrux-ml-dsa/src/arithmetic.rs +++ b/libcrux-ml-dsa/src/arithmetic.rs @@ -72,37 +72,74 @@ pub(crate) fn montgomery_multiply_fe_by_fer( // // We assume the input t is in the signed representative range and convert it // to the standard unsigned range. -// -// This approach has been taken from: -// https://github.com/cloudflare/circl/blob/main/sign/dilithium/internal/common/field.go#L35 pub(crate) fn power2round(t: i32) -> (i32, i32) { debug_assert!(t > -FIELD_MODULUS && t < FIELD_MODULUS, "t is {}", t); // Convert the signed representative to the standard unsigned one. let t = t + ((t >> 31) & FIELD_MODULUS); - // Compute t mod 2ᵈ - // t0 is now one of 0, 1, ..., 2ᵈ⁻¹-1, 2ᵈ⁻¹, 2ᵈ⁻¹+1, ..., 2ᵈ-1 - let mut t0 = t & ((1 << BITS_IN_LOWER_PART_OF_T) - 1); + // t0 = t - (2^{BITS_IN_LOWER_PART_OF_T} * t1) + // t1 = ⌊(t - 1)/2^{BITS_IN_LOWER_PART_OF_T} + 1/2⌋ + // + // See Lemma 10 of the implementation notes document for more information + // on what these compute. + let t1 = (t - 1 + (1 << (BITS_IN_LOWER_PART_OF_T - 1))) >> BITS_IN_LOWER_PART_OF_T; + let t0 = t - (t1 << BITS_IN_LOWER_PART_OF_T); - // now t0 is -2ᵈ⁻¹-1, -2ᵈ⁻¹, ..., -2, -1, 0, ..., 2ᵈ⁻¹-2 - t0 -= (1 << (BITS_IN_LOWER_PART_OF_T - 1)) + 1; + (t0, t1) +} - // Next, we add 2ᴰ to those t0 that are negative - // now a0 is 2ᵈ⁻¹-1, 2ᵈ⁻¹, ..., 2ᵈ-2, 2ᵈ-1, 0, ..., 2ᵈ⁻¹-2 - t0 += (t0 >> 31) & (1 << BITS_IN_LOWER_PART_OF_T); +pub(crate) fn t0_to_unsigned_representative(t0: i32) -> i32 { + (1 << (BITS_IN_LOWER_PART_OF_T - 1)) - t0 +} + +// Splits 0 ≤ r < q into r₀ and r₁ such that: +// +// - r = r₁*α + r₀ +// - -α/2 < r₀ ≤ α/2 +// +// except when r₁ = (q-1)/α; in this case: +// +// - r₁ is set to 0 is taken +// - α/2 ≤ r₀ < 0. +// +// Note that 0 ≤ r₁ < (q-1)/α. +pub(crate) fn decompose(r: i32) -> (i32, i32) { + let r1 = { + // Compute ⌈r / 128⌉ + let ceil_of_r_by_128 = (r + 127) >> 7; + + match ALPHA { + 190_464 => { + // 1488/2²⁴ is an approximation of 1/1488 + let result = ((ceil_of_r_by_128 * 11_275) + (1 << 23)) >> 24; + + // For the corner-case a₁ = (q-1)/α = 44, we have to set a₁=0. + (result ^ (43 - result) >> 31) & result + } + 523_776 => { + // 1025/2²² is an approximation of 1/4092 + let result = (ceil_of_r_by_128 * 1025 + (1 << 21)) >> 22; + + // For the corner-case a₁ = (q-1)/α = 16, we have to set a₁=0. + result & 15 + } + _ => unreachable!(), + } + }; - // now t0 is 0, 1, 2, ..., 2ᵈ⁻¹-1, 2ᵈ⁻¹-1, -2ᵈ⁻¹-1, ... - // which is what we want. - t0 -= (1 << (BITS_IN_LOWER_PART_OF_T - 1)) - 1; + let mut r0 = r - (r1 * ALPHA); - let t1 = (t - t0) >> BITS_IN_LOWER_PART_OF_T; + // In the corner-case, when we set a₁=0, we will incorrectly + // have a₀ > (q-1)/2 and we'll need to subtract q. As we + // return a₀ + q, that comes down to adding q if a₀ < (q-1)/2. + r0 -= (((FIELD_MODULUS - 1) / 2 - r0) >> 31) & FIELD_MODULUS; - (t0, t1) + (r0, r1) } -pub(crate) fn t0_to_unsigned_representative(t0: i32) -> i32 { - (1 << (BITS_IN_LOWER_PART_OF_T - 1)) - t0 +pub(crate) fn make_hint(low: i32, high: i32) -> bool { + (low > GAMMA2) || (low < -GAMMA2) || (low == -GAMMA2 && high != 0) } #[cfg(test)] @@ -124,4 +161,15 @@ mod tests { assert_eq!(power2round(-1568816), (4049, 831)); assert_eq!(power2round(-4022142), (131, 532)); } + + #[test] + fn test_decompose() { + assert_eq!(decompose::<190_464>(3574899), (-43917, 19)); + assert_eq!(decompose::<190_464>(7368323), (-59773, 39)); + assert_eq!(decompose::<190_464>(3640854), (22038, 19)); + + assert_eq!(decompose::<523_776>(563751), (39975, 1)); + assert_eq!(decompose::<523_776>(6645076), (-164012, 13)); + assert_eq!(decompose::<523_776>(7806985), (-49655, 15)); + } } diff --git a/libcrux-ml-dsa/src/deserialize.rs b/libcrux-ml-dsa/src/deserialize.rs new file mode 100644 index 000000000..e15f8d625 --- /dev/null +++ b/libcrux-ml-dsa/src/deserialize.rs @@ -0,0 +1,221 @@ +use crate::arithmetic::PolynomialRingElement; + +#[inline(always)] +fn deserialize_to_mask_when_gamma1_is_2_pow_17(serialized: &[u8]) -> PolynomialRingElement { + const GAMMA1: i32 = 1 << 17; + const GAMMA1_TIMES_2_BITMASK: i32 = (GAMMA1 << 1) - 1; + + let mut re = PolynomialRingElement::ZERO; + + for (i, bytes) in serialized.chunks_exact(9).enumerate() { + re.coefficients[4 * i + 0] = bytes[0] as i32; + re.coefficients[4 * i + 0] |= (bytes[1] as i32) << 8; + re.coefficients[4 * i + 0] |= (bytes[2] as i32) << 16; + re.coefficients[4 * i + 0] &= GAMMA1_TIMES_2_BITMASK; + + re.coefficients[4 * i + 1] = (bytes[2] as i32) >> 2; + re.coefficients[4 * i + 1] |= (bytes[3] as i32) << 6; + re.coefficients[4 * i + 1] |= (bytes[4] as i32) << 14; + re.coefficients[4 * i + 1] &= GAMMA1_TIMES_2_BITMASK; + + re.coefficients[4 * i + 2] = (bytes[4] as i32) >> 4; + re.coefficients[4 * i + 2] |= (bytes[5] as i32) << 4; + re.coefficients[4 * i + 2] |= (bytes[6] as i32) << 12; + re.coefficients[4 * i + 2] &= GAMMA1_TIMES_2_BITMASK; + + re.coefficients[4 * i + 3] = (bytes[6] as i32) >> 6; + re.coefficients[4 * i + 3] |= (bytes[7] as i32) << 2; + re.coefficients[4 * i + 3] |= (bytes[8] as i32) << 10; + re.coefficients[4 * i + 3] &= GAMMA1_TIMES_2_BITMASK; + + re.coefficients[4 * i + 0] = GAMMA1 - re.coefficients[4 * i + 0]; + re.coefficients[4 * i + 1] = GAMMA1 - re.coefficients[4 * i + 1]; + re.coefficients[4 * i + 2] = GAMMA1 - re.coefficients[4 * i + 2]; + re.coefficients[4 * i + 3] = GAMMA1 - re.coefficients[4 * i + 3]; + } + + re +} + +#[inline(always)] +fn deserialize_to_mask_when_gamma1_is_2_pow_19(serialized: &[u8]) -> PolynomialRingElement { + const GAMMA1: i32 = 1 << 19; + const GAMMA1_TIMES_2_BITMASK: i32 = (GAMMA1 << 1) - 1; + + let mut re = PolynomialRingElement::ZERO; + + for (i, bytes) in serialized.chunks_exact(5).enumerate() { + re.coefficients[2 * i + 0] = bytes[0] as i32; + re.coefficients[2 * i + 0] |= (bytes[1] as i32) << 8; + re.coefficients[2 * i + 0] |= (bytes[2] as i32) << 16; + re.coefficients[2 * i + 0] &= GAMMA1_TIMES_2_BITMASK; + + re.coefficients[2 * i + 1] = (bytes[2] as i32) >> 4; + re.coefficients[2 * i + 1] |= (bytes[3] as i32) << 4; + re.coefficients[2 * i + 1] |= (bytes[4] as i32) << 12; + + re.coefficients[2 * i + 0] = GAMMA1 - re.coefficients[2 * i + 0]; + re.coefficients[2 * i + 1] = GAMMA1 - re.coefficients[2 * i + 1]; + } + + re +} + +#[inline(always)] +pub(crate) fn deserialize_to_mask_ring_element( + serialized: &[u8], +) -> PolynomialRingElement { + match GAMMA1_EXPONENT { + 17 => deserialize_to_mask_when_gamma1_is_2_pow_17(serialized), + 19 => deserialize_to_mask_when_gamma1_is_2_pow_19(serialized), + _ => unreachable!(), + } +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn test_deserialize_to_mask_when_gamma1_is_2_pow_17() { + let bytes = [ + 198, 32, 33, 79, 53, 132, 46, 198, 17, 233, 84, 94, 175, 136, 13, 127, 137, 254, 113, + 82, 68, 239, 94, 176, 179, 22, 102, 177, 253, 142, 176, 250, 96, 201, 11, 213, 230, 41, + 207, 14, 252, 247, 44, 197, 61, 57, 233, 239, 7, 173, 48, 253, 53, 43, 107, 174, 112, + 33, 144, 137, 117, 234, 75, 181, 150, 72, 158, 193, 130, 225, 136, 17, 65, 227, 146, + 207, 208, 228, 176, 164, 158, 62, 142, 193, 250, 109, 210, 52, 182, 254, 148, 179, 247, + 164, 167, 177, 209, 148, 189, 86, 221, 208, 92, 28, 51, 228, 176, 249, 12, 142, 124, + 187, 37, 164, 131, 203, 222, 228, 211, 250, 222, 114, 123, 183, 44, 125, 14, 97, 12, + 64, 154, 168, 11, 96, 112, 93, 225, 58, 8, 110, 164, 69, 246, 67, 102, 109, 227, 41, + 170, 254, 3, 137, 7, 0, 7, 12, 89, 123, 133, 155, 52, 14, 80, 211, 96, 229, 7, 100, + 208, 68, 109, 222, 122, 84, 80, 163, 240, 121, 126, 235, 54, 72, 124, 163, 195, 30, + 207, 194, 158, 106, 46, 181, 90, 251, 232, 201, 121, 115, 110, 225, 245, 38, 111, 109, + 248, 202, 9, 161, 220, 240, 202, 155, 72, 236, 80, 97, 168, 67, 128, 160, 37, 56, 211, + 167, 71, 73, 215, 92, 101, 148, 227, 207, 180, 155, 233, 42, 144, 30, 28, 236, 184, 13, + 133, 206, 47, 170, 205, 59, 29, 209, 245, 226, 66, 69, 144, 146, 168, 83, 66, 233, 193, + 59, 79, 41, 167, 246, 246, 95, 161, 50, 105, 109, 255, 137, 188, 210, 189, 142, 91, 73, + 139, 24, 228, 30, 36, 133, 202, 123, 206, 244, 9, 229, 227, 255, 94, 198, 149, 5, 193, + 37, 72, 129, 16, 205, 245, 177, 242, 241, 120, 66, 137, 39, 20, 111, 197, 64, 89, 9, + 238, 114, 4, 212, 146, 75, 206, 58, 232, 33, 231, 186, 90, 202, 95, 49, 233, 209, 177, + 195, 88, 253, 80, 103, 112, 163, 245, 31, 6, 78, 119, 131, 17, 240, 77, 210, 72, 61, 1, + 104, 110, 70, 49, 83, 172, 187, 39, 53, 235, 40, 4, 19, 170, 110, 153, 249, 52, 6, 122, + 225, 235, 40, 196, 149, 80, 184, 69, 148, 61, 158, 255, 145, 72, 129, 51, 16, 2, 196, + 156, 146, 128, 107, 76, 122, 194, 42, 99, 240, 12, 213, 57, 55, 232, 145, 61, 45, 160, + 136, 168, 6, 128, 210, 250, 114, 174, 126, 230, 8, 228, 207, 143, 146, 135, 161, 201, + 156, 182, 241, 219, 217, 69, 27, 35, 156, 194, 91, 192, 115, 201, 22, 197, 145, 240, + 132, 11, 206, 138, 128, 139, 222, 212, 13, 212, 22, 92, 232, 216, 16, 69, 109, 55, 230, + 217, 210, 95, 192, 242, 193, 250, 91, 217, 140, 11, 98, 111, 8, 117, 91, 212, 63, 24, + 93, 161, 48, 241, 55, 11, 5, 171, 199, 212, 161, 230, 156, 205, 103, 171, 11, 226, 125, + 213, 216, 76, 17, 229, 56, 203, 30, 43, 39, 212, 232, 96, 198, 217, 109, 81, 125, 22, + 180, 195, 249, 20, 18, 57, 153, 132, 63, 206, 40, 137, 240, 149, 189, 220, 75, 227, + 142, 178, 214, 215, 101, 232, 204, 94, 189, 109, 236, 173, 200, 39, 114, 203, 136, 152, + 114, 173, 199, 38, 195, 46, 224, 68, 92, 129, 184, 157, 35, + ]; + + let expected_coefficients = [ + 57146, 44088, -59459, 112872, -21737, -11223, -127192, -129573, 109967, -113617, + -80645, 26534, -64945, -44067, 92657, -87087, -76262, -66483, -53119, 67820, -125241, + -82427, -119562, 86825, 86421, 128932, -88217, 53335, 92491, 104558, -6188, 113117, + -58177, 117788, -69197, -31378, 29122, -97968, -85286, -129752, -111508, 5827, 58598, + -63059, 74410, -71476, -17201, -124611, 94708, 37153, 116158, -97070, -54244, 84034, + -96183, 2894, 106226, -36867, 83319, 16000, -57693, -98830, 107962, 61479, -93542, + -35448, 114710, 123356, 129280, -54851, 18345, 116526, 76976, 1704, 63936, 19181, + 99618, 76779, -106250, -110073, 112586, 71457, 69140, -31499, 53654, -54957, 90481, + 12825, 7826, -117181, -100054, 121045, 74591, -62140, -50313, 31421, 113752, 38880, + 52350, 57697, 75959, 59049, 65991, -28371, 120087, -67492, -102081, -5174, -12238, + -62314, 60973, -101335, 113342, -9380, 121542, -67493, 45253, 22070, 145, 79227, + -93545, -74367, -122155, 37318, 95415, -112902, 110015, 4310, 2866, 67262, 4098, + -22297, 16123, 110071, 77560, -51159, 69134, -20638, 48520, -71100, 42688, 83070, + 49081, 53685, 116018, 14214, 21586, 32983, 5839, 70540, -120204, 25277, 23696, 30723, + -95456, 113139, -19952, -86580, -32787, 58951, 109775, 4373, -45906, 126813, -43539, + -26203, 105649, -99816, 120597, 121487, 107643, 68015, 98, 110044, 64712, -69640, + 93540, -72416, 120924, 29525, 62224, 12683, 57725, 84746, 96096, 130646, -109864, + -47563, 72066, -129282, 55044, -34334, -40137, -64621, 107107, 95123, -115356, 69610, + 37737, -18196, -99568, -45954, 83960, -86906, -54285, -5893, 62066, 19180, 6601, + -128182, -76805, -125703, 75429, 97565, 96522, 37420, 114732, 108730, -70410, 119585, + -109317, 101071, 12694, 24778, -2987, 41096, 78451, -103493, -52024, 13625, -36162, + -72067, 37415, 24748, 115903, 109593, 50926, -123174, -36067, -115236, 82539, 77065, + -76014, -89946, 71579, -87987, -50907, -74423, -94759, -8754, -55081, 91362, 119101, + -69944, -100373, 94602, + ]; + + assert_eq!( + deserialize_to_mask_ring_element::<17>(&bytes).coefficients, + expected_coefficients + ); + } + + #[test] + fn test_deserialize_to_mask_when_gamma1_is_2_pow_19() { + let bytes: [u8; 640] = [ + 253, 11, 216, 60, 251, 71, 79, 187, 242, 250, 209, 44, 72, 206, 98, 3, 22, 91, 184, 22, + 197, 50, 249, 184, 253, 104, 8, 3, 9, 116, 147, 157, 110, 167, 67, 218, 30, 79, 58, 12, + 2, 72, 239, 104, 6, 162, 57, 195, 128, 18, 93, 245, 0, 132, 218, 172, 178, 214, 243, + 53, 171, 128, 90, 13, 126, 226, 148, 153, 238, 106, 146, 46, 220, 184, 140, 28, 167, + 18, 38, 212, 17, 6, 136, 251, 94, 47, 164, 196, 66, 120, 204, 45, 111, 37, 45, 51, 38, + 109, 32, 32, 144, 122, 13, 52, 144, 108, 75, 152, 73, 164, 139, 91, 26, 37, 76, 237, + 211, 47, 124, 0, 210, 175, 145, 149, 28, 19, 81, 38, 3, 121, 106, 191, 144, 129, 93, + 118, 202, 8, 163, 27, 182, 42, 148, 249, 166, 67, 198, 69, 164, 49, 157, 40, 230, 39, + 126, 108, 93, 96, 211, 185, 61, 99, 30, 83, 183, 241, 30, 16, 91, 76, 200, 55, 228, 22, + 33, 142, 114, 240, 217, 138, 155, 223, 136, 77, 216, 181, 102, 56, 218, 49, 91, 223, + 67, 68, 190, 216, 214, 180, 230, 199, 165, 17, 171, 151, 156, 33, 125, 248, 0, 56, 104, + 184, 150, 91, 83, 138, 61, 162, 255, 96, 168, 189, 86, 60, 76, 36, 163, 207, 76, 227, + 76, 180, 145, 125, 229, 251, 212, 77, 115, 88, 177, 134, 20, 122, 27, 211, 207, 254, + 233, 226, 31, 112, 10, 181, 117, 97, 56, 188, 176, 229, 156, 140, 97, 31, 64, 139, 249, + 217, 172, 100, 70, 121, 130, 94, 182, 245, 239, 138, 4, 65, 64, 228, 118, 200, 128, 94, + 143, 59, 53, 12, 185, 209, 191, 52, 91, 170, 161, 200, 12, 223, 221, 54, 151, 218, 3, + 156, 49, 176, 78, 50, 117, 16, 36, 179, 203, 91, 222, 181, 53, 151, 211, 229, 22, 49, + 247, 223, 195, 241, 1, 44, 157, 56, 48, 158, 25, 246, 231, 54, 106, 197, 107, 199, 252, + 60, 182, 216, 27, 129, 32, 149, 8, 239, 44, 176, 119, 104, 207, 77, 206, 150, 220, 18, + 172, 54, 140, 37, 235, 243, 23, 220, 149, 241, 197, 149, 240, 41, 223, 179, 98, 188, + 135, 231, 56, 176, 102, 173, 39, 46, 236, 79, 177, 224, 17, 164, 88, 227, 108, 214, + 234, 106, 253, 242, 27, 120, 44, 44, 63, 117, 135, 97, 90, 239, 81, 138, 112, 203, 188, + 13, 239, 224, 37, 53, 1, 27, 33, 26, 213, 36, 129, 146, 254, 82, 106, 111, 179, 25, + 199, 217, 243, 188, 250, 141, 136, 148, 154, 241, 152, 195, 225, 82, 174, 149, 124, + 237, 3, 81, 218, 90, 157, 6, 243, 34, 62, 141, 211, 164, 2, 103, 45, 46, 253, 115, 244, + 216, 191, 245, 177, 121, 216, 86, 131, 66, 63, 18, 167, 41, 199, 241, 195, 117, 168, + 134, 193, 73, 201, 83, 197, 85, 147, 217, 45, 162, 18, 203, 166, 95, 166, 159, 8, 1, + 110, 125, 113, 228, 180, 78, 194, 174, 60, 172, 124, 151, 23, 202, 247, 189, 206, 204, + 101, 51, 35, 8, 196, 85, 237, 64, 222, 81, 143, 182, 205, 105, 110, 173, 197, 239, 196, + 5, 108, 128, 248, 191, 247, 43, 25, 180, 246, 154, 125, 142, 227, 246, 17, 2, 207, 193, + 89, 244, 159, 82, 218, 117, 78, 191, 40, 49, 154, 160, 83, 246, 93, 94, 52, 85, 45, + 140, 99, 40, 23, 179, 141, 10, 143, 62, 176, 84, 19, 94, 79, 72, 58, 138, 7, 87, 196, + 2, 87, 0, 191, 226, 2, 224, 187, 150, 199, 217, 211, 51, 114, 228, 71, 54, 23, 17, 9, + 212, 195, 125, 236, 213, 254, 189, 203, 232, 161, 50, 81, 174, 129, 117, + ]; + + let expected_coefficients = [ + -3069, -504781, -216903, -503595, -11473, 119580, -202243, 431227, -78533, -514959, + 325528, 49008, -433555, 247178, -466650, 474204, -477186, 498034, 312926, 448500, + 461475, -370752, 85332, 303299, -164011, 7979, -103650, 86295, -274066, -52109, 350436, + -344673, -1553, 135240, 220113, 31700, -470476, 339370, -337459, 392698, -359056, + -66368, -19308, -148633, -154507, 212399, -513005, 522302, 413742, 407207, 110317, + 28622, 475286, 141287, -51830, 411088, 251210, -159641, 145853, 320956, 120675, 7554, + 500372, -236854, -418621, -226609, 516367, 211535, 247864, 388754, 494962, -44447, + -57243, -361688, -26293, 320093, 270501, -255044, 207144, -294507, -201125, -117114, + -32033, 294897, 83864, 182855, 377462, 126982, 82520, 212027, -500516, -406732, 412596, + -415705, -382203, 161996, 227663, 411743, -446419, -405151, -159775, 42160, -276577, + -416523, 422756, 261642, -129419, 111923, 362170, -222696, -192501, 257976, 72640, + -3207, -233310, 474285, -512441, 150709, -41386, -389324, 51491, 508503, 511588, + 318229, 257931, -310066, 139685, -95067, 72237, -488209, 408609, 344033, 509795, + 419357, 71690, -284323, -313195, -222159, 451624, -86536, -323336, 34046, -380776, + -93412, -266972, -50026, 267483, -377215, 134763, -461148, 270551, -247339, -59271, + 103677, -403373, 196926, 401231, 161215, 103197, 86355, -258813, 342143, 180436, + 124809, 397478, 63323, -376011, -397040, 445147, 388688, 207590, -75794, -152318, + -210678, -116505, -249661, -36346, -108872, 288527, 184804, -300462, 508201, -186961, + 497195, -402163, -342227, 64860, 335146, 232451, -261519, -111093, 168569, -475779, + -160035, 407767, 41921, 424280, -300188, 146093, -366901, 351699, -158897, -501343, + 520055, 426642, -216647, -442958, -181194, 26756, -490657, -315069, 313764, 260061, + -447836, 401856, -223477, -420301, -285398, 146193, -1728, 16392, 421185, -194228, + -59353, 395549, -323617, 239167, 185857, -423386, 357388, 484815, -484666, 237987, + 338605, -25484, -209266, -461453, -197608, -398164, 228107, 30150, -279920, 502014, + -404464, -253954, -293227, 273447, -411427, 51641, 487151, -377812, -351943, -245246, + -138892, -414002, 42982, + ]; + + assert_eq!( + deserialize_to_mask_ring_element::<19>(&bytes).coefficients, + expected_coefficients + ); + } +} diff --git a/libcrux-ml-dsa/src/lib.rs b/libcrux-ml-dsa/src/lib.rs index 7f7fe2db9..32e111662 100644 --- a/libcrux-ml-dsa/src/lib.rs +++ b/libcrux-ml-dsa/src/lib.rs @@ -1,5 +1,6 @@ mod arithmetic; mod constants; +mod deserialize; mod hash_functions; mod matrix; mod ml_dsa_generic; diff --git a/libcrux-ml-dsa/src/matrix.rs b/libcrux-ml-dsa/src/matrix.rs index 33451c0fe..16d5a8fe5 100644 --- a/libcrux-ml-dsa/src/matrix.rs +++ b/libcrux-ml-dsa/src/matrix.rs @@ -1,7 +1,7 @@ use crate::{ arithmetic::{add_to_ring_element, power2round, PolynomialRingElement}, ntt::{invert_ntt_montgomery, ntt, ntt_multiply_montgomery}, - sample::{sample_error_ring_element_uniform, sample_ring_element_uniform}, + sample::{sample_error_ring_element, sample_mask_ring_element, sample_ring_element_uniform}, }; pub(crate) fn power2round_vector( @@ -36,7 +36,25 @@ pub(crate) fn sample_error_vector( seed[65] = (*domain_separator >> 8) as u8; *domain_separator += 1; - error[i] = sample_error_ring_element_uniform::(seed); + error[i] = sample_error_ring_element::(seed); + } + + error +} + +#[inline(always)] +pub(crate) fn sample_mask_vector( + mut seed: [u8; 66], + signing_attempt_counter: u16, +) -> [PolynomialRingElement; COLUMNS_IN_A] { + let mut error = [PolynomialRingElement::ZERO; COLUMNS_IN_A]; + + for i in 0..COLUMNS_IN_A { + let domain_separator = signing_attempt_counter + (i as u16); + seed[64] = domain_separator as u8; + seed[65] = (domain_separator >> 8) as u8; + + error[i] = sample_mask_ring_element::(seed); } error diff --git a/libcrux-ml-dsa/src/ml_dsa_44.rs b/libcrux-ml-dsa/src/ml_dsa_44.rs index b251b4eb0..70096d8cc 100644 --- a/libcrux-ml-dsa/src/ml_dsa_44.rs +++ b/libcrux-ml-dsa/src/ml_dsa_44.rs @@ -6,10 +6,10 @@ const ROWS_IN_A: usize = 4; const COLUMNS_IN_A: usize = 4; const ETA: usize = 2; -const TWO_TIMES_ETA_BIT_SIZE: usize = 3; // ⌊log_2(2 * 2)⌋ + 1 +const BITS_PER_ERROR_COEFFICIENT: usize = 3; const BYTES_FOR_ERROR_RING_ELEMENT: usize = - (TWO_TIMES_ETA_BIT_SIZE * COEFFICIENTS_IN_RING_ELEMENT) / 8; + (BITS_PER_ERROR_COEFFICIENT * COEFFICIENTS_IN_RING_ELEMENT) / 8; const VERIFICATION_KEY_SIZE: usize = SEED_FOR_A_SIZE + (COEFFICIENTS_IN_RING_ELEMENT diff --git a/libcrux-ml-dsa/src/ml_dsa_65.rs b/libcrux-ml-dsa/src/ml_dsa_65.rs index 60bc95dfd..9f0049e04 100644 --- a/libcrux-ml-dsa/src/ml_dsa_65.rs +++ b/libcrux-ml-dsa/src/ml_dsa_65.rs @@ -6,10 +6,25 @@ const ROWS_IN_A: usize = 6; const COLUMNS_IN_A: usize = 5; const ETA: usize = 4; -const TWO_TIMES_ETA_BIT_SIZE: usize = 4; // ⌊log_2(2 * 4)⌋ + 1 +const GAMMA1_EXPONENT: usize = 19; + +// To sample a value in the interval [-ETA, ETA], we can sample a value (say 'v') +// in the interval [0, 2 * ETA] and then compute ETA - v. This can be done in +// 4 bits when ETA is 4. +const BITS_PER_ERROR_COEFFICIENT: usize = 4; const BYTES_FOR_ERROR_RING_ELEMENT: usize = - (TWO_TIMES_ETA_BIT_SIZE * COEFFICIENTS_IN_RING_ELEMENT) / 8; + (BITS_PER_ERROR_COEFFICIENT * COEFFICIENTS_IN_RING_ELEMENT) / 8; + +// To sample a value in the interval [-(GAMMA - 1), GAMMA], we can sample a +// value (say 'v') in the interval [0, (2 * GAMMA) - 1] and then compute +// GAMMA - v. This can be done in 20 bits when GAMMA is 2^{19}. +const BITS_PER_MASK_COEFFICIENT: usize = 20; + +const MAX_NUMBER_OF_ONES_IN_HINT: usize = 55; + +const BYTES_PER_MASK_RING_ELEMENT: usize = + (BITS_PER_MASK_COEFFICIENT * COEFFICIENTS_IN_RING_ELEMENT) / 8; const VERIFICATION_KEY_SIZE: usize = SEED_FOR_A_SIZE + (COEFFICIENTS_IN_RING_ELEMENT diff --git a/libcrux-ml-dsa/src/ml_dsa_87.rs b/libcrux-ml-dsa/src/ml_dsa_87.rs index 1778ca333..34b9e63fc 100644 --- a/libcrux-ml-dsa/src/ml_dsa_87.rs +++ b/libcrux-ml-dsa/src/ml_dsa_87.rs @@ -6,10 +6,10 @@ const ROWS_IN_A: usize = 8; const COLUMNS_IN_A: usize = 7; const ETA: usize = 2; -const TWO_TIMES_ETA_BIT_SIZE: usize = 3; // ⌊log_2(2 * 2)⌋ + 1 +const BITS_PER_ERROR_COEFFICIENT: usize = 3; const BYTES_FOR_ERROR_RING_ELEMENT: usize = - (TWO_TIMES_ETA_BIT_SIZE * COEFFICIENTS_IN_RING_ELEMENT) / 8; + (BITS_PER_ERROR_COEFFICIENT * COEFFICIENTS_IN_RING_ELEMENT) / 8; const VERIFICATION_KEY_SIZE: usize = SEED_FOR_A_SIZE + (COEFFICIENTS_IN_RING_ELEMENT diff --git a/libcrux-ml-dsa/src/ml_dsa_generic.rs b/libcrux-ml-dsa/src/ml_dsa_generic.rs index 14bf832e1..04f63e328 100644 --- a/libcrux-ml-dsa/src/ml_dsa_generic.rs +++ b/libcrux-ml-dsa/src/ml_dsa_generic.rs @@ -141,3 +141,29 @@ pub(crate) fn generate_key_pair< (signing_key_serialized, verification_key_serialized) } + +#[allow(non_snake_case)] +pub(crate) fn sign< + const ROWS_IN_A: usize, + const COLUMNS_IN_A: usize, + const BYTES_FOR_ERROR_RING_ELEMENT: usize, + const SIGNING_KEY_SIZE: usize, + const SIGNATURE_SIZE: usize, +>( + signing_key: [u8; SIGNING_KEY_SIZE], + message: &[u8], + randomness: [u8; 32], +) -> [u8; SIGNATURE_SIZE] { + let (rho, remaining_signing_key) = signing_key.split_at(SEED_FOR_A_SIZE); + let (seed_for_signing, remaining_signing_key) = + remaining_signing_key.split_at(SEED_FOR_SIGNING_SIZE); + let (verification_key_hash, remaining_signing_key) = + remaining_signing_key.split_at(BYTES_FOR_VERIFICATION_KEY_HASH); + + let (s1_serialized, remaining_signing_key) = + remaining_signing_key.split_at(BYTES_FOR_ERROR_RING_ELEMENT); + let (s2_serializd, t0_serialized) = + remaining_signing_key.split_at(BYTES_FOR_ERROR_RING_ELEMENT); + + todo!(); +} diff --git a/libcrux-ml-dsa/src/notes.md b/libcrux-ml-dsa/src/notes.md new file mode 100644 index 000000000..5d4f5f5d0 --- /dev/null +++ b/libcrux-ml-dsa/src/notes.md @@ -0,0 +1,4 @@ +The constants and arrays used in the unit tests in this directory have been +generated by printing the inputs and outputs produced by the corresponding +functions from the `ref` version under the `standard` branch of the +[PQ-Crystals implementation](https://github.com/pq-crystals/dilithium) of ML-DSA. diff --git a/libcrux-ml-dsa/src/sample.rs b/libcrux-ml-dsa/src/sample.rs index 579b19e87..44d72057b 100644 --- a/libcrux-ml-dsa/src/sample.rs +++ b/libcrux-ml-dsa/src/sample.rs @@ -1,6 +1,7 @@ use crate::{ arithmetic::PolynomialRingElement, constants::{COEFFICIENTS_IN_RING_ELEMENT, FIELD_MODULUS}, + deserialize::deserialize_to_mask_ring_element, hash_functions::{H, H_128}, }; @@ -133,9 +134,7 @@ pub(crate) fn rejection_sample_less_than_eta( } #[allow(non_snake_case)] -pub(crate) fn sample_error_ring_element_uniform( - seed: [u8; 66], -) -> PolynomialRingElement { +pub(crate) fn sample_error_ring_element(seed: [u8; 66]) -> PolynomialRingElement { // TODO: Use incremental API to squeeze one block at a time. let randomness = H::<272>(&seed); @@ -152,6 +151,53 @@ pub(crate) fn sample_error_ring_element_uniform( out } +pub(crate) fn sample_mask_ring_element( + seed: [u8; 66], +) -> PolynomialRingElement { + match GAMMA1_EXPONENT { + 17 => deserialize_to_mask_ring_element::(&H::<576>(&seed)), + 19 => deserialize_to_mask_ring_element::(&H::<640>(&seed)), + _ => unreachable!(), + } +} + +pub(crate) fn sample_challenge_ring_element( + seed: [u8; 32], +) -> PolynomialRingElement { + // TODO: Use incremental API to squeeze one block at a time. + let mut randomness = H::<136>(&seed).into_iter(); + + let mut signs: u64 = 0; + for i in 0..8 { + signs |= (randomness.next().unwrap() as u64) << (8 * i); + } + + let mut out = PolynomialRingElement::ZERO; + + for index in (out.coefficients.len() - TAU)..out.coefficients.len() { + // TODO: Rewrite this without using `break`. It's doable, just probably + // not as nice. + let sample_at = loop { + let i = match randomness.next() { + Some(byte) => byte as usize, + + // TODO: We need to incrementally sample here instead of panicking. + None => panic!("Insufficient randomness to sample challenge ring element."), + }; + + if i <= index { + break i; + } + }; + + out.coefficients[index] = out.coefficients[sample_at]; + out.coefficients[sample_at] = 1 - 2 * ((signs & 1) as i32); + signs >>= 1; + } + + out +} + #[cfg(test)] mod tests { use super::*; @@ -225,7 +271,7 @@ mod tests { ]; assert_eq!( - sample_error_ring_element_uniform::<2>(seed).coefficients, + sample_error_ring_element::<2>(seed).coefficients, expected_coefficients ); } @@ -254,7 +300,85 @@ mod tests { ]; assert_eq!( - sample_error_ring_element_uniform::<4>(seed).coefficients, + sample_error_ring_element::<4>(seed).coefficients, + expected_coefficients + ); + } + + #[test] + fn test_sample_challenge_ring_element_when_tau_is_39() { + let seed: [u8; 32] = [ + 3, 9, 159, 119, 236, 6, 207, 7, 103, 108, 187, 137, 222, 35, 37, 30, 79, 224, 204, 186, + 41, 38, 148, 188, 201, 50, 105, 155, 129, 217, 124, 57, + ]; + + let expected_coefficients: [i32; COEFFICIENTS_IN_RING_ELEMENT] = [ + 0, 0, 1, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 1, 0, -1, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, -1, + -1, 0, 0, 0, 0, 1, 1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, -1, + -1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, -1, 0, 0, 0, 0, 0, -1, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, 0, -1, 0, 0, -1, 1, 0, 0, 1, + 0, 0, 0, 1, 0, 0, -1, 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, + 0, + ]; + + assert_eq!( + sample_challenge_ring_element::<39>(seed).coefficients, + expected_coefficients + ); + } + + #[test] + fn test_sample_challenge_ring_element_when_tau_is_49() { + let seed: [u8; 32] = [ + 147, 7, 165, 152, 200, 20, 4, 38, 107, 110, 111, 176, 108, 84, 109, 201, 232, 125, 52, + 83, 160, 120, 106, 44, 76, 41, 76, 144, 8, 184, 4, 74, + ]; + + let expected_coefficients: [i32; COEFFICIENTS_IN_RING_ELEMENT] = [ + 0, 0, 0, 1, 0, 0, 0, -1, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, -1, -1, 0, + 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, + -1, 0, 0, 1, 0, 0, 0, 0, 0, 0, -1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -1, 0, 0, -1, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + -1, 0, 0, 1, 0, 0, -1, -1, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, + 0, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 0, -1, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, + -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, + -1, 0, -1, 0, 0, -1, 0, 0, -1, 0, -1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, -1, 0, 1, 0, + 0, -1, 0, 0, 0, + ]; + + assert_eq!( + sample_challenge_ring_element::<49>(seed).coefficients, + expected_coefficients + ); + } + + #[test] + fn test_sample_challenge_ring_element_when_tau_is_60() { + let seed: [u8; 32] = [ + 188, 193, 17, 175, 172, 179, 13, 23, 90, 238, 237, 230, 143, 113, 24, 65, 250, 86, 234, + 229, 251, 57, 199, 158, 9, 4, 102, 249, 11, 68, 140, 107, + ]; + + let expected_coefficients: [i32; COEFFICIENTS_IN_RING_ELEMENT] = [ + 0, 0, 0, 0, -1, 0, 0, -1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 1, 1, 0, 0, 0, 0, 0, 1, 0, + 0, 0, 1, 1, 0, 0, 0, 0, 0, 1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, -1, 0, -1, 0, 0, -1, + 0, 0, 0, 0, 0, -1, 0, -1, 0, 0, 0, 0, -1, 0, 0, 0, -1, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, + -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, + 0, 0, 0, 0, -1, 0, 0, 0, 0, -1, 0, 0, -1, 0, 1, 0, -1, 0, -1, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 0, 1, 0, -1, 0, 0, -1, 0, 0, -1, 0, 0, 0, 0, 1, 0, 0, 1, 1, 0, 0, 1, 0, 0, 0, 0, + 0, 1, 0, -1, 1, 0, 0, 0, 0, 0, 1, 1, -1, 0, 0, 0, 0, 0, -1, 0, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, -1, 0, 0, 0, -1, 0, 0, 1, 0, 0, 1, 1, -1, 0, + 0, 0, 0, 1, -1, 0, + ]; + + assert_eq!( + sample_challenge_ring_element::<60>(seed).coefficients, expected_coefficients ); } diff --git a/libcrux-ml-dsa/src/serialize.rs b/libcrux-ml-dsa/src/serialize.rs index 7354b1ba4..5b5f07260 100644 --- a/libcrux-ml-dsa/src/serialize.rs +++ b/libcrux-ml-dsa/src/serialize.rs @@ -126,6 +126,48 @@ pub(crate) fn serialize_error_ring_element( + re: PolynomialRingElement, +) -> [u8; BYTES_FOR_OUTPUT] { + let mut out = [0u8; BYTES_FOR_OUTPUT]; + + match GAMMA2 { + // 95,232 = (FIELD_MODULUS - 1) / 88 + 95_232 => { + // w1 has coefficients in [0,43] => each coefficient occupies + // 6 bits. + for (i, coefficients) in re.coefficients.chunks_exact(4).enumerate() { + let coefficient0 = coefficients[0] as u8; + let coefficient1 = coefficients[1] as u8; + let coefficient2 = coefficients[2] as u8; + let coefficient3 = coefficients[3] as u8; + + out[3 * i + 0] = (coefficient1 << 6) | coefficient0; + out[3 * i + 1] = (coefficient2 << 4) | coefficient1 >> 2; + out[3 * i + 2] = (coefficient3 << 2) | coefficient2 >> 4; + } + + out + } + + // 261,888 = (FIELD_MODULUS - 1) / 32 + 261_888 => { + // w1 has coefficients in [0,15] => each coefficient occupies + // 4 bits. + for (i, coefficients) in re.coefficients.chunks_exact(2).enumerate() { + let coefficient0 = coefficients[0] as u8; + let coefficient1 = coefficients[1] as u8; + + out[i] = (coefficient1 << 4) | coefficient0; + } + + out + } + + _ => unreachable!(), + } +} + #[cfg(test)] mod tests { use super::*; @@ -233,4 +275,70 @@ mod tests { assert_eq!(serialize_ring_element_of_t0s(re), expected_re_serialized); } + + #[test] + fn test_serialize_ring_element_w1() { + // Test serialization when GAMMA2 = 95_232 + let re = PolynomialRingElement { + coefficients: [ + 42, 38, 3, 37, 37, 40, 2, 36, 11, 43, 37, 40, 1, 39, 20, 41, 38, 24, 41, 32, 7, 10, + 21, 21, 25, 11, 21, 22, 33, 43, 8, 11, 20, 23, 24, 30, 22, 42, 11, 37, 31, 39, 9, + 22, 27, 14, 39, 11, 3, 17, 25, 17, 17, 20, 32, 43, 17, 20, 23, 2, 38, 19, 16, 14, + 38, 34, 35, 8, 39, 12, 9, 4, 4, 1, 21, 37, 22, 10, 20, 3, 36, 1, 42, 39, 18, 17, 3, + 1, 38, 1, 5, 20, 0, 21, 39, 20, 10, 42, 10, 26, 6, 22, 12, 1, 20, 1, 43, 37, 33, + 37, 6, 24, 32, 8, 42, 2, 32, 16, 13, 3, 33, 2, 0, 29, 4, 3, 23, 36, 6, 42, 1, 37, + 7, 3, 12, 36, 19, 41, 42, 20, 36, 12, 11, 39, 23, 35, 29, 9, 31, 11, 19, 11, 14, 1, + 32, 5, 6, 31, 4, 30, 8, 24, 22, 39, 8, 10, 26, 11, 25, 10, 36, 17, 43, 25, 20, 2, + 37, 11, 21, 4, 24, 25, 5, 26, 29, 39, 3, 10, 8, 15, 40, 28, 26, 4, 30, 42, 14, 17, + 41, 27, 8, 19, 19, 0, 3, 5, 41, 34, 39, 14, 1, 39, 9, 10, 41, 12, 24, 16, 2, 5, 33, + 27, 27, 32, 4, 3, 9, 5, 37, 40, 38, 43, 32, 27, 34, 27, 15, 24, 4, 2, 42, 15, 9, 3, + 17, 35, 0, 22, 43, 13, 15, 6, 38, 10, 20, 37, + ], + }; + + let serialized = [ + 170, 57, 148, 37, 42, 144, 203, 90, 162, 193, 73, 165, 38, 150, 130, 135, 82, 85, 217, + 82, 89, 225, 138, 44, 212, 133, 121, 150, 186, 148, 223, 153, 88, 155, 115, 46, 67, + 148, 69, 17, 5, 174, 17, 117, 9, 230, 4, 57, 166, 56, 34, 39, 147, 16, 68, 80, 149, + 150, 66, 13, 100, 160, 158, 82, 52, 4, 102, 80, 80, 64, 117, 82, 138, 170, 104, 134, + 197, 4, 84, 176, 150, 97, 105, 96, 32, 162, 10, 32, 212, 12, 161, 0, 116, 196, 112, + 145, 134, 26, 148, 199, 192, 144, 83, 170, 82, 36, 179, 156, 215, 216, 37, 223, 50, 45, + 78, 0, 22, 198, 71, 120, 8, 102, 157, 136, 162, 45, 153, 66, 70, 107, 70, 9, 229, 82, + 17, 88, 86, 104, 221, 57, 40, 200, 131, 114, 26, 225, 169, 78, 148, 110, 200, 52, 1, + 67, 145, 138, 167, 19, 156, 137, 146, 50, 24, 36, 20, 225, 182, 129, 196, 144, 20, 37, + 106, 174, 224, 38, 110, 15, 70, 8, 234, 147, 12, 209, 8, 88, 107, 243, 24, 166, 66, + 149, + ]; + + assert_eq!(serialize_ring_element_w1::<95_232, 192>(re), serialized); + + // Test serialization when GAMMA2 = 261,888 + let re = PolynomialRingElement { + coefficients: [ + 2, 4, 8, 3, 14, 3, 10, 7, 4, 15, 13, 3, 1, 2, 9, 12, 8, 11, 12, 4, 7, 14, 9, 4, 4, + 2, 5, 15, 14, 11, 6, 11, 10, 13, 3, 13, 9, 15, 10, 8, 14, 4, 8, 11, 11, 10, 13, 8, + 4, 9, 3, 8, 8, 3, 4, 5, 14, 9, 13, 12, 0, 4, 4, 2, 9, 11, 7, 11, 9, 14, 1, 7, 13, + 12, 0, 15, 14, 8, 6, 15, 15, 7, 11, 1, 11, 2, 4, 11, 10, 3, 15, 6, 7, 3, 1, 12, 0, + 15, 7, 13, 13, 1, 9, 14, 3, 5, 0, 8, 5, 7, 5, 8, 10, 13, 13, 11, 11, 13, 1, 4, 10, + 14, 15, 14, 12, 6, 13, 1, 7, 7, 15, 4, 2, 5, 6, 2, 7, 14, 2, 2, 4, 11, 7, 1, 5, 8, + 9, 5, 4, 13, 8, 8, 13, 13, 15, 5, 6, 11, 11, 4, 13, 7, 11, 15, 15, 3, 12, 4, 12, + 14, 2, 6, 9, 10, 6, 13, 15, 12, 11, 12, 2, 7, 6, 9, 9, 5, 6, 3, 4, 2, 8, 3, 10, 2, + 8, 1, 13, 10, 12, 8, 14, 0, 5, 12, 5, 3, 7, 15, 12, 13, 3, 4, 10, 1, 13, 3, 9, 6, + 10, 13, 4, 4, 2, 9, 0, 4, 5, 7, 14, 11, 2, 6, 3, 11, 6, 2, 0, 5, 8, 5, 9, 5, 9, 0, + 2, 2, 3, 15, 0, 8, 11, 13, 2, 6, 11, 0, + ], + }; + + let serialized = [ + 66, 56, 62, 122, 244, 61, 33, 201, 184, 76, 231, 73, 36, 245, 190, 182, 218, 211, 249, + 138, 78, 184, 171, 141, 148, 131, 56, 84, 158, 205, 64, 36, 185, 183, 233, 113, 205, + 240, 142, 246, 127, 27, 43, 180, 58, 111, 55, 193, 240, 215, 29, 233, 83, 128, 117, + 133, 218, 189, 219, 65, 234, 239, 108, 29, 119, 79, 82, 38, 231, 34, 180, 23, 133, 89, + 212, 136, 221, 95, 182, 75, 125, 251, 63, 76, 236, 98, 169, 214, 207, 203, 114, 150, + 89, 54, 36, 56, 42, 24, 173, 140, 14, 197, 53, 247, 220, 67, 26, 61, 105, 218, 68, 146, + 64, 117, 190, 98, 179, 38, 80, 88, 89, 9, 34, 243, 128, 219, 98, 11, + ]; + + assert_eq!(serialize_ring_element_w1::<261_888, 128>(re), serialized); + } } diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index 7edb43093..e1129e50c 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -68,3 +68,19 @@ cp $EURYDICE_HOME/include/eurydice_glue.h . clang-format --style=Google -i *.c *.h clang-format --style=Google -i internal/*.h clang-format --style=Google -i intrinsics/*.h + +# Write out infos about the used tools +[ -n "$CHARON_REV" ] || export CHARON_REV=$(git -C $CHARON_HOME rev-parse HEAD) +[ -n "$EURYDICE_REV" ] || export EURYDICE_REV=$(git -C $EURYDICE_HOME rev-parse HEAD) +[ -n "$KRML_REV" ] || export KRML_REV=$(git -C $KRML_HOME rev-parse HEAD) +[ -n "$FSTAR_REV" ] || export FSTAR_REV=$(git -C $FSTAR_HOME rev-parse HEAD) +rm -f code_gen.txt +echo "This code was generated with the following tools:" >> code_gen.txt +echo -n "Charon: " >> code_gen.txt +echo "$CHARON_REV" >> code_gen.txt +echo -n "Eurydice: " >> code_gen.txt +echo "$EURYDICE_REV" >> code_gen.txt +echo -n "Karamel: " >> code_gen.txt +echo "$KRML_REV" >> code_gen.txt +echo -n "F*: " >> code_gen.txt +echo "$FSTAR_REV" >> code_gen.txt diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 205d9ea99..e6b1e9bb3 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -13,10 +13,6 @@ files: api: - [libcrux_intrinsics, avx2] - - name: libcrux_platform - private: - - [libcrux_platform, "*"] - # SHA3 (no mention of libcrux_mlkem in this section, please) # Keep the per-target seperation idea: each SHA3 variant in its own file @@ -63,6 +59,7 @@ files: monomorphizations_using: # Should this also include the monomorphizations using # core.arch.x86.__m256i? + - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - [libcrux_sha3, generic_keccak, "KeccakState__core_core_arch_x86___m256i_$4size_t"] @@ -157,24 +154,16 @@ files: - [ core, "*"] - [ libcrux_ml_kem, types, "*"] - [ libcrux_ml_kem, constant_time_ops, "*"] + - [ libcrux_ml_kem, utils, "*" ] monomorphizations_using: - [ Eurydice, "*" ] - [ libcrux_ml_kem, types, "*"] - monomorphizations_exact: - - [ K, "__uint8_t[1536size_t]_uint8_t[1568size_t]" ] - - [ K, "__uint8_t[1152size_t]_uint8_t[1184size_t]" ] - - [ K, "__uint8_t[768size_t]_uint8_t[800size_t]" ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___33size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___34size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___64size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___800size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1120size_t ] - - [ libcrux_ml_kem, ind_cpa, into_padded_array___1600size_t ] patterns: - [ core, "*"] - [ libcrux_ml_kem, types ] - [ libcrux_ml_kem, constants ] - [ libcrux_ml_kem, constant_time_ops, "*"] + - [ libcrux_ml_kem, utils, "*" ] api: - [Eurydice, "*"] diff --git a/libcrux-ml-kem/c/CMakeLists.txt b/libcrux-ml-kem/c/CMakeLists.txt index c15e11bf7..4209e00db 100644 --- a/libcrux-ml-kem/c/CMakeLists.txt +++ b/libcrux-ml-kem/c/CMakeLists.txt @@ -137,14 +137,11 @@ target_link_libraries(sha3_test PRIVATE ) # --- Benchmarks -FetchContent_Populate(benchmark +FetchContent_Declare(benchmark GIT_REPOSITORY https://github.com/google/benchmark.git - - # The latest release 1.7.1 is broken due to https://github.com/google/benchmark/pull/1517 - # But also: need the fix for https://github.com/google/benchmark/pull/1669 - GIT_TAG bc946b919cac6f25a199a526da571638cfde109f + GIT_TAG v1.8.4 ) -add_subdirectory(${benchmark_SOURCE_DIR} ${benchmark_BINARY_DIR}) +FetchContent_MakeAvailable(benchmark) add_executable(ml_kem_bench ${PROJECT_SOURCE_DIR}/benches/mlkem768.cc diff --git a/libcrux-ml-kem/c/README.md b/libcrux-ml-kem/c/README.md index a60aa4a53..9fc1e6113 100644 --- a/libcrux-ml-kem/c/README.md +++ b/libcrux-ml-kem/c/README.md @@ -19,6 +19,8 @@ cmake -B build -G "Ninja Multi-Config" cmake --build build ``` +To enable neon builds, set `LIBCRUX_NEON=1`. + ### Symcrypt benchmarks First get and build symcrypt and set `SYMCRYPT_PATH` for the build. @@ -37,6 +39,32 @@ cmake --build build --config Release ./build/Release/ml_kem_bench ``` +#### MSVC + +To build with MSVC, manual fixes are required. + +1. Build symcrypt + +```bash +cmake -S . -B bin -DCMAKE_BUILD_TYPE=Release +cmake --build bin --config Release +``` + +2. Patch symcrypt + +```bash +git apply fix-symcrypt-includes.patch +``` + +3. Build benchmarks as described above. +4. Copy the dll into the binary directory. + +```bash +cp ..\..\..\symcrypt\bin\exe\symcrypt.dll .\build\Release\ +``` + +5. Run benchmarks + ### Test ```bash diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt new file mode 100644 index 000000000..0da0e1229 --- /dev/null +++ b/libcrux-ml-kem/c/code_gen.txt @@ -0,0 +1,5 @@ +This code was generated with the following tools: +Charon: 0b8b7a82c2a18f65ab9df16f222d52594c17f59c +Eurydice: ec9da30ba3723647ca6f03810cfcfd418bd48bf8 +Karamel: 22425a93c68d9e3794909f98854aaffdc0560510 +F*: \ No newline at end of file diff --git a/libcrux-ml-kem/c/fix-symcrypt-includes.patch b/libcrux-ml-kem/c/fix-symcrypt-includes.patch new file mode 100644 index 000000000..69c3fad28 --- /dev/null +++ b/libcrux-ml-kem/c/fix-symcrypt-includes.patch @@ -0,0 +1,20 @@ +diff --git a/inc/symcrypt.h b/inc/symcrypt.h +index bd34490..d0600a3 100644 +--- a/inc/symcrypt.h ++++ b/inc/symcrypt.h +@@ -8113,9 +8113,12 @@ typedef const SYMCRYPT_MLKEM_PARAMS * PCSYMCRYPT_MLKEM_PARAMS; + // Currently supported ML-KEM parameters + // NOTE - support for these structs may be removed in future versions of SymCrypt + // as standards change. Only use these parameters for prototyping +-extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem512; +-extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem768; +-extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem1024; ++// extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem512; ++// extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem768; ++// extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem1024; ++__declspec(dllimport) extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem512; ++__declspec(dllimport) extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem768; ++__declspec(dllimport) extern const PCSYMCRYPT_MLKEM_PARAMS SymCryptMlKemParamsDraft203MlKem1024; + + PSYMCRYPT_MLKEMKEY + SYMCRYPT_CALL diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6245ba78c..9e3db79d7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_core_H @@ -44,6 +44,21 @@ void libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( #define LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE ((size_t)32U) +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair1024_s { + uint8_t fst[1536U]; + uint8_t snd[1568U]; +} libcrux_ml_kem_utils_extraction_helper_Keypair1024; + +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair512_s { + uint8_t fst[768U]; + uint8_t snd[800U]; +} libcrux_ml_kem_utils_extraction_helper_Keypair512; + +typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { + uint8_t fst[1152U]; + uint8_t snd[1184U]; +} libcrux_ml_kem_utils_extraction_helper_Keypair768; + libcrux_ml_kem_types_MlKemPublicKey____1568size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1568size_t( uint8_t value[1568U]); @@ -57,11 +72,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____3168size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___3168size_t( uint8_t value[3168U]); -typedef struct K___uint8_t_1536size_t__uint8_t_1568size_t__s { - uint8_t fst[1536U]; - uint8_t snd[1568U]; -} K___uint8_t_1536size_t__uint8_t_1568size_t_; - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1568size_t( uint8_t value[1568U]); @@ -78,8 +88,8 @@ Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1568size_t( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]); libcrux_ml_kem_types_MlKemPublicKey____1184size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___1184size_t( @@ -94,11 +104,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____2400size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___2400size_t( uint8_t value[2400U]); -typedef struct K___uint8_t_1152size_t__uint8_t_1184size_t__s { - uint8_t fst[1152U]; - uint8_t snd[1184U]; -} K___uint8_t_1152size_t__uint8_t_1184size_t_; - libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___1088size_t( uint8_t value[1088U]); @@ -115,8 +120,8 @@ Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___1088size_t( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]); libcrux_ml_kem_types_MlKemPublicKey____800size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPublicKey_SIZE___14__from___800size_t( @@ -131,11 +136,6 @@ libcrux_ml_kem_types_MlKemPrivateKey____1632size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemPrivateKey_SIZE___8__from___1632size_t( uint8_t value[1632U]); -typedef struct K___uint8_t_768size_t__uint8_t_800size_t__s { - uint8_t fst[768U]; - uint8_t snd[800U]; -} K___uint8_t_768size_t__uint8_t_800size_t_; - libcrux_ml_kem_types_MlKemCiphertext____768size_t libcrux_ml_kem_types___core__convert__From__Array_u8__SIZE___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___2__from___768size_t( uint8_t value[768U]); @@ -148,45 +148,21 @@ uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_t( Eurydice_slice lhs, Eurydice_slice rhs); -typedef struct - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_; +void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]); -typedef struct - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_; - -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]); - -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]); - -typedef struct - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_; - -typedef struct - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t__s { - Eurydice_slice fst; - Eurydice_slice snd; -} K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_; +void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]); Eurydice_slice libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__types__MlKemCiphertext_SIZE___1__as_ref___768size_t( libcrux_ml_kem_types_MlKemCiphertext____768size_t *self); -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]); -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]); +void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]); typedef struct core_result_Result__uint8_t_24size_t__core_array_TryFromSliceError_s { diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 58155643c..ffea50616 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index b7caa27e1..e33f8010e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 05fe23ee6..524d2bd7e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 22e02bd6d..e7c8658a4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __internal_libcrux_sha3_internal_H @@ -45,7 +45,7 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -54,7 +54,7 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks__uint64_t_1size_t_168size libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -129,7 +129,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -138,7 +138,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( s, o0); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -147,7 +147,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( s, o1); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -156,7 +156,7 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks__uint64_t_1size_t_168size_ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( s, o2); K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 3f65bcf58..030415b38 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_core.h" @@ -102,8 +102,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t(Eurydice_slice slice, - uint8_t ret[1600U]) { +void libcrux_ml_kem_utils_into_padded_array___1600size_t(Eurydice_slice slice, + uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -183,8 +183,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t(Eurydice_slice slice, - uint8_t ret[1120U]) { +void libcrux_ml_kem_utils_into_padded_array___1120size_t(Eurydice_slice slice, + uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -257,8 +257,8 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time___768size_ return is_non_zero(r); } -void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, - uint8_t ret[33U]) { +void libcrux_ml_kem_utils_into_padded_array___33size_t(Eurydice_slice slice, + uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -272,8 +272,8 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(Eurydice_slice slice, - uint8_t ret[34U]) { +void libcrux_ml_kem_utils_into_padded_array___34size_t(Eurydice_slice slice, + uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -294,8 +294,8 @@ libcrux_ml_kem_types___core__convert__AsRef__Slice_u8___for_libcrux_ml_kem__type Eurydice_slice); } -void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, - uint8_t ret[800U]) { +void libcrux_ml_kem_utils_into_padded_array___800size_t(Eurydice_slice slice, + uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( @@ -309,8 +309,8 @@ void libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(Eurydice_slice slice, memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } -void libcrux_ml_kem_ind_cpa_into_padded_array___64size_t(Eurydice_slice slice, - uint8_t ret[64U]) { +void libcrux_ml_kem_utils_into_padded_array___64size_t(Eurydice_slice slice, + uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 62ceebc2c..e139b26ab 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 9fcadba75..fd54f0af6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index bef973b2c..dd3a50e17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 7c71dabe4..e147197b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f96a815a6..5bc2ce976 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 83fc5be46..1178c18f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 80d9dd3f8..923a244ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index db169fa82..848b46be2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index ec92a98ea..4fc0e2978 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 4d79fb75e..58a1c1e90 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index fea44f677..40bd5b724 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 1ee6f610a..6ae2774e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4a14c563e..b4ded9ed6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 0d5024551..9d0c5e1f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 00b723c9f..1981d0c6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 17f457d06..190d95aa7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ac52e4bbb..8445a7bbe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1810,42 +1810,30 @@ static inline void shake128_squeeze_three_blocks___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)504U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -1894,42 +1882,30 @@ static inline void shake128_squeeze_block___3size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____2 = self; - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____2, uu____3, uu____4, uu____5, - Eurydice_array_to_slice((size_t)168U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -2116,48 +2092,36 @@ typedef struct static inline void PRFxN___3size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)3U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out12 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out12, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out2 = uu____1.snd; - Eurydice_slice uu____2 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, - Eurydice_array_to_slice((size_t)128U, dummy_out0, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -2612,7 +2576,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -2627,12 +2591,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t @@ -2687,7 +2651,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -2774,7 +2738,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -3578,11 +3542,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t__uint8_t @@ -3662,7 +3626,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4340,7 +4304,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4360,8 +4324,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -4573,50 +4537,33 @@ static inline void shake128_squeeze_three_blocks___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[504U], - uint8_t(*)[504U], uint8_t[504U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____6[504U]; + memcpy(uu____6, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____7[504U]; + memcpy(uu____7, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -4665,50 +4612,33 @@ static inline void shake128_squeeze_block___4size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____3 = self; - Eurydice_slice uu____4 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____3, uu____4, uu____5, uu____6, - Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[168U], - uint8_t(*)[168U], uint8_t[168U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____6[168U]; + memcpy(uu____6, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____6, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____7[168U]; + memcpy(uu____7, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____7, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -4875,56 +4805,39 @@ typedef struct static inline void PRFxN___4size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)4U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out123 = uu____0.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____1 = core_slice___Slice_T___split_at_mut( - out123, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out1 = uu____1.fst; - Eurydice_slice out23 = uu____1.snd; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____2 = core_slice___Slice_T___split_at_mut( - out23, (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out2 = uu____2.fst; - Eurydice_slice out3 = uu____2.snd; - Eurydice_slice uu____3 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = + Eurydice_slice uu____2 = Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = + Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____8 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____9 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out2, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); + Eurydice_slice uu____4 = + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____3, uu____4, uu____5, uu____6, uu____7, uu____8, uu____9, - Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out3, (size_t)0U, uint8_t[128U], - uint8_t(*)[128U], uint8_t[128U]), - uint8_t, Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____9[128U]; + memcpy(uu____9, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____9, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____10[128U]; + memcpy(uu____10, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____10, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -5057,7 +4970,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5072,12 +4985,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t @@ -5132,7 +5045,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -5219,7 +5132,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5543,11 +5456,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t__uint8_t @@ -5627,7 +5540,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5891,7 +5804,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5911,8 +5824,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -6124,34 +6037,27 @@ static inline void shake128_squeeze_three_blocks___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; - uint8_t dummy_out0[504U] = {0U}; - uint8_t dummy_out1[504U] = {0U}; - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[504U], - Eurydice_slice), - (size_t)1U, uint8_t[504U], - K___Eurydice_slice_uint8_t_504size_t__Eurydice_slice_uint8_t_504size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)504U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[504U], uint8_t(*)[504U], - uint8_t[504U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)504U, dummy_out0, - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)504U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[504U]; + memcpy(uu____4, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____5[504U]; + memcpy(uu____5, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)504U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -6200,34 +6106,27 @@ static inline void shake128_squeeze_block___2size_t( libcrux_sha3_avx2_x4_incremental_KeccakState4 *self, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - uint8_t dummy_out0[168U] = {0U}; - uint8_t dummy_out1[168U] = {0U}; - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[168U], - Eurydice_slice), - (size_t)1U, uint8_t[168U], - K___Eurydice_slice_uint8_t_168size_t__Eurydice_slice_uint8_t_168size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; libcrux_sha3_generic_keccak_KeccakState__core_core_arch_x86___m256i__4size_t - *uu____1 = self; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____3 = Eurydice_array_to_slice( - (size_t)168U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[168U], uint8_t(*)[168U], - uint8_t[168U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____4 = Eurydice_array_to_slice((size_t)168U, dummy_out0, - uint8_t, Eurydice_slice); + *uu____0 = self; + Eurydice_slice uu____1 = + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____3 = + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - uu____1, uu____2, uu____3, uu____4, - Eurydice_array_to_slice((size_t)168U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____4[168U]; + memcpy(uu____4, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____4, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____5[168U]; + memcpy(uu____5, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____5, (size_t)168U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6394,40 +6293,33 @@ typedef struct static inline void PRFxN___2size_t_192size_t(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - uint8_t dummy_out0[192U] = {0U}; - uint8_t dummy_out1[192U] = {0U}; - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[192U], - Eurydice_slice), - (size_t)1U, uint8_t[192U], - K___Eurydice_slice_uint8_t_192size_t__Eurydice_slice_uint8_t_192size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)192U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[192U], uint8_t(*)[192U], - uint8_t[192U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)192U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)192U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[192U]; + memcpy(uu____7, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____8[192U]; + memcpy(uu____8, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)192U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6571,7 +6463,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector)); } -static K___uint8_t_768size_t__uint8_t_800size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6586,12 +6478,12 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t @@ -6646,7 +6538,7 @@ generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_f memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6733,7 +6625,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vecto (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -6800,40 +6692,33 @@ deserialize_ring_elements_reduced__libcrux_ml_kem_vector_avx2_SIMD256Vector_768s static inline void PRFxN___2size_t_128size_t(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - uint8_t dummy_out0[128U] = {0U}; - uint8_t dummy_out1[128U] = {0U}; - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_ - uu____0 = core_slice___Slice_T___split_at_mut( - Eurydice_array_to_slice((size_t)2U, out, uint8_t[128U], - Eurydice_slice), - (size_t)1U, uint8_t[128U], - K___Eurydice_slice_uint8_t_128size_t__Eurydice_slice_uint8_t_128size_t_); - Eurydice_slice out0 = uu____0.fst; - Eurydice_slice out1 = uu____0.snd; - Eurydice_slice uu____1 = + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____2 = + Eurydice_slice uu____1 = Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice); + Eurydice_slice uu____2 = + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____3 = Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); Eurydice_slice uu____4 = - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice); - Eurydice_slice uu____5 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out0, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____6 = Eurydice_array_to_slice( - (size_t)128U, - Eurydice_slice_index(out1, (size_t)0U, uint8_t[128U], uint8_t(*)[128U], - uint8_t[128U]), - uint8_t, Eurydice_slice); - Eurydice_slice uu____7 = Eurydice_array_to_slice((size_t)128U, dummy_out0, - uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice); + Eurydice_slice uu____5 = + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice); + Eurydice_slice uu____6 = + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice); libcrux_sha3_avx2_x4_shake256( - uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, uu____7, - Eurydice_array_to_slice((size_t)128U, dummy_out1, uint8_t, - Eurydice_slice)); + uu____0, uu____1, uu____2, uu____3, uu____4, uu____5, uu____6, + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____7[128U]; + memcpy(uu____7, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____7, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____8[128U]; + memcpy(uu____8, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____8, (size_t)128U * sizeof(uint8_t)); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -7050,11 +6935,11 @@ encrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_ libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector A_transpose[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_avx2_SIMD256Vector_libcrux_ml_kem_hash_functions_avx2_Simd256Hash_2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t__uint8_t @@ -7134,7 +7019,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vector_lib libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7357,7 +7242,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto decrypt__libcrux_ml_kem_vector_avx2_SIMD256Vector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7377,8 +7262,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_avx2_SIMD256Vecto Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 01d55d083..1a43363a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index def6d0fb7..95917c799 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_mlkem_portable.h" @@ -3206,7 +3206,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_4size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_1536size_t__uint8_t_1568size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -3221,12 +3221,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t @@ -3281,7 +3281,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____7[1568U]; memcpy(uu____7, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - K___uint8_t_1536size_t__uint8_t_1568size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; memcpy(lit.fst, uu____6, (size_t)1536U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1568U * sizeof(uint8_t)); return lit; @@ -3368,7 +3368,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1536size_t__uint8_t_1568size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t_1536size_t_1568size_t_1536size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -4001,11 +4001,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___4size_t___4size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_4size_t__uint8_t @@ -4085,7 +4085,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____1568size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4607,7 +4607,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_4size_t_1568size_t_1408size_t_11size_t_5size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4627,8 +4627,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1600size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1600size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -5218,7 +5218,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_3size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_1152size_t__uint8_t_1184size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -5233,12 +5233,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t @@ -5293,7 +5293,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____7[1184U]; memcpy(uu____7, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - K___uint8_t_1152size_t__uint8_t_1184size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; memcpy(lit.fst, uu____6, (size_t)1152U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)1184U * sizeof(uint8_t)); return lit; @@ -5380,7 +5380,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_1152size_t__uint8_t_1184size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t_1152size_t_1184size_t_1152size_t_2size_t_128size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5710,11 +5710,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___3size_t___3size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_3size_t__uint8_t @@ -5794,7 +5794,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____1184size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6058,7 +6058,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_3size_t_1088size_t_960size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6078,8 +6078,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_ind_cpa_into_padded_array___1120size_t( - implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array___1120size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); @@ -6680,7 +6680,7 @@ compute_As_plus_e__libcrux_ml_kem_vector_portable_PortableVector_2size_t( libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector)); } -static K___uint8_t_768size_t__uint8_t_800size_t_ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; @@ -6695,12 +6695,12 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed_for_A, ret); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed_for_A, ret); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(seed_for_secret_and_error, - prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(seed_for_secret_and_error, + prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t @@ -6755,7 +6755,7 @@ generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_h memcpy(uu____6, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____7[800U]; memcpy(uu____7, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - K___uint8_t_768size_t__uint8_t_800size_t_ lit; + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; memcpy(lit.fst, uu____6, (size_t)768U * sizeof(uint8_t)); memcpy(lit.snd, uu____7, (size_t)800U * sizeof(uint8_t)); return lit; @@ -6842,7 +6842,7 @@ libcrux_ml_kem_ind_cca_generate_keypair__libcrux_ml_kem_vector_portable_Portable (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - K___uint8_t_768size_t__uint8_t_800size_t_ uu____0 = + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t_768size_t_800size_t_768size_t_3size_t_192size_t( ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7136,11 +7136,11 @@ encrypt__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_funct libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector A_transpose[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_ind_cpa_into_padded_array___34size_t(seed, ret0); + libcrux_ml_kem_utils_into_padded_array___34size_t(seed, ret0); sample_matrix_A__libcrux_ml_kem_vector_portable_PortableVector_libcrux_ml_kem_hash_functions_portable_PortableHash___2size_t___2size_t( ret0, false, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_ind_cpa_into_padded_array___33size_t(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array___33size_t(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); __libcrux_ml_kem_polynomial_PolynomialRingElement__libcrux_ml_kem_vector_portable_PortableVector_2size_t__uint8_t @@ -7220,7 +7220,7 @@ libcrux_ml_kem_ind_cca_encapsulate__libcrux_ml_kem_vector_portable_PortableVecto libcrux_ml_kem_types_MlKemPublicKey____800size_t *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7444,7 +7444,7 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable decrypt__libcrux_ml_kem_vector_portable_PortableVector_2size_t_768size_t_640size_t_10size_t_4size_t( ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_ind_cpa_into_padded_array___64size_t( + libcrux_ml_kem_utils_into_padded_array___64size_t( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7464,8 +7464,8 @@ void libcrux_ml_kem_ind_cca_decapsulate__libcrux_ml_kem_vector_portable_Portable Eurydice_slice shared_secret = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_ind_cpa_into_padded_array___800size_t(implicit_rejection_value, - to_hash); + libcrux_ml_kem_utils_into_padded_array___800size_t(implicit_rejection_value, + to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f9c6b1bc5..2afec0115 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 189a64804..90e660fac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e8210950d..2d0336282 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index bc53c956a..0e5d15b71 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 6511292a8..a2e760d8e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_internal_H @@ -42,7 +42,7 @@ static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 9223372039002292232ULL}; static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero( void) { return 0ULL; } @@ -56,7 +56,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__veor5q_u64( } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( uint64_t a, uint64_t b, uint64_t c, uint64_t d, uint64_t e) { return libcrux_sha3_portable_keccak__veor5q_u64(a, b, c, d, e); } @@ -74,7 +74,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vrax1q_u64(a, b); } @@ -86,7 +86,7 @@ static inline uint64_t libcrux_sha3_portable_keccak__vbcaxq_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___and_not_xor( uint64_t a, uint64_t b, uint64_t c) { return libcrux_sha3_portable_keccak__vbcaxq_u64(a, b, c); } @@ -97,13 +97,13 @@ static inline uint64_t libcrux_sha3_portable_keccak__veorq_n_u64(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_constant( uint64_t a, uint64_t c) { return libcrux_sha3_portable_keccak__veorq_n_u64(a, c); } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor( uint64_t a, uint64_t b) { return a ^ b; } @@ -118,7 +118,7 @@ static inline void libcrux_sha3_portable_keccak_slice_1( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); @@ -143,7 +143,7 @@ libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], } static inline K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( Eurydice_slice a[1U], size_t mid) { return libcrux_sha3_portable_keccak_split_at_mut_1(a, mid); } @@ -157,55 +157,55 @@ libcrux_sha3_generic_keccak__libcrux_sha3__generic_keccak__KeccakState_T__N__Tra void) { libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t lit; lit.st[0U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[0U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[1U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[2U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[3U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][0U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][1U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][2U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][3U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); lit.st[4U][4U] = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___zero(); + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___zero(); return lit; } @@ -241,7 +241,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -262,7 +262,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___36int32_t_28int32_t(a, b); } @@ -280,7 +280,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___3int32_t_61int32_t(a, b); } @@ -298,7 +298,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___41int32_t_23int32_t(a, b); } @@ -316,7 +316,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___18int32_t_46int32_t(a, b); } @@ -329,7 +329,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___1int32_t_63int32_t(a, b); } @@ -347,7 +347,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___44int32_t_20int32_t(a, b); } @@ -365,7 +365,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___10int32_t_54int32_t(a, b); } @@ -383,7 +383,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___45int32_t_19int32_t(a, b); } @@ -401,7 +401,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___2int32_t_62int32_t(a, b); } @@ -419,7 +419,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___62int32_t_2int32_t(a, b); } @@ -437,7 +437,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___6int32_t_58int32_t(a, b); } @@ -455,7 +455,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___43int32_t_21int32_t(a, b); } @@ -473,7 +473,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___15int32_t_49int32_t(a, b); } @@ -491,7 +491,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___61int32_t_3int32_t(a, b); } @@ -509,7 +509,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___28int32_t_36int32_t(a, b); } @@ -527,7 +527,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___55int32_t_9int32_t(a, b); } @@ -545,7 +545,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___25int32_t_39int32_t(a, b); } @@ -563,7 +563,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___21int32_t_43int32_t(a, b); } @@ -581,7 +581,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___56int32_t_8int32_t(a, b); } @@ -599,7 +599,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___27int32_t_37int32_t(a, b); } @@ -617,7 +617,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___20int32_t_44int32_t(a, b); } @@ -635,7 +635,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___39int32_t_25int32_t(a, b); } @@ -653,7 +653,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___8int32_t_56int32_t(a, b); } @@ -671,7 +671,7 @@ libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(uint64_t a, } static inline uint64_t -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64___14int32_t_50int32_t(a, b); } @@ -679,145 +679,145 @@ libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u6 static inline void libcrux_sha3_generic_keccak_theta_rho__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s) { uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]); uint64_t uu____1 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], s->st[4U][1U]); uint64_t uu____2 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], s->st[4U][2U]); uint64_t uu____3 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], s->st[4U][3U]); uint64_t c[5U] = { uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor5( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor5( s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], s->st[4U][4U])}; uint64_t uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); uint64_t uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); uint64_t uu____6 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); uint64_t uu____7 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); uint64_t t[5U] = { uu____4, uu____5, uu____6, uu____7, - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___rotate_left1_and_xor( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; uint64_t uu____8 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor( s->st[0U][0U], t[0U]); s->st[0U][0U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___36int32_t_28int32_t( s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___3int32_t_61int32_t( s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___41int32_t_23int32_t( s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___18int32_t_46int32_t( s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___1int32_t_63int32_t( s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___44int32_t_20int32_t( s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___10int32_t_54int32_t( s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___45int32_t_19int32_t( s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___2int32_t_62int32_t( s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___62int32_t_2int32_t( s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___6int32_t_58int32_t( s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___43int32_t_21int32_t( s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___15int32_t_49int32_t( s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___61int32_t_3int32_t( s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___28int32_t_36int32_t( s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___55int32_t_9int32_t( s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___25int32_t_39int32_t( s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___21int32_t_43int32_t( s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___56int32_t_8int32_t( s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____27; uint64_t uu____28 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___27int32_t_37int32_t( s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____28; uint64_t uu____29 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___20int32_t_44int32_t( s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____29; uint64_t uu____30 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___39int32_t_25int32_t( s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____30; uint64_t uu____31 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___8int32_t_56int32_t( s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____31; uint64_t uu____32 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_and_rotate___14int32_t_50int32_t( s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____32; } @@ -861,7 +861,7 @@ static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5( i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___and_not_xor( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___and_not_xor( s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], old[i1][(j + (size_t)1U) % (size_t)5U]); s->st[i1][j] = uu____0;);); @@ -870,7 +870,7 @@ static inline void libcrux_sha3_generic_keccak_chi__uint64_t_1size_t( static inline void libcrux_sha3_generic_keccak_iota__uint64_t_1size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, size_t i) { uint64_t uu____0 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___xor_constant( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___xor_constant( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); s->st[0U][0U] = uu____0; } @@ -907,7 +907,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___168size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -931,7 +931,7 @@ static inline void libcrux_sha3_portable_keccak_store_block___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___168size_t(a, b); } @@ -941,7 +941,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( s->st, out); } @@ -949,12 +949,12 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___168size_t( s->st, out); } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -969,7 +969,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___168size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -987,7 +987,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___168size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___168size_t(a, ret0); @@ -999,7 +999,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_168size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( s->st, b); { size_t i = (size_t)0U; @@ -1023,7 +1023,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_168size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___168size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___168size_t( s.st, b); { size_t i = (size_t)0U; @@ -1054,7 +1054,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_168size_t( uu____0, ret); @@ -1065,7 +1065,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_168size_t_31uint8_t( @@ -1078,7 +1078,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1098,7 +1098,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_168size_t_31uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)168U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1148,7 +1148,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___104size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1163,7 +1163,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___104size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1177,7 +1177,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___104size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1206,7 +1206,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___104size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1242,7 +1242,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___104size_t(a, ret0); @@ -1254,7 +1254,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( s->st, b); { size_t i = (size_t)0U; @@ -1273,7 +1273,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_104size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___104size_t(a, b); } @@ -1282,7 +1282,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( s->st, out); } @@ -1291,7 +1291,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_104size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___104size_t( s->st, out); } @@ -1301,7 +1301,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_104size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___104size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___104size_t( s.st, b); { size_t i = (size_t)0U; @@ -1332,7 +1332,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_104size_t( uu____0, ret); @@ -1343,7 +1343,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_104size_t_6uint8_t( @@ -1356,7 +1356,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)104U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1376,7 +1376,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_104size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)104U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1426,7 +1426,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___144size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1441,7 +1441,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___144size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1455,7 +1455,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___144size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1484,7 +1484,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___144size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1520,7 +1520,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___144size_t(a, ret0); @@ -1532,7 +1532,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( s->st, b); { size_t i = (size_t)0U; @@ -1551,7 +1551,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_144size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___144size_t(a, b); } @@ -1560,7 +1560,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( s->st, out); } @@ -1569,7 +1569,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_144size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___144size_t( s->st, out); } @@ -1579,7 +1579,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_144size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___144size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___144size_t( s.st, b); { size_t i = (size_t)0U; @@ -1610,7 +1610,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_144size_t( uu____0, ret); @@ -1621,7 +1621,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_144size_t_6uint8_t( @@ -1634,7 +1634,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1654,7 +1654,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_144size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1704,7 +1704,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -1719,7 +1719,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___136size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1733,7 +1733,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -1762,7 +1762,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1798,7 +1798,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___136size_t(a, ret0); @@ -1810,7 +1810,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( s->st, b); { size_t i = (size_t)0U; @@ -1829,7 +1829,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_136size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___136size_t(a, b); } @@ -1838,7 +1838,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( s->st, out); } @@ -1847,7 +1847,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_136size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___136size_t( s->st, out); } @@ -1857,7 +1857,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_136size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___136size_t( s.st, b); { size_t i = (size_t)0U; @@ -1888,7 +1888,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uu____0, ret); @@ -1899,7 +1899,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_31uint8_t( @@ -1912,7 +1912,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)136U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1932,7 +1932,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_31uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)136U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -1979,7 +1979,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___136size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___136size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -1997,7 +1997,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_136size_t( uu____0, ret); @@ -2008,7 +2008,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_136size_t_6uint8_t( @@ -2021,7 +2021,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)136U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2041,7 +2041,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_136size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)136U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2091,7 +2091,7 @@ static inline void libcrux_sha3_portable_keccak_load_block___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___72size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; @@ -2106,7 +2106,7 @@ libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t( uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block___72size_t( uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -2120,7 +2120,7 @@ static inline void libcrux_sha3_portable_keccak_load_block_full___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___72size_t( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; @@ -2149,7 +2149,7 @@ libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( uint64_t(*uu____1)[5U] = s->st; uint8_t uu____2[1U][200U]; memcpy(uu____2, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___load_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___load_block_full___72size_t( uu____1, uu____2); libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); } @@ -2185,7 +2185,7 @@ static inline void libcrux_sha3_portable_keccak_store_block_full___72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { uint8_t ret0[1U][200U]; libcrux_sha3_portable_keccak_store_block_full___72size_t(a, ret0); @@ -2197,7 +2197,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( s->st, b); { size_t i = (size_t)0U; @@ -2216,7 +2216,7 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last__uint64_t_1size_t_72size_t( } static inline void -libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( +libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block___72size_t(a, b); } @@ -2225,7 +2225,7 @@ static inline void libcrux_sha3_generic_keccak_squeeze_first_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( s->st, out); } @@ -2234,7 +2234,7 @@ libcrux_sha3_generic_keccak_squeeze_next_block__uint64_t_1size_t_72size_t( libcrux_sha3_generic_keccak_KeccakState__uint64_t__1size_t *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(s); - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block___72size_t( s->st, out); } @@ -2244,7 +2244,7 @@ libcrux_sha3_generic_keccak_squeeze_last__uint64_t_1size_t_72size_t( Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600__uint64_t_1size_t(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___store_block_full___72size_t( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___store_block_full___72size_t( s.st, b); { size_t i = (size_t)0U; @@ -2275,7 +2275,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____1, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block__uint64_t_1size_t_72size_t(uu____0, ret); @@ -2286,7 +2286,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___slice_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___slice_n( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final__uint64_t_1size_t_72size_t_6uint8_t( @@ -2299,7 +2299,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( &s, out); } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____4 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( out, (size_t)72U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); @@ -2319,7 +2319,7 @@ libcrux_sha3_generic_keccak_keccak__uint64_t_1size_t_72size_t_6uint8_t( break; } else { K___Eurydice_slice_uint8_t_1size_t__Eurydice_slice_uint8_t_1size_t_ uu____5 = - libcrux_sha3_portable_keccak___libcrux_sha3__traits__KeccakItem_1__usize__for_u64___split_at_mut_n( + libcrux_sha3_portable_keccak___libcrux_sha3__traits__internal__KeccakItem_1__usize__for_u64___split_at_mut_n( o1, (size_t)72U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); diff --git a/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h new file mode 100644 index 000000000..ef0b3e58e --- /dev/null +++ b/libcrux-ml-kem/c/libcrux_sha3_libcrux_ml_kem.h @@ -0,0 +1,26 @@ +/* + This file was generated by KaRaMeL + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 + */ + +#ifndef __libcrux_sha3_libcrux_ml_kem_H +#define __libcrux_sha3_libcrux_ml_kem_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +extern bool libcrux_platform_platform_simd256_support(void); + +extern bool libcrux_platform_platform_simd128_support(void); + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_sha3_libcrux_ml_kem_H_DEFINED +#endif diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 9e9a598e9..d8c40c084 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a3cf4a83..5e1a4a79d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -1,8 +1,8 @@ /* This file was generated by KaRaMeL - KaRaMeL invocation: /Users/jonathan/Code/eurydice/eurydice --config ../c.yaml - ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: 58c915a8 KaRaMeL - version: 6bb7cd3e + KaRaMeL invocation: /home/franziskus/eurydice//eurydice --config ../c.yaml + ../../libcrux_ml_kem.llbc ../../libcrux_sha3.llbc F* version: + KaRaMeL version: 22425a93 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/c/mach b/libcrux-ml-kem/c/mach new file mode 100755 index 000000000..7fa343011 --- /dev/null +++ b/libcrux-ml-kem/c/mach @@ -0,0 +1,75 @@ +#! /usr/bin/env python3 + +import os +import argparse +import platform +import subprocess +import sys + + +def shell(command, expect=0, cwd=None, env={}): + subprocess_stdout = subprocess.DEVNULL + + print("Env:", env) + print("Command: ", end="") + for i, word in enumerate(command): + if i == 4: + print("'{}' ".format(word), end="") + else: + print("{} ".format(word), end="") + + print("\nDirectory: {}".format(cwd)) + + os_env = os.environ + os_env.update(env) + + ret = subprocess.run(command, cwd=cwd, env=os_env) + if ret.returncode != expect: + raise Exception("Error {}. Expected {}.".format(ret, expect)) + + +class buildAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: + if platform.system() == "Windows": + # On Windows we use MSVC etc. by default. + # There's no multi config here. The type needs to be set when configuring. + cmake_args = [] + if args.release: + cmake_args.append("-DCMAKE_BUILD_TYPE=Release") + shell(["cmake", "-B", "build"] + cmake_args) + else: + # By default we use ninja with a multi config and set the build type + # during the build. + cmake_build_args = [] + if args.release: + cmake_build_args.append("--config Release") + shell(["cmake", "-B", "build", "-GNinja Multi-Config"]) + shell(["cmake", "--build", "build"] + cmake_build_args) + return None + + +def parse_arguments(): + parser = argparse.ArgumentParser(description="Libcrux C build helper.") + subparsers = parser.add_subparsers() + + build_parser = subparsers.add_parser("build", help="Build the C code.") + build_parser.add_argument("build", nargs="*", action=buildAction) + build_parser.add_argument( + "--release", action="store_true", help="Build in relase mode" + ) + + if len(sys.argv) == 1: + parser.print_help(sys.stderr) + sys.exit(1) + + return parser.parse_args() + + +def main(): + # Don't print unnecessary Python stack traces. + sys.tracebacklimit = 0 + parse_arguments() + + +if __name__ == "__main__": + main() diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 4f919a746..037f0ae47 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -28,57 +28,81 @@ def shell(command, expect=0, cwd=None, env={}): class extractAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: - # Extract platform and sha3 interfaces - # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" - # interface_include = "+!**" - # cargo_hax_into = [ - # "cargo", - # "hax", - # "into", - # "-i", - # include_str, - # "fstar", - # "--interfaces", - # interface_include, - # ] - # hax_env = {} - # shell( - # cargo_hax_into, - # cwd="../libcrux-sha3", - # env=hax_env, - # ) - - # Extract avx2 - # include_str = "+:libcrux_sha3::** -libcrux_sha3::x4::internal::**" - # interface_include = "+!**" + # Extract sha3 interfaces + includes = [ + "+:**", + "-libcrux_sha3::generic_keccak::**", + "+libcrux_sha3::generic_keccak::KeccakState", + "-libcrux_sha3::simd::**", + "-libcrux_sha3::portable_keccak::**", + "-libcrux_sha3::neon::keccakx2", + "-libcrux_sha3::portable::keccakx1", + "-libcrux_sha3::traits::internal::**", + ] + include_str = " ".join(includes) + interface_include = "+**" cargo_hax_into = [ "cargo", "hax", "into", + "-i", + include_str, "fstar", + "--interfaces", + interface_include, ] hax_env = {} shell( cargo_hax_into, - cwd="../polynomials-avx2", + cwd="../libcrux-sha3", env=hax_env, ) - # Extract ml-kem - includes = [ - "-libcrux_platform::macos_arm::*", - "+!libcrux_platform::platform::*", - "-libcrux_ml_kem::types::index_impls::**", + # Extract platform interfaces + include_str = "+:**" + interface_include = "+**" + cargo_hax_into = [ + "cargo", + "hax", + "into", + "-i", + include_str, + "fstar", + "--interfaces", + interface_include, ] - include_str = " ".join(includes) - interfaces = [ - "+*", - "-libcrux::kem::kyber::types", - "+!libcrux_platform::**", - "+!libcrux::digest::**", + hax_env = {} + shell( + cargo_hax_into, + cwd="../sys/platform", + env=hax_env, + ) + + # Extract intrinsics interfaces + include_str = "+:**" + interface_include = "+**" + cargo_hax_into = [ + "cargo", + "hax", + "into", + "-i", + include_str, + "fstar", + "--interfaces", + interface_include, ] - interface_include = " ".join(interfaces) + hax_env = {} + shell( + cargo_hax_into, + cwd="../libcrux-intrinsics", + env=hax_env, + ) + + # Extract ml-kem + include_str = "+** -libcrux_ml_kem::types::index_impls::**" + interface_include = "+**" cargo_hax_into = [ "cargo", "hax", @@ -99,6 +123,7 @@ def __call__(self, parser, args, values, option_string=None) -> None: class proveAction(argparse.Action): + def __call__(self, parser, args, values, option_string=None) -> None: admit_env = {} if args.admit: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index e1d961468..410036b86 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -14,10 +14,9 @@ let is_non_zero (value: u8) = let compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_CIPHERTEXT_SIZE } <: Core.Ops.Range.t_Range usize) <: @@ -34,7 +33,9 @@ let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index fa256358d..560d2964d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -3,35 +3,35 @@ module Libcrux_ml_kem.Constant_time_ops open Core open FStar.Mul -/// Return 1 if `value` is not zero and 0 otherwise. -val is_non_zero (value: u8) +/// Return 1 if the bytes of `lhs` and `rhs` do not exactly +/// match and 0 otherwise. +val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) : Prims.Pure u8 Prims.l_True (ensures fun result -> let result:u8 = result in - Hax_lib.implies (value =. 0uy <: bool) + Hax_lib.implies (lhs =. rhs <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 0uy <: bool) && - Hax_lib.implies (value <>. 0uy <: bool) + Hax_lib.implies (lhs <>. rhs <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 1uy <: bool)) -/// Return 1 if the bytes of `lhs` and `rhs` do not exactly -/// match and 0 otherwise. -val compare_ciphertexts_in_constant_time (v_CIPHERTEXT_SIZE: usize) (lhs rhs: t_Slice u8) +/// Return 1 if `value` is not zero and 0 otherwise. +val is_non_zero (value: u8) : Prims.Pure u8 Prims.l_True (ensures fun result -> let result:u8 = result in - Hax_lib.implies (lhs =. rhs <: bool) + Hax_lib.implies (value =. 0uy <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 0uy <: bool) && - Hax_lib.implies (lhs <>. rhs <: bool) + Hax_lib.implies (value <>. 0uy <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in result =. 1uy <: bool)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 775204a6c..210ffc329 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -4,27 +4,24 @@ open Core open FStar.Mul /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent -let v_BITS_PER_COEFFICIENT: usize = sz 12 - -/// Coefficients per ring element -let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 +let v_BITS_PER_COEFFICIENT: usize = Rust_primitives.Hax.dropped_body /// Bits required per (uncompressed) ring element -let v_BITS_PER_RING_ELEMENT: usize = v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 +let v_BITS_PER_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body /// Bytes required per (uncompressed) ring element -let v_BYTES_PER_RING_ELEMENT: usize = v_BITS_PER_RING_ELEMENT /! sz 8 +let v_BYTES_PER_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +/// Coefficients per ring element +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body + +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// SHA3 512 digest size -let v_G_DIGEST_SIZE: usize = sz 64 +let v_G_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body /// SHA3 256 digest size -let v_H_DIGEST_SIZE: usize = sz 32 +let v_H_DIGEST_SIZE: usize = Rust_primitives.Hax.dropped_body /// The size of an ML-KEM shared secret. -let v_SHARED_SECRET_SIZE: usize = sz 32 - -/// Field modulus: 3329 -let v__FIELD_MODULUS: i16 = 3329s +let v_SHARED_SECRET_SIZE: usize = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index a1c8ed093..2a80b014d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -6,9 +6,7 @@ open FStar.Mul /// The state. /// It's only used for SHAKE128. /// All other functions don't actually use any members. -type t_Simd256Hash = { - f_shake128_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i -} +type t_Simd256Hash = { f_shake128_state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 } [@@ FStar.Tactics.Typeclasses.tcinstance] let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = @@ -35,7 +33,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 digest input in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -43,7 +41,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out: t_Array (t_Array u8 v_LEN) v_K) + (out4: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -62,7 +60,127 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - Libcrux_sha3.Avx2.X4.shake256xN v_LEN v_K input); + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K + in + let out0:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out1:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out2:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out3:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out, out0, out1, out2, out3:(t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 3uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 4uy -> + let tmp0, tmp1, tmp2, tmp3:(t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) = + Libcrux_sha3.Avx2.X4.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + out2 + out3 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let out2:t_Array u8 v_LEN = tmp2 in + let out3:t_Array u8 v_LEN = tmp3 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | _ -> + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + in + out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post = @@ -83,14 +201,45 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i = - Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_finalxN v_K input + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_init () + in + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | 3uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | 4uy -> + let state:Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 = + Libcrux_sha3.Avx2.X4.Incremental.shake128_absorb_final state + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + in + state + | _ -> state in { f_shake128_state = state } <: t_Simd256Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_three_blocks_post = - (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + (fun (self: t_Simd256Hash) (out4: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); f_shake128_squeeze_three_blocks = (fun (self: t_Simd256Hash) -> @@ -107,18 +256,75 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) - Core.Core_arch.X86.t____m256i & - t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504) + ) + v_K + in + let out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out2:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out3:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_first_three_blocks self.f_shake128_state + out0 + out1 + out2 + out3 in let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let out2:t_Array u8 (sz 504) = tmp3 in + let out3:t_Array u8 (sz 504) = tmp4 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out + | 3uy -> + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out + | 4uy -> + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out + | _ -> out + in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); f_shake128_squeeze_block_post = - (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + (fun (self: t_Simd256Hash) (out4: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); f_shake128_squeeze_block = fun (self: t_Simd256Hash) -> @@ -135,11 +341,68 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = in () in - let tmp0, out:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 4) Core.Core_arch.X86.t____m256i & - t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_sha3.Avx2.X4.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) + v_K + in + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let tmp0, tmp1, tmp2, tmp3, tmp4:(Libcrux_sha3.Avx2.X4.Incremental.t_KeccakState4 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Avx2.X4.Incremental.shake128_squeeze_next_block self.f_shake128_state + out0 + out1 + out2 + out3 in let self:t_Simd256Hash = { self with f_shake128_state = tmp0 } <: t_Simd256Hash in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let out2:t_Array u8 (sz 168) = tmp3 in + let out3:t_Array u8 (sz 168) = tmp4 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out + | 3uy -> + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out + | 4uy -> + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out + | _ -> out + in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index 9b65ef28b..6fda7a42c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -7,8 +7,7 @@ open FStar.Mul /// It's only used for SHAKE128. /// All other functions don't actually use any members. type t_Simd128Hash = { - f_shake128_state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) + f_shake128_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -36,7 +35,13 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Neon.shake256 v_LEN digest input in + let dummy:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 input input digest dummy + in + let digest:t_Array u8 v_LEN = tmp0 in + let dummy:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -44,7 +49,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) - (out: t_Array (t_Array u8 v_LEN) v_K) + (out4: t_Array (t_Array u8 v_LEN) v_K) -> true); f_PRFxN @@ -63,7 +68,132 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - Libcrux_sha3.Neon.X2.shake256xN v_LEN v_K input); + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K + in + let out0:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out1:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out2:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out3:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out, out0, out1, out2, out3:(t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN & + t_Array u8 v_LEN) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 3uy -> + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 2 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out2 + out3 + in + let out2:t_Array u8 v_LEN = tmp0 in + let out3:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | 4uy -> + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 0 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out0 + out1 + in + let out0:t_Array u8 v_LEN = tmp0 in + let out1:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let tmp0, tmp1:(t_Array u8 v_LEN & t_Array u8 v_LEN) = + Libcrux_sha3.Neon.X2.shake256 (Rust_primitives.unsize (input.[ sz 2 ] + <: + t_Array u8 (sz 33)) + <: + t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 33)) <: t_Slice u8) + out2 + out3 + in + let out2:t_Array u8 v_LEN = tmp0 in + let out3:t_Array u8 v_LEN = tmp1 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 v_LEN) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + | _ -> + out, out0, out1, out2, out3 + <: + (t_Array (t_Array u8 v_LEN) v_K & t_Array u8 v_LEN & t_Array u8 v_LEN & t_Array u8 v_LEN & + t_Array u8 v_LEN) + in + out); f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); f_shake128_init_absorb_post = @@ -84,15 +214,86 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let state:t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) = - Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_finalxN v_K input + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + let list = + [ + Libcrux_sha3.Neon.X2.Incremental.shake128_init (); + Libcrux_sha3.Neon.X2.Incremental.shake128_init () + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list + in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | 3uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | 4uy -> + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 0) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 0 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 1 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + let state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state + (sz 1) + (Libcrux_sha3.Neon.X2.Incremental.shake128_absorb_final (state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + (Rust_primitives.unsize (input.[ sz 2 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + (Rust_primitives.unsize (input.[ sz 3 ] <: t_Array u8 (sz 34)) <: t_Slice u8) + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + in + state + | _ -> state in { f_shake128_state = state } <: t_Simd128Hash); f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_three_blocks_post = - (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); + (fun (self: t_Simd128Hash) (out4: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); f_shake128_squeeze_three_blocks = (fun (self: t_Simd128Hash) -> @@ -109,18 +310,209 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let tmp0, out:(t_Array - (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) (sz 2) & - t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze3xN (sz 504) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 504) <: t_Array u8 (sz 504) + ) + v_K + in + let out0:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out1:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out2:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out3:t_Array u8 (sz 504) = Rust_primitives.Hax.repeat 0uy (sz 504) in + let out, out0, out1, out2, out3, self:(t_Array (t_Array u8 (sz 504)) v_K & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) + | 3uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 504) = tmp1 in + let out3:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) + | 4uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 504) = tmp1 in + let out1:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 504) & + t_Array u8 (sz 504)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_first_three_blocks (self + .f_shake128_state.[ sz 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 504) = tmp1 in + let out3:t_Array u8 (sz 504) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 504)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) + | _ -> + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 504)) v_K & t_Array u8 (sz 504) & t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Array u8 (sz 504) & + t_Simd128Hash) in - let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); f_shake128_squeeze_block_pre = (fun (self: t_Simd128Hash) -> true); f_shake128_squeeze_block_post = - (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); + (fun (self: t_Simd128Hash) (out4: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); f_shake128_squeeze_block = fun (self: t_Simd128Hash) -> @@ -137,12 +529,201 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = in () in - let tmp0, out:(t_Array (t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) (sz 2)) - (sz 2) & - t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_sha3.Neon.X2.Incremental.shake128_squeezexN (sz 168) v_K self.f_shake128_state + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy (sz 168) <: t_Array u8 (sz 168)) + v_K + in + let out0:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out1:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out2:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out3:t_Array u8 (sz 168) = Rust_primitives.Hax.repeat 0uy (sz 168) in + let out, out0, out1, out2, out3, self:(t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) = + match cast (v_K <: usize) <: u8 with + | 2uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) + | 3uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) + | 4uy -> + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 0 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out0 + out1 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 0) + tmp0 + } + <: + t_Simd128Hash + in + let out0:t_Array u8 (sz 168) = tmp1 in + let out1:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let tmp0, tmp1, tmp2:(Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 & + t_Array u8 (sz 168) & + t_Array u8 (sz 168)) = + Libcrux_sha3.Neon.X2.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ sz + 1 ] + <: + Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2) + out2 + out3 + in + let self:t_Simd128Hash = + { + self with + f_shake128_state + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_shake128_state + (sz 1) + tmp0 + } + <: + t_Simd128Hash + in + let out2:t_Array u8 (sz 168) = tmp1 in + let out3:t_Array u8 (sz 168) = tmp2 in + let _:Prims.unit = () in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 0) out0 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 1) out1 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 2) out2 + in + let out:t_Array (t_Array u8 (sz 168)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out (sz 3) out3 + in + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) + | _ -> + out, out0, out1, out2, out3, self + <: + (t_Array (t_Array u8 (sz 168)) v_K & t_Array u8 (sz 168) & t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Array u8 (sz 168) & + t_Simd128Hash) in - let self:t_Simd128Hash = { self with f_shake128_state = tmp0 } <: t_Simd128Hash in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 8e0d569e7..d76d909e8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -7,7 +7,7 @@ open FStar.Mul /// It's only used for SHAKE128. /// All other functions don't actually use any members. type t_PortableHash (v_K: usize) = { - f_shake128_state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K + f_shake128_state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -35,7 +35,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K = (fun (v_LEN: usize) (input: t_Slice u8) -> let digest:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 v_LEN digest input in + let digest:t_Array u8 v_LEN = Libcrux_sha3.Portable.shake256 digest input in digest); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post @@ -66,10 +66,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0uy v_LEN <: t_Array u8 v_LEN) v_K in let out:t_Array (t_Array u8 v_LEN) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -80,8 +79,7 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i - (Libcrux_sha3.Portable.shake256 v_LEN - (out.[ i ] <: t_Array u8 v_LEN) + (Libcrux_sha3.Portable.shake256 (out.[ i ] <: t_Array u8 v_LEN) (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 33)) <: t_Slice u8) <: t_Array u8 v_LEN) @@ -109,37 +107,34 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K in () in - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = Rust_primitives.Hax.repeat (Libcrux_sha3.Portable.Incremental.shake128_init () <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) v_K in - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) state (fun state i -> - let state:t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K = - state - in + let state:t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K = state in let i:usize = i in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize state i (Libcrux_sha3.Portable.Incremental.shake128_absorb_final (state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (Rust_primitives.unsize (input.[ i ] <: t_Array u8 (sz 34)) <: t_Slice u8) <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) <: - t_Array (Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) v_K) + t_Array Libcrux_sha3.Portable.t_KeccakState1 v_K) in { f_shake128_state = state } <: t_PortableHash v_K); f_shake128_squeeze_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true); @@ -172,10 +167,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K v_K in let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -184,12 +178,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K (fun temp_0_ i -> let out, self:(t_Array (t_Array u8 (sz 504)) v_K & t_PortableHash v_K) = temp_0_ in let i:usize = i in - let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & - t_Array u8 (sz 504)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState1 & t_Array u8 (sz 504)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_first_three_blocks (self .f_shake128_state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (out.[ i ] <: t_Array u8 (sz 504)) in let self:t_PortableHash v_K = @@ -241,10 +234,9 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K v_K in let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -253,12 +245,11 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K (fun temp_0_ i -> let out, self:(t_Array (t_Array u8 (sz 168)) v_K & t_PortableHash v_K) = temp_0_ in let i:usize = i in - let tmp0, tmp1:(Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 & - t_Array u8 (sz 168)) = + let tmp0, tmp1:(Libcrux_sha3.Portable.t_KeccakState1 & t_Array u8 (sz 168)) = Libcrux_sha3.Portable.Incremental.shake128_squeeze_next_block (self.f_shake128_state.[ i ] <: - Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64) + Libcrux_sha3.Portable.t_KeccakState1) (out.[ i ] <: t_Array u8 (sz 168)) in let self:t_PortableHash v_K = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 6c37b4454..9c5c2c468 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -9,7 +9,7 @@ open FStar.Mul /// - AVX2 /// - NEON /// - Portable -class t_Hash (v_Self: Type) (v_K: usize) = { +class t_Hash (v_Self: Type0) (v_K: usize) = { f_G_pre:t_Slice u8 -> bool; f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> bool; f_G:x0: t_Slice u8 @@ -51,7 +51,7 @@ class t_Hash (v_Self: Type) (v_K: usize) = { } /// The SHA3 block size. -let v_BLOCK_SIZE: usize = sz 168 +let v_BLOCK_SIZE: usize = Rust_primitives.Hax.dropped_body /// The size of 3 SHA3 blocks. -let v_THREE_BLOCKS: usize = v_BLOCK_SIZE *! sz 3 +let v_THREE_BLOCKS: usize = Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst new file mode 100644 index 000000000..1b7adcd0d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti new file mode 100644 index 000000000..5c35e7373 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -0,0 +1,37 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Portable decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Portable encapsualte +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Portable generate key pair. +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst new file mode 100644 index 000000000..e94abdbc5 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector in + () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE + v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti new file mode 100644 index 000000000..417351f41 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -0,0 +1,37 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Portable decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Portable encapsualte +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Portable generate key pair. +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst new file mode 100644 index 000000000..681fc0e37 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -0,0 +1,116 @@ +module Libcrux_ml_kem.Ind_cca.Multiplexing +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate v_K v_SECRET_KEY_SIZE + v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + private_key ciphertext + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair v_K + v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE + v_BYTES_PER_RING_ELEMENT + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti new file mode 100644 index 000000000..f94109b2d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -0,0 +1,33 @@ +module Libcrux_ml_kem.Ind_cca.Multiplexing +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9b5b0ea1c..0b2ab9311 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -3,9 +3,17 @@ module Libcrux_ml_kem.Ind_cca open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + let serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) - (#v_Hasher: Type) + (#v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -17,15 +25,16 @@ let serialize_kem_secret_key Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; - Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len private_key <: usize) <: usize + Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len private_key <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 private_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -35,20 +44,21 @@ let serialize_kem_secret_key <: t_Slice u8) in - let pointer:usize = pointer +! (Core.Slice.impl__len private_key <: usize) in + let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; - Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len public_key <: usize) <: usize + Core.Ops.Range.f_end = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len public_key <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 public_key <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -58,7 +68,7 @@ let serialize_kem_secret_key <: t_Slice u8) in - let pointer:usize = pointer +! (Core.Slice.impl__len public_key <: usize) in + let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ @@ -67,7 +77,8 @@ let serialize_kem_secret_key } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = pointer +! Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE <: usize } @@ -75,7 +86,7 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K public_key + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher v_K public_key <: t_Array u8 (sz 32)) <: @@ -90,15 +101,16 @@ let serialize_kem_secret_key Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len implicit_rejection_value <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = pointer; Core.Ops.Range.f_end = - pointer +! (Core.Slice.impl__len implicit_rejection_value <: usize) <: usize + pointer +! (Core.Slice.impl__len #u8 implicit_rejection_value <: usize) <: usize } <: Core.Ops.Range.t_Range usize ] @@ -110,15 +122,18 @@ let serialize_kem_secret_key in out -let validate_public_key_generic +let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE v_K + #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeTo usize ] @@ -129,6 +144,7 @@ let validate_public_key_generic Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE + #v_Vector deserialized_pk (public_key.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -138,50 +154,13 @@ let validate_public_key_generic in public_key =. public_key_serialized -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist2:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key) - <: - Core.Ops.Control_flow.t_ControlFlow bool Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist2) - <: - Core.Ops.Control_flow.t_ControlFlow bool bool - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - <: - bool - else - validate_public_key_generic v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - <: - bool) - <: - Core.Ops.Control_flow.t_ControlFlow bool bool) - -let decapsulate_generic +let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -189,13 +168,15 @@ let decapsulate_generic (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = - Libcrux_ml_kem.Types.impl_12__split_at v_SECRET_KEY_SIZE private_key v_CPA_SECRET_KEY_SIZE + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key v_PUBLIC_KEY_SIZE + Core.Slice.impl__split_at #u8 secret_key v_PUBLIC_KEY_SIZE in let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE + Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K @@ -203,21 +184,20 @@ let decapsulate_generic v_C1_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector ind_cpa_secret_key ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Ind_cpa.into_padded_array (sz 64) - (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -227,15 +207,16 @@ let decapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Libcrux_ml_kem.Ind_cpa.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE implicit_rejection_value in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = @@ -243,94 +224,52 @@ let decapsulate_generic ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + ciphertext + <: + t_Slice u8) <: t_Slice u8) in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_PRF v_K (sz 32) (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + v_K + (sz 32) + (Rust_primitives.unsize to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE ind_cpa_public_key decrypted - pseudorandomness + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher ind_cpa_public_key + decrypted pseudorandomness in let selector:u8 = Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time v_CIPHERTEXT_SIZE - (Core.Convert.f_as_ref ciphertext <: t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + ciphertext + <: + t_Slice u8) (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) in Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) selector -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist3:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist3) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - let! hoist4:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist4) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (decapsulate_generic v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE - v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext - <: - t_Array u8 (sz 32)) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) - (Core.Ops.Control_flow.t_ControlFlow (t_Array u8 (sz 32)) (t_Array u8 (sz 32)))) - -let encapsulate_generic +let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -338,22 +277,21 @@ let encapsulate_generic (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Ind_cpa.into_padded_array (sz 64) - (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (to_hash.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - } + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H v_K + (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + v_K (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: @@ -368,16 +306,17 @@ let encapsulate_generic t_Slice u8) in let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G v_K (Rust_primitives.unsize to_hash <: t_Slice u8) + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K (Rust_primitives.unsize to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -386,86 +325,42 @@ let encapsulate_generic in let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let shared_secret_array:t_Array u8 (sz 32) = - Core.Slice.impl__copy_from_slice shared_secret_array shared_secret + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret in - Core.Convert.f_into ciphertext, shared_secret_array + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + ciphertext, + shared_secret_array <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (if - true && true && (Libcrux_platform.Platform.simd256_support () <: bool) - then - let! hoist5:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist5) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && (Libcrux_platform.Platform.simd128_support () <: bool) - then - let! hoist6:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist6) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - else - Core.Ops.Control_flow.ControlFlow_Continue - (encapsulate_generic v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - public_key randomness - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32))) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)))) - -let generate_keypair_generic +let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) + (randomness: t_Array u8 (sz 64)) = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = Libcrux_ml_kem.Ind_cpa.generate_keypair v_K @@ -474,91 +369,29 @@ let generate_keypair_generic v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE + #v_Hasher (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) (Rust_primitives.unsize public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE = - Core.Convert.f_from secret_key_serialized + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) + #(t_Array u8 v_PRIVATE_KEY_SIZE) + secret_key_serialized in Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key - (Core.Convert.f_into public_key <: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Rust_primitives.Hax.Control_flow_monad.Mexception.run (let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - if true && true && Libcrux_platform.Platform.simd256_support () - then - let! hoist7:Rust_primitives.Hax.t_Never = - Core.Ops.Control_flow.ControlFlow_Break - (generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Rust_primitives.Hax.t_Never - in - Core.Ops.Control_flow.ControlFlow_Continue (Rust_primitives.Hax.never_to_any hoist7) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - else - Core.Ops.Control_flow.ControlFlow_Continue - (if false && false && Libcrux_platform.Platform.simd128_support () - then - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value - else - generate_keypair_generic v_K - v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - ind_cpa_keypair_randomness - implicit_rejection_value) - <: - Core.Ops.Control_flow.t_ControlFlow - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE)) + (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #(t_Array u8 v_PUBLIC_KEY_SIZE) + public_key + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 0b669d301..2731071c5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -3,91 +3,70 @@ module Libcrux_ml_kem.Ind_cca open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// An ML-KEM shared secret. /// A byte array of size [`SHARED_SECRET_SIZE`]. unfold let t_MlKemSharedSecret = t_Array u8 (sz 32) /// Seed size for encapsulation -let v_ENCAPS_SEED_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ENCAPS_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// Seed size for key generation -let v_KEY_GENERATION_SEED_SIZE: usize = - Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_KEY_GENERATION_SEED_SIZE: usize = Rust_primitives.Hax.dropped_body /// Serialize the secret key. val serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) - (#v_Hasher: Type) + (#v_Hasher: Type0) {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) -val validate_public_key_generic - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -val decapsulate_generic - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val encapsulate_generic - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val generate_keypair_generic - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (ind_cpa_keypair_randomness implicit_rejection_value: t_Slice u8) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) - +/// Generate a key pair. +/// Depending on the `Vector` and `Hasher` used, this requires different hardware +/// features val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 97b66b4f4..bf1e03308 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -3,44 +3,19 @@ module Libcrux_ml_kem.Ind_cpa open Core open FStar.Mul -let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((Core.Slice.impl__len slice <: usize) <=. v_LEN <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in - let out:t_Array u8 v_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len slice <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - slice - <: - t_Slice u8) - in - out +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () let sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -48,19 +23,19 @@ let sample_ring_element_cbd (domain_separator: u8) = let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -85,13 +60,12 @@ let sample_ring_element_cbd in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = - Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA2_RANDOMNESS_SIZE prf_inputs + Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher v_K v_ETA2_RANDOMNESS_SIZE prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -105,6 +79,7 @@ let sample_ring_element_cbd Rust_primitives.Hax.Monomorphized_update_at.update_at_usize error_1_ i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) <: t_Slice u8) @@ -119,8 +94,10 @@ let sample_ring_element_cbd let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -128,19 +105,19 @@ let sample_vector_cbd_then_ntt (domain_separator: u8) = let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -165,13 +142,12 @@ let sample_vector_cbd_then_ntt in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = - Libcrux_ml_kem.Hash_functions.f_PRFxN v_K v_ETA_RANDOMNESS_SIZE prf_inputs + Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher v_K v_ETA_RANDOMNESS_SIZE prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -186,6 +162,7 @@ let sample_vector_cbd_then_ntt Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA + #v_Vector (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) <: t_Slice u8) @@ -195,9 +172,8 @@ let sample_vector_cbd_then_ntt let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re_as_ntt i - (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element (re_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Ntt.ntt_binomially_sampled_ring_element #v_Vector + (re_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -209,14 +185,22 @@ let sample_vector_cbd_then_ntt let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) = let out, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter input + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + input <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -241,7 +225,8 @@ let compress_then_serialize_u } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; Core.Ops.Range.f_end = @@ -254,6 +239,7 @@ let compress_then_serialize_u (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR v_BLOCK_LEN + #v_Vector re <: t_Array u8 v_BLOCK_LEN) @@ -268,21 +254,27 @@ let compress_then_serialize_u let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact (Rust_primitives.unsize ciphertext <: t_Slice u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + (Rust_primitives.unsize ciphertext <: t_Slice u8) ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: @@ -306,6 +298,7 @@ let deserialize_then_decompress_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i (Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_u v_U_COMPRESSION_FACTOR + #v_Vector u_bytes <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -314,6 +307,7 @@ let deserialize_then_decompress_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i (Libcrux_ml_kem.Ntt.ntt_vector_u v_U_COMPRESSION_FACTOR + #v_Vector (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -325,8 +319,10 @@ let deserialize_then_decompress_u let encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -337,6 +333,7 @@ let encrypt let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE v_K + #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeTo usize ] @@ -351,40 +348,53 @@ let encrypt let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Libcrux_ml_kem.Matrix.sample_matrix_A v_K - (into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + #v_Vector + #v_Hasher + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) false in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = into_padded_array (sz 33) randomness in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + in let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy in let error_1_, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_ring_element_cbd v_K v_ETA2_RANDOMNESS_SIZE v_ETA2 prf_input domain_separator + sample_ring_element_cbd v_K + v_ETA2_RANDOMNESS_SIZE + v_ETA2 + #v_Vector + #v_Hasher + prf_input + domain_separator in let prf_input:t_Array u8 (sz 33) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator in let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.f_PRF v_K + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + v_K v_ETA2_RANDOMNESS_SIZE (Rust_primitives.unsize prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector (Rust_primitives.unsize prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_vector_u v_K v_A_transpose r_as_ntt error_1_ + Libcrux_ml_kem.Matrix.compute_vector_u v_K #v_Vector v_A_transpose r_as_ntt error_1_ in let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_message message + Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message in let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Matrix.compute_ring_element_v v_K + #v_Vector tt_as_ntt r_as_ntt error_2_ @@ -400,6 +410,7 @@ let encrypt v_C1_LEN v_U_COMPRESSION_FACTOR v_BLOCK_LEN + #v_Vector u (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } <: @@ -414,6 +425,7 @@ let encrypt ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR v_C2_LEN + #v_Vector v (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -425,21 +437,27 @@ let encrypt let deserialize_secret_key (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (secret_key: t_Slice u8) = let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact secret_key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + secret_key Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) @@ -456,7 +474,8 @@ let deserialize_secret_key let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt i - (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element secret_bytes + (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector + secret_bytes <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -467,16 +486,19 @@ let deserialize_secret_key let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) = let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR ciphertext + deserialize_then_decompress_u v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR #v_Vector ciphertext in let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Serialize.deserialize_then_decompress_ring_element_v v_V_COMPRESSION_FACTOR + #v_Vector (ciphertext.[ { Core.Ops.Range.f_start = v_VECTOR_U_ENCODED_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] @@ -484,23 +506,31 @@ let decrypt t_Slice u8) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - deserialize_secret_key v_K secret_key + deserialize_secret_key v_K #v_Vector secret_key in let message:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_message v_K v secret_as_ntt u_as_ntt + Libcrux_ml_kem.Matrix.compute_message v_K #v_Vector v secret_as_ntt u_as_ntt in - Libcrux_ml_kem.Serialize.compress_then_serialize_message message + Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message let serialize_secret_key (v_K v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + key <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -529,7 +559,8 @@ let serialize_secret_key } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (out.[ { + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { Core.Ops.Range.f_start = i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; @@ -544,6 +575,7 @@ let serialize_secret_key <: t_Slice u8) (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element + #v_Vector re <: t_Array u8 (sz 384)) @@ -558,8 +590,10 @@ let serialize_secret_key let serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) = @@ -571,7 +605,8 @@ let serialize_public_key ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (public_key_serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (public_key_serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -581,6 +616,7 @@ let serialize_public_key t_Slice u8) (Rust_primitives.unsize (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT + #v_Vector tt_as_ntt <: t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) @@ -594,9 +630,8 @@ let serialize_public_key ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice (public_key_serialized.[ { - Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT - } + (Core.Slice.impl__copy_from_slice #u8 + (public_key_serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -610,43 +645,60 @@ let serialize_public_key let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (key_generation_seed: t_Slice u8) = - let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G v_K key_generation_seed in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher v_K key_generation_seed + in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Libcrux_ml_kem.Matrix.sample_matrix_A v_K - (into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + #v_Vector + #v_Hasher + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) true in let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - into_padded_array (sz 33) seed_for_secret_and_error + Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error in let secret_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input 0uy + sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy in let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 ) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE prf_input domain_separator + sample_vector_cbd_then_ntt v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + domain_separator in let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K v_A_transpose secret_as_ntt error_as_ntt + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector v_A_transpose secret_as_ntt error_as_ntt in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE tt_as_ntt seed_for_A + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + tt_as_ntt + seed_for_A in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K v_PRIVATE_KEY_SIZE secret_as_ntt + serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector secret_as_ntt in secret_key_serialized, public_key_serialized <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ca613d980..7b73f0062 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -3,54 +3,39 @@ module Libcrux_ml_kem.Ind_cpa open Core open FStar.Mul -/// Pad the `slice` with `0`s at the end. -val into_padded_array (v_LEN: usize) (slice: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () -/// Sample a vector of ring elements from a centered binomial distribution. -val sample_ring_element_cbd - (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) - (domain_separator: u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Sample a vector of ring elements from a centered binomial distribution and -/// convert them into their NTT representations. -val sample_vector_cbd_then_ntt - (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (prf_input: t_Array u8 (sz 33)) - (domain_separator: u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Call [`compress_then_serialize_ring_element_u`] on each ring element. -val compress_then_serialize_u - (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (out: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - -/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element -/// in the `ciphertext`. -val deserialize_then_decompress_u - (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} +/// This function implements Algorithm 14 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. +/// Algorithm 14 is reproduced below: +/// ```plaintext +/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. +/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. +/// Output: message m ∈ 𝔹^{32}. +/// c₁ ← c[0 : 32dᵤk] +/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] +/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) +/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) +/// ŝ ← ByteDecode₁₂(dkₚₖₑ) +/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) +/// m ← ByteEncode₁(Compress₁(w)) +/// return m +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val decrypt + (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: + usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -90,68 +75,14 @@ val deserialize_then_decompress_u val encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -val deserialize_secret_key - (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (secret_key: t_Slice u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - -/// This function implements Algorithm 14 of the -/// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. -/// Algorithm 14 is reproduced below: -/// ```plaintext -/// Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. -/// Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. -/// Output: message m ∈ 𝔹^{32}. -/// c₁ ← c[0 : 32dᵤk] -/// c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] -/// u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) -/// v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) -/// ŝ ← ByteDecode₁₂(dkₚₖₑ) -/// w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) -/// m ← ByteEncode₁(Compress₁(w)) -/// return m -/// ``` -/// The NIST FIPS 203 standard can be found at -/// . -val decrypt - (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: - usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (secret_key: t_Slice u8) - (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Call [`serialize_uncompressed_ring_element`] for each ring element. -val serialize_secret_key - (v_K v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) - -/// Concatenate `t` and `ρ` into the public key. -val serialize_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (seed_for_a: t_Slice u8) - : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) - /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. /// We say "most of" since Algorithm 12 samples the required randomness within @@ -188,10 +119,82 @@ val serialize_public_key val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`compress_then_serialize_ring_element_u`] on each ring element. +val compress_then_serialize_u + (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (out: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +val deserialize_secret_key + (v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (secret_key: t_Slice u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element +/// in the `ciphertext`. +val deserialize_then_decompress_u + (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Sample a vector of ring elements from a centered binomial distribution. +val sample_ring_element_cbd + (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Sample a vector of ring elements from a centered binomial distribution and +/// convert them into their NTT representations. +val sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Concatenate `t` and `ρ` into the public key. +val serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// Call [`serialize_uncompressed_ring_element`] for each ring element. +val serialize_secret_key + (v_K v_OUT_LEN: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 68da4db0b..34e6fbf5e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -3,30 +3,42 @@ module Libcrux_ml_kem.Invert_ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let inv_ntt_layer_int_vec_step_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a b: v_Vector) (zeta_r: i16) = - let a_minus_b:v_Vector = Libcrux_traits.f_sub b a in - let a:v_Vector = Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add a b <: v_Vector) in - let b:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer a_minus_b zeta_r in + let a_minus_b:v_Vector = Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector b a in + let a:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector a b <: v_Vector) + in + let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) let invert_ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -46,10 +58,8 @@ let invert_ntt_at_layer_1_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_1_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] @@ -75,18 +85,19 @@ let invert_ntt_at_layer_1_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -106,10 +117,8 @@ let invert_ntt_at_layer_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_2_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize ] @@ -127,18 +136,19 @@ let invert_ntt_at_layer_2_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -158,10 +168,8 @@ let invert_ntt_at_layer_3_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_inv_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - round ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_3_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) <: v_Vector) @@ -174,8 +182,10 @@ let invert_ntt_at_layer_3_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let invert_ntt_at_layer_4_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) @@ -183,10 +193,9 @@ let invert_ntt_at_layer_4_plus let step:usize = sz 1 <>! layer <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 128 >>! layer <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -199,10 +208,14 @@ let invert_ntt_at_layer_4_plus let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let offset_vec:usize = + offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + in + let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = offset_vec; Core.Ops.Range.f_end = offset_vec +! step_vec <: usize } @@ -215,10 +228,8 @@ let invert_ntt_at_layer_4_plus let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let x, y:(v_Vector & v_Vector) = - inv_ntt_layer_int_vec_step_reduce (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - j ] - <: - v_Vector) + inv_ntt_layer_int_vec_step_reduce #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) @@ -258,56 +269,58 @@ let invert_ntt_at_layer_4_plus let invert_ntt_montgomery (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let zeta_i:usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! sz 2 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_1_ zeta_i re (sz 1) + invert_ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_2_ zeta_i re (sz 2) + invert_ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_3_ zeta_i re (sz 3) + invert_ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 4) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 5) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 6) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - invert_ntt_at_layer_4_plus zeta_i re (sz 7) + invert_ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index a000597eb..ffe255831 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -3,16 +3,22 @@ module Libcrux_ml_kem.Invert_ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val inv_ntt_layer_int_vec_step_reduce - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -21,8 +27,8 @@ val invert_ntt_at_layer_1_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -31,8 +37,8 @@ val invert_ntt_at_layer_2_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) @@ -41,8 +47,8 @@ val invert_ntt_at_layer_3_ (fun _ -> Prims.l_True) val invert_ntt_at_layer_4_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) @@ -52,8 +58,8 @@ val invert_ntt_at_layer_4_plus val invert_ntt_montgomery (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index f12b7df16..cb7647bee 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -3,26 +3,42 @@ module Libcrux_ml_kem.Matrix open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + let compute_As_plus_e (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize matrix_A + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Slice.impl__iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -47,8 +63,14 @@ let compute_As_plus_e temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize row + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -73,14 +95,16 @@ let compute_As_plus_e temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply matrix_element + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K + (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + v_K (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -93,9 +117,8 @@ let compute_As_plus_e let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce (result.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce #v_Vector + (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -106,19 +129,20 @@ let compute_As_plus_e let compute_ring_element_v (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt r_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -128,43 +152,51 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply (tt_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (r_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product + Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product in result) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce error_2_ message result + Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce #v_Vector error_2_ message result in result let compute_vector_u (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a_as_ntt: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize a_as_ntt + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Slice.impl__iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize a_as_ntt <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -189,8 +221,14 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__iter (Rust_primitives.unsize row + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -215,14 +253,16 @@ let compute_vector_u temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply a_element + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + a_element (r_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K + (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + v_K (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -236,6 +276,7 @@ let compute_vector_u Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i (Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K + #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -243,9 +284,8 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_error_reduce (result.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Polynomial.impl__add_error_reduce #v_Vector + (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -256,20 +296,21 @@ let compute_vector_u let compute_message (v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (secret_as_ntt u_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -279,28 +320,29 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply (secret_as_ntt.[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element v_K result product + Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product in result) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K result + Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__subtract_reduce v result + Libcrux_ml_kem.Polynomial.impl__subtract_reduce #v_Vector v result in result let sample_matrix_A (v_K: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -309,13 +351,15 @@ let sample_matrix_A = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K (fun v__i -> let v__i:usize = v__i in - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -323,10 +367,9 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -340,10 +383,9 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -377,10 +419,16 @@ let sample_matrix_A seeds) in let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Sampling.sample_from_xof v_K seeds + Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Iter.Traits.Collect.f_into_iter sampled + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Core.Iter.Traits.Collect.f_into_iter #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + sampled <: Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 959f17ca0..9b53942d2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -3,11 +3,18 @@ module Libcrux_ml_kem.Matrix open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// Compute  ◦ ŝ + ê val compute_As_plus_e (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: @@ -16,11 +23,26 @@ val compute_As_plus_e Prims.l_True (fun _ -> Prims.l_True) +/// The following functions compute various expressions involving +/// vectors and matrices. The computation of these expressions has been +/// abstracted away into these functions in order to save on loop iterations. +/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) +val compute_message + (v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (secret_as_ntt u_as_ntt: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message val compute_ring_element_v (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (tt_as_ntt r_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -30,8 +52,8 @@ val compute_ring_element_v /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ val compute_vector_u (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a_as_ntt: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -39,25 +61,10 @@ val compute_vector_u Prims.l_True (fun _ -> Prims.l_True) -/// The following functions compute various expressions involving -/// vectors and matrices. The computation of these expressions has been -/// abstracted away into these functions in order to save on loop iterations. -/// Compute v − InverseNTT(sᵀ ◦ NTT(u)) -val compute_message - (v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (v: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (secret_as_ntt u_as_ntt: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True - (fun _ -> Prims.l_True) - val sample_matrix_A (v_K: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seed: t_Array u8 (sz 34)) (transpose: bool) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst new file mode 100644 index 000000000..a6c49635b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) + (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1600) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti new file mode 100644 index 000000000..b3c9a6920 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst new file mode 100644 index 000000000..65878c0fb --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem1024.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) + (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1600) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti new file mode 100644 index 000000000..e09969dff --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem1024.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 1024 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index c7a2eaafa..a0e43d2ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -7,13 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key - ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 4) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) (sz 1536) (sz 1568) public_key.Libcrux_ml_kem.Types.f_value @@ -26,15 +33,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) - (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 4) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) (sz 1536) (sz 3168) (sz 1568) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 34785554b..f8c25b6fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_C1_BLOCK_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_1024_: usize = sz 4 +let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = - ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = - (v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = - ((v_RANK_1024_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_1024_: usize = v_T_AS_NTT_ENCODED_SIZE_1024_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_1024_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_1024_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_1024_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = sz 11 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_1024_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_1024_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_1024_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_1024_: usize = v_C1_BLOCK_SIZE_1024_ *! v_RANK_1024_ +let v_RANK_1024_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = sz 5 +let v_SECRET_KEY_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_1024_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_1024_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_1024_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ +let v_VECTOR_U_COMPRESSION_FACTOR_1024_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +let v_VECTOR_V_COMPRESSION_FACTOR_1024_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 1024 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem1024PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 1024 Key pair unfold let t_MlKem1024KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst new file mode 100644 index 000000000..671c9d2ba --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Mlkem512.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti new file mode 100644 index 000000000..8504c458d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem512.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst new file mode 100644 index 000000000..021b912b0 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Mlkem512.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti new file mode 100644 index 000000000..a069aea6f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem512.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 512 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 520065dfa..b3252faa0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -7,12 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 2) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) (sz 768) (sz 800) public_key.Libcrux_ml_kem.Types.f_value @@ -23,15 +31,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 8 else Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) (sz 128) (sz 10) - (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 2) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) (sz 768) (sz 1632) (sz 800) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index da84a9270..155d70c2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let v_ETA1: usize = sz 3 +let v_C1_BLOCK_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_512_: usize = sz 2 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_512_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ +let v_RANK_512_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_SECRET_KEY_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_512_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 512 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem512PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 512 Key pair unfold let t_MlKem512KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst new file mode 100644 index 000000000..ae68d3994 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem768.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) + (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1120) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti new file mode 100644 index 000000000..4c9e0045a --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem768.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst new file mode 100644 index 000000000..9c5cf8365 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -0,0 +1,44 @@ +module Libcrux_ml_kem.Mlkem768.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) + (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) + (sz 1120) private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + +let generate_key_pair (randomness: t_Array u8 (sz 64)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti new file mode 100644 index 000000000..644446ed8 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -0,0 +1,36 @@ +module Libcrux_ml_kem.Mlkem768.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Decapsulate ML-KEM 768 +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +val generate_key_pair (randomness: t_Array u8 (sz 64)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index dd9dd13cf..a8cefb121 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -7,13 +7,20 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key - ciphertext + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) + private_key ciphertext + +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = if - Libcrux_ml_kem.Ind_cca.validate_public_key (sz 3) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) (sz 1152) (sz 1184) public_key.Libcrux_ml_kem.Types.f_value @@ -26,15 +33,8 @@ let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) (sz 128) (sz 10) - (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness - let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair (sz 3) + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) (sz 1152) (sz 2400) (sz 1184) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 06774d878..6260bb2fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let v_ETA1: usize = sz 2 +let v_C1_BLOCK_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2: usize = sz 2 +let v_C2_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_RANK_768_: usize = sz 3 +let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = - ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = - (v_RANK_768_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = Rust_primitives.Hax.dropped_body -let v_T_AS_NTT_ENCODED_SIZE_768_: usize = - ((v_RANK_768_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_PUBLIC_KEY_SIZE_768_: usize = v_T_AS_NTT_ENCODED_SIZE_768_ +! sz 32 +let v_ETA2: usize = Rust_primitives.Hax.dropped_body -let v_SECRET_KEY_SIZE_768_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_768_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_768_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Rust_primitives.Hax.dropped_body -let v_C1_BLOCK_SIZE_768_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_768_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_768_: usize = Rust_primitives.Hax.dropped_body -let v_C1_SIZE_768_: usize = v_C1_BLOCK_SIZE_768_ *! v_RANK_768_ +let v_RANK_768_: usize = Rust_primitives.Hax.dropped_body -let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = sz 4 +let v_SECRET_KEY_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_C2_SIZE_768_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_768_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_768_: usize = Rust_primitives.Hax.dropped_body -let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ +let v_VECTOR_U_COMPRESSION_FACTOR_768_: usize = Rust_primitives.Hax.dropped_body -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +let v_VECTOR_V_COMPRESSION_FACTOR_768_: usize = Rust_primitives.Hax.dropped_body /// An ML-KEM 768 Ciphertext unfold @@ -82,13 +57,6 @@ val decapsulate unfold let t_MlKem768PublicKey = Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] @@ -100,6 +68,13 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + /// Am ML-KEM 768 Key pair unfold let t_MlKem768KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) @@ -107,6 +82,12 @@ let t_MlKem768KeyPair = Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. +/// This function uses CPU feature detection to pick the most efficient version +/// on each platform. To use a specific version with your own feature detection +/// use one of the following +/// - [`generate_key_pair_avx2`] +/// - [`generate_key_pair_neon`] +/// - [`generate_key_pair_portable`] /// This function returns an [`MlKem768KeyPair`]. val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 228560bc0..b68155e06 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -3,30 +3,39 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let ntt_layer_int_vec_step - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a b: v_Vector) (zeta_r: i16) = - let t:v_Vector = Libcrux_traits.f_montgomery_multiply_fe_by_fer b zeta_r in - let b:v_Vector = Libcrux_traits.f_sub a t in - let a:v_Vector = Libcrux_traits.f_add a t in + let t:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector b zeta_r in + let b:v_Vector = Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector a t in + let a:v_Vector = Libcrux_ml_kem.Vector.Traits.f_add #v_Vector a t in a, b <: (v_Vector & v_Vector) let ntt_at_layer_1_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -46,10 +55,8 @@ let ntt_at_layer_1_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_1_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_1_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] @@ -75,18 +82,19 @@ let ntt_at_layer_1_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -106,10 +114,8 @@ let ntt_at_layer_2_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_2_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_2_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize ] @@ -127,18 +133,19 @@ let ntt_at_layer_2_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = let (re, zeta_i), hax_temp_output:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -158,10 +165,8 @@ let ntt_at_layer_3_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients round - (Libcrux_traits.f_ntt_layer_3_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round - ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_3_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) <: v_Vector) @@ -174,8 +179,10 @@ let ntt_at_layer_3_ zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_4_plus - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) @@ -195,10 +202,9 @@ let ntt_at_layer_4_plus let step:usize = sz 1 <>! layer <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 128 >>! layer <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -211,10 +217,12 @@ let ntt_at_layer_4_plus let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let offset_vec:usize = offset /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in - let step_vec:usize = step /! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR in + let offset_vec:usize = offset /! sz 16 in + let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = offset_vec; Core.Ops.Range.f_end = offset_vec +! step_vec <: usize } @@ -227,9 +235,8 @@ let ntt_at_layer_4_plus let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let x, y:(v_Vector & v_Vector) = - ntt_layer_int_vec_step (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] - <: - v_Vector) + ntt_layer_int_vec_step #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) @@ -268,16 +275,17 @@ let ntt_at_layer_4_plus zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) let ntt_at_layer_7_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re, hax_temp_output:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = step - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } <: Core.Ops.Range.t_Range usize) <: @@ -287,12 +295,8 @@ let ntt_at_layer_7_ let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in let t:v_Vector = - Libcrux_traits.f_multiply_by_constant (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! - step - <: - usize ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step <: usize ] <: v_Vector) (-1600s) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -303,8 +307,8 @@ let ntt_at_layer_7_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients (j +! step <: usize) - (Libcrux_traits.f_sub (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector - ) + (Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) t <: v_Vector) @@ -320,8 +324,8 @@ let ntt_at_layer_7_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients j - (Libcrux_traits.f_add (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector - ) + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) t <: v_Vector) @@ -334,51 +338,55 @@ let ntt_at_layer_7_ re let ntt_binomially_sampled_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = ntt_at_layer_7_ re in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + ntt_at_layer_7_ #v_Vector re + in let zeta_i:usize = sz 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ zeta_i re (sz 3) (sz 3) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ zeta_i re (sz 2) (sz 3) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ zeta_i re (sz 1) (sz 3) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -386,56 +394,58 @@ let ntt_binomially_sampled_ring_element let ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let zeta_i:usize = sz 0 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 7) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 7) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 6) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 5) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus zeta_i re (sz 4) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ zeta_i re (sz 3) (sz 3328) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ zeta_i re (sz 2) (sz 3328) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ zeta_i re (sz 1) (sz 3328) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3328) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce re + (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 8d23fbd07..2e535adc9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -3,16 +3,22 @@ module Libcrux_ml_kem.Ntt open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val ntt_layer_int_vec_step - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) val ntt_at_layer_1_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -21,8 +27,8 @@ val ntt_at_layer_1_ (fun _ -> Prims.l_True) val ntt_at_layer_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -31,8 +37,8 @@ val ntt_at_layer_2_ (fun _ -> Prims.l_True) val ntt_at_layer_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) @@ -41,8 +47,8 @@ val ntt_at_layer_3_ (fun _ -> Prims.l_True) val ntt_at_layer_4_plus - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (zeta_i: usize) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) @@ -51,16 +57,16 @@ val ntt_at_layer_4_plus (fun _ -> Prims.l_True) val ntt_at_layer_7_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val ntt_binomially_sampled_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -68,8 +74,8 @@ val ntt_binomially_sampled_ring_element val ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 3644f27f6..472c8b1ba 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -3,25 +3,39 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let impl__ZERO - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (_: Prims.unit) = - { f_coefficients = Rust_primitives.Hax.repeat (Libcrux_traits.f_ZERO () <: v_Vector) (sz 16) } + { + f_coefficients + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Vector.Traits.f_ZERO #v_Vector () <: v_Vector) + (sz 16) + } <: t_PolynomialRingElement v_Vector let impl__add_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -31,7 +45,8 @@ let impl__add_error_reduce let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (self.f_coefficients.[ j ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (self.f_coefficients.[ j ] <: v_Vector) 1441s in let self:t_PolynomialRingElement v_Vector = @@ -41,7 +56,9 @@ let impl__add_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + coefficient_normal_form (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) @@ -56,15 +73,16 @@ let impl__add_error_reduce self let impl__add_message_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -74,11 +92,18 @@ let impl__add_message_error_reduce let result:t_PolynomialRingElement v_Vector = result in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (result.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (result.f_coefficients.[ i ] <: v_Vector) 1441s in + let tmp:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) + (message.f_coefficients.[ i ] <: v_Vector) + in + let tmp:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_add #v_Vector coefficient_normal_form tmp + in let result:t_PolynomialRingElement v_Vector = { result with @@ -86,15 +111,7 @@ let impl__add_message_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients i - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form - (Libcrux_traits.f_add (self.f_coefficients.[ i ] <: v_Vector) - (message.f_coefficients.[ i ] <: v_Vector) - <: - v_Vector) - <: - v_Vector) - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector tmp <: v_Vector) } <: t_PolynomialRingElement v_Vector @@ -104,15 +121,16 @@ let impl__add_message_error_reduce result let impl__add_standard_error_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -122,7 +140,8 @@ let impl__add_standard_error_reduce let self:t_PolynomialRingElement v_Vector = self in let j:usize = j in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_to_standard_domain (self.f_coefficients.[ j ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.to_standard_domain #v_Vector + (self.f_coefficients.[ j ] <: v_Vector) in let self:t_PolynomialRingElement v_Vector = { @@ -131,7 +150,9 @@ let impl__add_standard_error_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients j - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_add coefficient_normal_form + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + coefficient_normal_form (error.f_coefficients.[ j ] <: v_Vector) <: v_Vector) @@ -146,17 +167,22 @@ let impl__add_standard_error_reduce self let impl__add_to_ring_element - (#v_Vector: Type) + (#v_Vector: Type0) (v_K: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = - Core.Slice.impl__len (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) + Core.Slice.impl__len #v_Vector + (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) <: usize } @@ -174,7 +200,8 @@ let impl__add_to_ring_element = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients i - (Libcrux_traits.f_add (self.f_coefficients.[ i ] <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_add #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -187,16 +214,17 @@ let impl__add_to_ring_element self let impl__from_i16_array - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: t_Slice i16) = - let result:t_PolynomialRingElement v_Vector = impl__ZERO () in + let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -211,13 +239,10 @@ let impl__from_i16_array = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result.f_coefficients i - (Libcrux_traits.f_from_i16_array (a.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR <: usize + (Libcrux_ml_kem.Vector.Traits.f_from_i16_array #v_Vector + (a.[ { + Core.Ops.Range.f_start = i *! sz 16 <: usize; + Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! sz 16 <: usize } <: Core.Ops.Range.t_Range usize ] @@ -234,16 +259,17 @@ let impl__from_i16_array result let impl__ntt_multiply - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = - let out:t_PolynomialRingElement v_Vector = impl__ZERO () in + let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -258,7 +284,8 @@ let impl__ntt_multiply = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients i - (Libcrux_traits.f_ntt_multiply (self.f_coefficients.[ i ] <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 @@ -287,15 +314,16 @@ let impl__ntt_multiply out let impl__poly_barrett_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = let self, hax_temp_output:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -310,7 +338,10 @@ let impl__poly_barrett_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize self.f_coefficients i - (Libcrux_traits.f_barrett_reduce (self.f_coefficients.[ i ] <: v_Vector) <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) + <: + v_Vector) <: t_Array v_Vector (sz 16) } @@ -320,15 +351,16 @@ let impl__poly_barrett_reduce self let impl__subtract_reduce - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) <: @@ -338,7 +370,8 @@ let impl__subtract_reduce let b:t_PolynomialRingElement v_Vector = b in let i:usize = i in let coefficient_normal_form:v_Vector = - Libcrux_traits.f_montgomery_multiply_by_constant (b.f_coefficients.[ i ] <: v_Vector) + Libcrux_ml_kem.Vector.Traits.f_montgomery_multiply_by_constant #v_Vector + (b.f_coefficients.[ i ] <: v_Vector) 1441s in let b:t_PolynomialRingElement v_Vector = @@ -348,9 +381,9 @@ let impl__subtract_reduce = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize b.f_coefficients i - (Libcrux_traits.f_barrett_reduce (Libcrux_traits.f_sub (self.f_coefficients.[ i ] - <: - v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_barrett_reduce #v_Vector + (Libcrux_ml_kem.Vector.Traits.f_sub #v_Vector + (self.f_coefficients.[ i ] <: v_Vector) coefficient_normal_form <: v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 3e4da8720..80bc1336c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -3,66 +3,56 @@ module Libcrux_ml_kem.Polynomial open Core open FStar.Mul -let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = - let list = - [ - (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; - 962s; (-1202s); (-1474s); 1468s; 573s; (-1325s); 264s; 383s; (-829s); 1458s; (-1602s); (-130s); - (-681s); 1017s; 732s; 608s; (-1542s); 411s; (-205s); (-1571s); 1223s; 652s; (-552s); 1015s; - (-1293s); 1491s; (-282s); (-1544s); 516s; (-8s); (-320s); (-666s); (-1618s); (-1162s); 126s; - 1469s; (-853s); (-90s); (-271s); 830s; 107s; (-1421s); (-247s); (-951s); (-398s); 961s; - (-1508s); (-725s); 448s; (-1065s); 677s; (-1275s); (-1103s); 430s; 555s; 843s; (-1251s); 871s; - 1550s; 105s; 422s; 587s; 177s; (-235s); (-291s); (-460s); 1574s; 1653s; (-246s); 778s; 1159s; - (-147s); (-777s); 1483s; (-602s); 1119s; (-1590s); 644s; (-872s); 349s; 418s; 329s; (-156s); - (-75s); 817s; 1097s; 603s; 610s; 1322s; (-1285s); (-1465s); 384s; (-1215s); (-136s); 1218s; - (-1335s); (-874s); 220s; (-1187s); (-1659s); (-1185s); (-1530s); (-1278s); 794s; (-1510s); - (-854s); (-870s); 478s; (-108s); (-308s); 996s; 991s; 958s; (-1460s); 1522s; 1628s - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); - Rust_primitives.Hax.array_of_list 128 list +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () -let v_VECTORS_IN_RING_ELEMENT: usize = - Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! - Libcrux_traits.v_FIELD_ELEMENTS_IN_VECTOR +let v_VECTORS_IN_RING_ELEMENT: usize = Rust_primitives.Hax.dropped_body -type t_PolynomialRingElement (v_Vector: Type) {| i1: Libcrux_traits.t_Operations v_Vector |} = { - f_coefficients:t_Array v_Vector (sz 16) -} +let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = Rust_primitives.Hax.dropped_body -val impl__ZERO: #v_Vector: Type -> {| i1: Libcrux_traits.t_Operations v_Vector |} -> Prims.unit +type t_PolynomialRingElement + (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { f_coefficients:t_Array v_Vector (sz 16) } + +val impl__ZERO: + #v_Vector: Type0 -> + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> + Prims.unit -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_message_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self message result: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__add_standard_error_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise /// sum of their constituent coefficients. val impl__add_to_ring_element - (#v_Vector: Type) + (#v_Vector: Type0) (v_K: usize) - {| i2: Libcrux_traits.t_Operations v_Vector |} + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__from_i16_array - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: t_Slice i16) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) @@ -87,19 +77,19 @@ val impl__from_i16_array /// The NIST FIPS 203 standard can be found at /// . val impl__ntt_multiply - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__poly_barrett_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val impl__subtract_reduce - (#v_Vector: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 7c18a83f4..5005f1d87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -3,19 +3,27 @@ module Libcrux_ml_kem.Sampling open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + let sample_from_uniform_distribution_next - (#v_Vector: Type) + (#v_Vector: Type0) (v_K v_N: usize) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -26,10 +34,9 @@ let sample_from_uniform_distribution_next temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_N /! sz 24 <: usize - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } <: Core.Ops.Range.t_Range usize) <: @@ -48,7 +55,8 @@ let sample_from_uniform_distribution_next bool then let tmp0, out1:(t_Slice i16 & usize) = - Libcrux_traits.f_rej_sample ((randomness.[ i ] <: t_Array u8 v_N).[ { + Libcrux_ml_kem.Vector.Traits.f_rej_sample #v_Vector + ((randomness.[ i ] <: t_Array u8 v_N).[ { Core.Ops.Range.f_start = r *! sz 24 <: usize; Core.Ops.Range.f_end = (r *! sz 24 <: usize) +! sz 24 <: usize } @@ -103,10 +111,9 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = v_K - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } <: Core.Ops.Range.t_Range usize) <: @@ -135,14 +142,20 @@ let sample_from_uniform_distribution_next (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) let sample_from_binomial_distribution_2_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact randomness (sz 4) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -164,7 +177,9 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy + (Core.Ops.Range.t_Range u32)) + (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) ({ Core.Ops.Range.f_start = 0ul; Core.Ops.Range.f_end = Core.Num.impl__u32__BITS @@ -196,18 +211,24 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 - ) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (Rust_primitives.unsize sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact randomness (sz 3) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -227,7 +248,9 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_step_by + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy + (Core.Ops.Range.t_Range i32)) + (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } <: Core.Ops.Range.t_Range i32) @@ -256,18 +279,20 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (Rust_primitives.unsize sampled_i16s <: t_Slice i16 - ) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (Rust_primitives.unsize sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = match cast (v_ETA <: usize) <: u32 with - | 2ul -> sample_from_binomial_distribution_2_ randomness - | 3ul -> sample_from_binomial_distribution_3_ randomness + | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness + | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -276,8 +301,10 @@ let sample_from_binomial_distribution let sample_from_xof (v_K: usize) - (#v_Vector #v_Hasher: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_traits.t_Operations v_Vector) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) @@ -289,14 +316,16 @@ let sample_from_xof let (out: t_Array (t_Array i16 (sz 272)) v_K):t_Array (t_Array i16 (sz 272)) v_K = Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K in - let xof_state:v_Hasher = Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb v_K seeds in + let xof_state:v_Hasher = + Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb #v_Hasher v_K seeds + in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks v_K xof_state + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks #v_Hasher v_K xof_state in let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 504)) v_K = out1 in let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next v_K (sz 504) randomness sampled_coefficients out + sample_from_uniform_distribution_next #v_Vector v_K (sz 504) randomness sampled_coefficients out in let sampled_coefficients:t_Array usize v_K = tmp0 in let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in @@ -321,12 +350,17 @@ let sample_from_xof temp_0_ in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block v_K xof_state + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block #v_Hasher v_K xof_state in let xof_state:v_Hasher = tmp0 in let randomness:t_Array (t_Array u8 (sz 168)) v_K = out1 in let tmp0, tmp1, out1:(t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) = - sample_from_uniform_distribution_next v_K (sz 168) randomness sampled_coefficients out + sample_from_uniform_distribution_next #v_Vector + v_K + (sz 168) + randomness + sampled_coefficients + out in let sampled_coefficients:t_Array usize v_K = tmp0 in let out:t_Array (t_Array i16 (sz 272)) v_K = tmp1 in @@ -335,14 +369,14 @@ let sample_from_xof <: (bool & t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K & v_Hasher)) in - Core.Array.impl_23__map v_K + Core.Array.impl_23__map #(t_Array i16 (sz 272)) + v_K + #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) out (fun s -> let s:t_Array i16 (sz 272) = s in - Libcrux_ml_kem.Polynomial.impl__from_i16_array (s.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 256 - } + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } <: Core.Ops.Range.t_Range usize ] <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index 52b52d986..2f9d5a51d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Sampling open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Vector.Traits in + () + /// If `bytes` contains a set of uniformly random bytes, this function /// uniformly samples a ring element `â` that is treated as being the NTT representation /// of the corresponding polynomial `a`. @@ -37,9 +44,9 @@ open FStar.Mul /// The NIST FIPS 203 standard can be found at /// . val sample_from_uniform_distribution_next - (#v_Vector: Type) + (#v_Vector: Type0) (v_K v_N: usize) - {| i1: Libcrux_traits.t_Operations v_Vector |} + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Array (t_Array u8 v_N) v_K) (sampled_coefficients: t_Array usize v_K) (out: t_Array (t_Array i16 (sz 272)) v_K) @@ -47,6 +54,15 @@ val sample_from_uniform_distribution_next Prims.l_True (fun _ -> Prims.l_True) +val sample_from_binomial_distribution + (v_ETA: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (randomness: t_Slice u8) + : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + /// Given a series of uniformly random bytes in `randomness`, for some number `eta`, /// the `sample_from_binomial_distribution_{eta}` functions sample /// a ring element from a binomial distribution centered at 0 that uses two sets @@ -86,34 +102,25 @@ val sample_from_uniform_distribution_next /// The NIST FIPS 203 standard can be found at /// . val sample_from_binomial_distribution_2_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len randomness <: usize) =. (sz 2 *! sz 64 <: usize)) + (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 2 *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_binomial_distribution_3_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires (Core.Slice.impl__len randomness <: usize) =. (sz 3 *! sz 64 <: usize)) - (fun _ -> Prims.l_True) - -val sample_from_binomial_distribution - (v_ETA: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (randomness: t_Slice u8) - : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires (Core.Slice.impl__len #u8 randomness <: usize) =. (sz 3 *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_xof (v_K: usize) - (#v_Vector #v_Hasher: Type) - {| i2: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (seeds: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 916404d64..7f311ebd3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -3,15 +3,25 @@ module Libcrux_ml_kem.Serialize open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + let compress_then_serialize_10_ (v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -24,15 +34,16 @@ let compress_then_serialize_10_ let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 10l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 10l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 20) = Libcrux_traits.f_serialize_10_ coefficient in + let bytes:t_Array u8 (sz 20) = + Libcrux_ml_kem.Vector.Traits.f_serialize_10_ #v_Vector coefficient + in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -41,7 +52,8 @@ let compress_then_serialize_10_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 20 *! i <: usize; Core.Ops.Range.f_end = (sz 20 *! i <: usize) +! sz 20 <: usize } @@ -59,13 +71,17 @@ let compress_then_serialize_10_ let compress_then_serialize_11_ (v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -78,15 +94,16 @@ let compress_then_serialize_11_ let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 11l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 11l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 22) = Libcrux_traits.f_serialize_11_ coefficient in + let bytes:t_Array u8 (sz 22) = + Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #v_Vector coefficient + in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -95,7 +112,8 @@ let compress_then_serialize_11_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 22 *! i <: usize; Core.Ops.Range.f_end = (sz 22 *! i <: usize) +! sz 22 <: usize } @@ -112,13 +130,17 @@ let compress_then_serialize_11_ serialized let compress_then_serialize_4_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = let serialized, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -131,15 +153,16 @@ let compress_then_serialize_4_ let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_compress 4l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 4l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 8) = Libcrux_traits.f_serialize_4_ coefficient in + let bytes:t_Array u8 (sz 8) = + Libcrux_ml_kem.Vector.Traits.f_serialize_4_ #v_Vector coefficient + in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -148,7 +171,8 @@ let compress_then_serialize_4_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 8 *! i <: usize; Core.Ops.Range.f_end = (sz 8 *! i <: usize) +! sz 8 <: usize } @@ -165,13 +189,17 @@ let compress_then_serialize_4_ serialized let compress_then_serialize_5_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = let serialized, hax_temp_output:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -184,15 +212,16 @@ let compress_then_serialize_5_ let serialized:t_Slice u8 = serialized in let i:usize = i in let coefficients:v_Vector = - Libcrux_traits.f_compress 5l - (Libcrux_traits.f_to_unsigned_representative (re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector + 5l + (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) in - let bytes:t_Array u8 (sz 10) = Libcrux_traits.f_serialize_5_ coefficients in + let bytes:t_Array u8 (sz 10) = + Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #v_Vector coefficients + in let serialized:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -201,7 +230,8 @@ let compress_then_serialize_5_ } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 10 *! i <: usize; Core.Ops.Range.f_end = (sz 10 *! i <: usize) +! sz 10 <: usize } @@ -218,16 +248,17 @@ let compress_then_serialize_5_ serialized let compress_then_serialize_message - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -237,13 +268,15 @@ let compress_then_serialize_message let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_to_unsigned_representative (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) + in + let coefficient_compressed:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_compress_1_ #v_Vector coefficient + in + let bytes:t_Array u8 (sz 2) = + Libcrux_ml_kem.Vector.Traits.f_serialize_1_ #v_Vector coefficient_compressed in - let coefficient_compressed:v_Vector = Libcrux_traits.f_compress_1_ coefficient in - let bytes:t_Array u8 (sz 2) = Libcrux_traits.f_serialize_1_ coefficient_compressed in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -252,7 +285,8 @@ let compress_then_serialize_message } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 2 *! i <: usize; Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize } @@ -270,13 +304,15 @@ let compress_then_serialize_message let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> compress_then_serialize_10_ v_OUT_LEN re - | 11ul -> compress_then_serialize_11_ v_OUT_LEN re + | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re + | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -285,15 +321,17 @@ let compress_then_serialize_ring_element_u let compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) = let out, hax_temp_output:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> compress_then_serialize_4_ re out, () <: (t_Slice u8 & Prims.unit) - | 5ul -> compress_then_serialize_5_ re out, () <: (t_Slice u8 & Prims.unit) + | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) + | 5ul -> compress_then_serialize_5_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) | _ -> out, Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -306,16 +344,22 @@ let compress_then_serialize_ring_element_v out let deserialize_then_decompress_10_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 20) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -324,7 +368,9 @@ let deserialize_then_decompress_10_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_10_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -333,7 +379,11 @@ let deserialize_then_decompress_10_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 10l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 10l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -343,16 +393,22 @@ let deserialize_then_decompress_10_ re let deserialize_then_decompress_11_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 22) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -361,7 +417,9 @@ let deserialize_then_decompress_11_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_11_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -370,7 +428,11 @@ let deserialize_then_decompress_11_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 11l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 11l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -380,16 +442,22 @@ let deserialize_then_decompress_11_ re let deserialize_then_decompress_4_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 8) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -398,7 +466,9 @@ let deserialize_then_decompress_4_ (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_4_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -407,7 +477,11 @@ let deserialize_then_decompress_4_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 4l coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 4l + coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -417,16 +491,22 @@ let deserialize_then_decompress_4_ re let deserialize_then_decompress_5_ - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 10) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -443,7 +523,7 @@ let deserialize_then_decompress_5_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_deserialize_5_ bytes <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_deserialize_5_ #v_Vector bytes <: v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -456,7 +536,8 @@ let deserialize_then_decompress_5_ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_ciphertext_coefficient 5l + (Libcrux_ml_kem.Vector.Traits.f_decompress_ciphertext_coefficient #v_Vector + 5l (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -469,18 +550,19 @@ let deserialize_then_decompress_5_ re let deserialize_then_decompress_message - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Array u8 (sz 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 16 - } + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } <: Core.Ops.Range.t_Range usize) <: @@ -490,7 +572,8 @@ let deserialize_then_decompress_message let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i:usize = i in let coefficient_compressed:v_Vector = - Libcrux_traits.f_deserialize_1_ (serialized.[ { + Libcrux_ml_kem.Vector.Traits.f_deserialize_1_ #v_Vector + (serialized.[ { Core.Ops.Range.f_start = sz 2 *! i <: usize; Core.Ops.Range.f_end = (sz 2 *! i <: usize) +! sz 2 <: usize } @@ -507,7 +590,9 @@ let deserialize_then_decompress_message Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_decompress_1_ coefficient_compressed <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.decompress_1_ #v_Vector coefficient_compressed + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -518,13 +603,15 @@ let deserialize_then_decompress_message let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 10ul -> deserialize_then_decompress_10_ serialized - | 11ul -> deserialize_then_decompress_11_ serialized + | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized + | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -533,13 +620,15 @@ let deserialize_then_decompress_ring_element_u let deserialize_then_decompress_ring_element_v (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with - | 4ul -> deserialize_then_decompress_4_ serialized - | 5ul -> deserialize_then_decompress_5_ serialized + | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized + | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized | _ -> Rust_primitives.Hax.never_to_any (Core.Panicking.panic "internal error: entered unreachable code" @@ -547,16 +636,22 @@ let deserialize_then_decompress_ring_element_v Rust_primitives.Hax.t_Never) let deserialize_to_reduced_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -565,7 +660,9 @@ let deserialize_to_reduced_ring_element (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let i, bytes:(usize & t_Slice u8) = temp_1_ in - let coefficient:v_Vector = Libcrux_traits.f_deserialize_12_ bytes in + let coefficient:v_Vector = + Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector bytes + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -574,7 +671,9 @@ let deserialize_to_reduced_ring_element Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_cond_subtract_3329_ coefficient <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_cond_subtract_3329_ #v_Vector coefficient + <: + v_Vector) } <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector @@ -585,21 +684,27 @@ let deserialize_to_reduced_ring_element let deserialize_ring_elements_reduced (v_PUBLIC_KEY_SIZE v_K: usize) - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Slice u8) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn v_K + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact public_key + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 + public_key Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: Core.Slice.Iter.t_ChunksExact u8) @@ -616,7 +721,7 @@ let deserialize_ring_elements_reduced let i, ring_element:(usize & t_Slice u8) = temp_1_ in Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk i - (deserialize_to_reduced_ring_element ring_element + (deserialize_to_reduced_ring_element #v_Vector ring_element <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -625,16 +730,22 @@ let deserialize_ring_elements_reduced deserialized_pk let deserialize_to_uncompressed_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO () + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter (Core.Iter.Traits.Iterator.f_enumerate - (Core.Slice.impl__chunks_exact serialized (sz 24) <: Core.Slice.Iter.t_ChunksExact u8) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate + (Core.Slice.Iter.t_ChunksExact u8)) + (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) + (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) + <: + Core.Slice.Iter.t_ChunksExact u8) <: Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) <: @@ -650,7 +761,7 @@ let deserialize_to_uncompressed_ring_element Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re .Libcrux_ml_kem.Polynomial.f_coefficients i - (Libcrux_traits.f_deserialize_12_ bytes <: v_Vector) + (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector bytes <: v_Vector) <: t_Array v_Vector (sz 16) } @@ -660,13 +771,17 @@ let deserialize_to_uncompressed_ring_element re let serialize_uncompressed_ring_element - (#v_Vector: Type) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_traits.t_Operations v_Vector) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter ({ + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT } @@ -679,12 +794,12 @@ let serialize_uncompressed_ring_element let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in let coefficient:v_Vector = - Libcrux_traits.f_to_unsigned_representative (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ - i ] - <: - v_Vector) + Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) + in + let bytes:t_Array u8 (sz 24) = + Libcrux_ml_kem.Vector.Traits.f_serialize_12_ #v_Vector coefficient in - let bytes:t_Array u8 (sz 24) = Libcrux_traits.f_serialize_12_ coefficient in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ @@ -693,7 +808,8 @@ let serialize_uncompressed_ring_element } <: Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice (serialized.[ { + (Core.Slice.impl__copy_from_slice #u8 + (serialized.[ { Core.Ops.Range.f_start = sz 24 *! i <: usize; Core.Ops.Range.f_end = (sz 24 *! i <: usize) +! sz 24 <: usize } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index aa98844c8..b7aa994d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -3,90 +3,108 @@ module Libcrux_ml_kem.Serialize open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + val compress_then_serialize_10_ (v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_4_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_5_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_message - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +/// This function deserializes ring elements and reduces the result by the field +/// modulus. +/// This function MUST NOT be used on secret inputs. +val deserialize_ring_elements_reduced + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: t_Slice u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + val deserialize_then_decompress_10_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_4_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val deserialize_then_decompress_message - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -94,8 +112,8 @@ val deserialize_then_decompress_message val deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -103,8 +121,8 @@ val deserialize_then_decompress_ring_element_u val deserialize_then_decompress_ring_element_v (v_COMPRESSION_FACTOR: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True @@ -113,35 +131,23 @@ val deserialize_then_decompress_ring_element_v /// Only use with public values. /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. val deserialize_to_reduced_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -/// This function deserializes ring elements and reduces the result by the field -/// modulus. -/// This function MUST NOT be used on secret inputs. -val deserialize_ring_elements_reduced - (v_PUBLIC_KEY_SIZE v_K: usize) - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} - (public_key: t_Slice u8) - : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True - (fun _ -> Prims.l_True) - val deserialize_to_uncompressed_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) val serialize_uncompressed_ring_element - (#v_Vector: Type) - {| i1: Libcrux_traits.t_Operations v_Vector |} + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti new file mode 100644 index 000000000..2ff16f73c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Index_impls.fsti @@ -0,0 +1,679 @@ +module Libcrux_ml_kem.Types.Index_impls +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_4 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_5 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_6 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_7 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemCiphertext v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_8 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_9 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_10 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_11 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_12 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_13 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_14 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_15 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_16 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) usize = + { + f_Output = u8; + f_index_pre = (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) -> true); + f_index_post + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) (out: u8) -> true); + f_index + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (index: usize) -> + self.Libcrux_ml_kem.Types.f_value.[ index ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_17 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) usize = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (range: usize) -> true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) (range: usize) -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut int = {\n &mut (deref({\n &mut (deref(\n &mut (core::ops::index::Index::index(\n proj_libcrux_ml_kem::types::f_value(self),\n range,\n )),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_18 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_19 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_Range usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_Range usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_Range,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_20 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_21 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeTo usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeTo usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeTo,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_22 (v_SIZE: usize) + : Core.Ops.Index.t_Index (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + f_Output = t_Slice u8; + f_index_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: t_Slice u8) + -> + true); + f_index + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + self.Libcrux_ml_kem.Types.f_value.[ range ] + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_23 (v_SIZE: usize) + : Core.Ops.Index.t_IndexMut (Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (Core.Ops.Range.t_RangeFrom usize) = + { + _super_1797189408337550814 = FStar.Tactics.Typeclasses.solve; + f_index_mut_pre + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + true); + f_index_mut_post + = + (fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + (out: Rust_primitives.Hax.t_failure) + -> + true); + f_index_mut + = + fun + (self: Libcrux_ml_kem.Types.t_MlKemPublicKey v_SIZE) + (range: Core.Ops.Range.t_RangeFrom usize) + -> + Rust_primitives.Hax.failure "(RefMut) The mutation of this &mut is not allowed here.\n" + "{\n let hax_temp_output: &mut [int] = {\n &mut (deref({\n &mut (deref(\n &mut (deref(core::ops::index::f_index_mut::<\n [int; SIZE],\n core::ops::range::t_RangeFrom,\n >(\n &mut (proj_libcrux_ml_kem::types::f_value(self)), range\n ))),\n ))\n }))\n };\n Tuple2(self, hax_temp_output)\n }" + + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 2520d935c..8ef0918fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -5,19 +5,10 @@ open FStar.Mul let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) = - Core.Slice.impl__split_at (Rust_primitives.unsize self.f_value <: t_Slice u8) mid - let impl__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) @@ -29,7 +20,14 @@ let impl__new (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) = - { f_sk = Core.Convert.f_into sk; f_pk = Core.Convert.f_into pk } + { + f_sk + = + Core.Convert.f_into #(t_Array u8 v_PRIVATE_KEY_SIZE) #(t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) sk; + f_pk + = + Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) #(t_MlKemPublicKey v_PUBLIC_KEY_SIZE) pk + } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index e53c97941..9cdbe7435 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -30,7 +30,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemCiphertext v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemCiphertext v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -45,10 +45,6 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_6__split_at (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -76,7 +72,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemPrivateKey v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemPrivateKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -91,10 +87,6 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_12__split_at (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -122,7 +114,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A f_from = fun (value: t_Array u8 v_SIZE) -> - { f_value = Core.Clone.f_clone value } <: t_MlKemPublicKey v_SIZE + { f_value = Core.Clone.f_clone #(t_Array u8 v_SIZE) value } <: t_MlKemPublicKey v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -137,10 +129,6 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) -/// Split this value and return the raw byte slices. -val impl_18__split_at (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) (mid: usize) - : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) - [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { @@ -156,7 +144,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemCiphertext v_SIZE) <: @@ -182,7 +170,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPrivateKey v_SIZE) <: @@ -208,7 +196,7 @@ let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) ( f_try_from = fun (value: t_Slice u8) -> - match Core.Convert.f_try_into value with + match Core.Convert.f_try_into #(t_Slice u8) #(t_Array u8 v_SIZE) value with | Core.Result.Result_Ok value -> Core.Result.Result_Ok ({ f_value = value } <: t_MlKemPublicKey v_SIZE) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst new file mode 100644 index 000000000..dcd78722e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -0,0 +1,42 @@ +module Libcrux_ml_kem.Utils +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = + let _:Prims.unit = + if true + then + let _:Prims.unit = + if ~.((Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN <: bool) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: slice.len() <= LEN" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + let out:t_Array u8 v_LEN = Rust_primitives.Hax.repeat 0uy v_LEN in + let out:t_Array u8 v_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Core.Slice.impl__len #u8 slice <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + slice + <: + t_Slice u8) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti new file mode 100644 index 000000000..4a1043b8e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -0,0 +1,8 @@ +module Libcrux_ml_kem.Utils +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Pad the `slice` with `0`s at the end. +val into_padded_array (v_LEN: usize) (slice: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst new file mode 100644 index 000000000..98b81af64 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -0,0 +1,150 @@ +module Libcrux_ml_kem.Vector.Avx2.Arithmetic +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let add (lhs rhs: Core.Core_arch.X86.t____m256i) = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let bitwise_and_with_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + Libcrux_intrinsics.Avx2.mm256_and_si256 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant <: Core.Core_arch.X86.t____m256i) + +let multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant <: Core.Core_arch.X86.t____m256i) + +let shift_right (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) = + Libcrux_intrinsics.Avx2.mm256_srai_epi16 v_SHIFT_BY vector + +let sub (lhs rhs: Core.Core_arch.X86.t____m256i) = Libcrux_intrinsics.Avx2.mm256_sub_epi16 lhs rhs + +let barrett_reduce (vector: Core.Core_arch.X86.t____m256i) = + let t:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 v_BARRETT_MULTIPLIER + <: + Core.Core_arch.X86.t____m256i) + in + let t:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_add_epi16 t + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 512s <: Core.Core_arch.X86.t____m256i) + in + let quotient:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_srai_epi16 10l t in + let quotient_times_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 quotient + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 vector quotient_times_field_modulus + +let cond_subtract_3329_ (vector: Core.Core_arch.X86.t____m256i) = + let field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let vv_minus_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_sub_epi16 vector field_modulus + in + let sign_mask:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_srai_epi16 15l vv_minus_field_modulus + in + let conditional_add_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_and_si256 sign_mask field_modulus + in + Libcrux_intrinsics.Avx2.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus + +let montgomery_multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) = + let constant:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_set1_epi16 constant in + let value_low:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 vector constant + in + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 vector constant + in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_multiply_by_constants (v c: Core.Core_arch.X86.t____m256i) = + let value_low:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mullo_epi16 v c in + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 v c in + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + +let montgomery_multiply_m128i_by_constants (v c: Core.Core_arch.X86.t____m128i) = + let value_low:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm_mullo_epi16 v c in + let k:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_mullo_epi16 value_low + (Libcrux_intrinsics.Avx2.mm_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i16) + <: + Core.Core_arch.X86.t____m128i) + in + let k_times_modulus:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + Core.Core_arch.X86.t____m128i) + in + let value_high:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm_mulhi_epi16 v c in + Libcrux_intrinsics.Avx2.mm_sub_epi16 value_high k_times_modulus + +let montgomery_reduce_i32s (v: Core.Core_arch.X86.t____m256i) = + let k:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 v + (Libcrux_intrinsics.Avx2.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R + <: + u32) + <: + i32) + <: + Core.Core_arch.X86.t____m256i) + in + let k_times_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mulhi_epi16 k + (Libcrux_intrinsics.Avx2.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + i16) + <: + i32) + <: + Core.Core_arch.X86.t____m256i) + in + let value_high:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_srli_epi32 16l v in + let result:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_sub_epi16 value_high k_times_modulus + in + let result:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_slli_epi32 16l result in + Libcrux_intrinsics.Avx2.mm256_srai_epi32 16l result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti new file mode 100644 index 000000000..b808a037f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -0,0 +1,41 @@ +module Libcrux_ml_kem.Vector.Avx2.Arithmetic +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_BARRETT_MULTIPLIER: i16 = Rust_primitives.Hax.dropped_body + +val add (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +/// See Section 3.2 of the implementation notes document for an explanation +/// of this code. +val barrett_reduce (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val bitwise_and_with_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val cond_subtract_3329_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constants (v c: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_m128i_by_constants (v c: Core.Core_arch.X86.t____m128i) + : Prims.Pure Core.Core_arch.X86.t____m128i Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_reduce_i32s (v: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val multiply_by_constant (vector: Core.Core_arch.X86.t____m256i) (constant: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val shift_right (v_SHIFT_BY: i32) (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val sub (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst new file mode 100644 index 000000000..4f3a8bf4c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -0,0 +1,178 @@ +module Libcrux_ml_kem.Vector.Avx2.Compress +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let mulhi_mm256_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) = + let prod02:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_mul_epu32 lhs rhs in + let prod13:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mul_epu32 (Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l lhs + <: + Core.Core_arch.X86.t____m256i) + (Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l rhs <: Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_unpackhi_epi64 (Libcrux_intrinsics.Avx2.mm256_unpacklo_epi32 prod02 + prod13 + <: + Core.Core_arch.X86.t____m256i) + (Libcrux_intrinsics.Avx2.mm256_unpackhi_epi32 prod02 prod13 <: Core.Core_arch.X86.t____m256i) + +let compress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Core.Core_arch.X86.t____m256i) + = + let field_modulus_halved:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 (((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + <: + i16) + <: + i32) -! + 1l + <: + i32) /! + 2l + <: + i32) + in + let compression_factor:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 10321340l + in + let coefficient_bits_mask:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi32 ((1l < Prims.l_True) + +val compress_message_coefficient (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val mulhi_mm256_epi32 (lhs rhs: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst new file mode 100644 index 000000000..e91e3563f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -0,0 +1,211 @@ +module Libcrux_ml_kem.Vector.Avx2.Ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let inv_ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l vector in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 160l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s + (-1s) (-1s) 1s 1s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs in + let sum_times_zetas:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_intrinsics.Avx2.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 0s 0s zeta1 zeta1 0s 0s + zeta0 zeta0 0s 0s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce sum + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 204l sum sum_times_zetas + +let inv_ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) = + let lhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 245l vector + in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 160l vector + in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi16 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s (-1s) (-1s) (-1s) + (-1s) 1s 1s 1s 1s + <: + Core.Core_arch.X86.t____m256i) + in + let sum:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs in + let sum_times_zetas:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum + (Libcrux_intrinsics.Avx2.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s 0s 0s zeta0 zeta0 zeta0 + zeta0 0s 0s 0s 0s + <: + Core.Core_arch.X86.t____m256i) + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 240l sum sum_times_zetas + +let inv_ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) = + let lhs:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l vector + in + let rhs:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm256_castsi256_si128 vector in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_add_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_sub_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients + (Libcrux_intrinsics.Avx2.mm_set1_epi16 zeta <: Core.Core_arch.X86.t____m128i) + in + let combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_castsi128_si256 lower_coefficients + in + Libcrux_intrinsics.Avx2.mm256_inserti128_si256 1l combined upper_coefficients + +let ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let zetas:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 <: i16) + (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) + (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 + in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 245l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 160l vector in + Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) = + let zetas:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 + zeta0 + in + let rhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 238l vector in + let rhs:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Core.Core_arch.X86.t____m256i = Libcrux_intrinsics.Avx2.mm256_shuffle_epi32 68l vector in + Libcrux_intrinsics.Avx2.mm256_add_epi16 lhs rhs + +let ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) = + let rhs:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l vector + in + let rhs:Core.Core_arch.X86.t____m128i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs + (Libcrux_intrinsics.Avx2.mm_set1_epi16 zeta <: Core.Core_arch.X86.t____m128i) + in + let lhs:Core.Core_arch.X86.t____m128i = Libcrux_intrinsics.Avx2.mm256_castsi256_si128 vector in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_add_epi16 lhs rhs + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_sub_epi16 lhs rhs + in + let combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_castsi128_si256 lower_coefficients + in + Libcrux_intrinsics.Avx2.mm256_inserti128_si256 1l combined upper_coefficients + +let ntt_multiply (lhs rhs: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) = + let shuffle_with:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y 15y + 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y + in + let lhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 lhs shuffle_with + in + let lhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 216l lhs_shuffled + in + let lhs_evens:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 lhs_shuffled + in + let lhs_evens:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 lhs_evens + in + let lhs_odds:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l lhs_shuffled + in + let lhs_odds:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 lhs_odds + in + let rhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 rhs shuffle_with + in + let rhs_shuffled:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_permute4x64_epi64 216l rhs_shuffled + in + let rhs_evens:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 rhs_shuffled + in + let rhs_evens:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 rhs_evens + in + let rhs_odds:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l rhs_shuffled + in + let rhs_odds:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cvtepi16_epi32 rhs_odds + in + let left:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 lhs_evens rhs_evens + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 lhs_odds rhs_odds + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s right + in + let right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_mullo_epi32 right + (Libcrux_intrinsics.Avx2.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast (zeta3 <: i16) <: i32) + <: + i32) + (cast (zeta3 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) + (cast (zeta2 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) + (cast (zeta1 <: i16) <: i32) + (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) + (cast (zeta0 <: i16) <: i32) + <: + Core.Core_arch.X86.t____m256i) + in + let products_left:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_add_epi32 left right + in + let products_left:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_left + in + let rhs_adjacent_swapped:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_shuffle_epi8 rhs + (Libcrux_intrinsics.Avx2.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y + <: + Core.Core_arch.X86.t____m256i) + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_madd_epi16 lhs rhs_adjacent_swapped + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_right + in + let products_right:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_slli_epi32 16l products_right + in + Libcrux_intrinsics.Avx2.mm256_blend_epi16 170l products_left products_right diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti new file mode 100644 index 000000000..75b8e11b7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -0,0 +1,27 @@ +module Libcrux_ml_kem.Vector.Avx2.Ntt +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val inv_ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val inv_ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val inv_ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_1_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_2_step (vector: Core.Core_arch.X86.t____m256i) (zeta0 zeta1: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_layer_3_step (vector: Core.Core_arch.X86.t____m256i) (zeta: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val ntt_multiply (lhs rhs: Core.Core_arch.X86.t____m256i) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +let ntt_multiply__PERMUTE_WITH: i32 = Rust_primitives.Hax.dropped_body diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst similarity index 96% rename from polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst index 541e25541..0c920b70f 100644 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst @@ -1,17 +1,11 @@ -module Libcrux_polynomials_avx2.Portable +module Libcrux_ml_kem.Vector.Avx2.Portable #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -unfold -let t_FieldElement = i16 +let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -let from_i16_array (array: t_Array i16 (sz 16)) : t_PortableVector = - { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) : t_Array u8 (sz 22) = +let serialize_11_ (v: t_PortableVector) = let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in let result:t_Array u8 (sz 22) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result @@ -167,12 +161,12 @@ let serialize_11_ (v: t_PortableVector) : t_Array u8 (sz 22) = in result -let to_i16_array (v: t_PortableVector) : t_Array i16 (sz 16) = v.f_elements +let to_i16_array (v: t_PortableVector) = v.f_elements -let zero (_: Prims.unit) : t_PortableVector = +let zero (_: Prims.unit) = { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector -let deserialize_11_ (bytes: t_Slice u8) : t_PortableVector = +let deserialize_11_ (bytes: t_Slice u8) = let result:t_PortableVector = zero () in let result:t_PortableVector = { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti new file mode 100644 index 000000000..ec0c98177 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti @@ -0,0 +1,23 @@ +module Libcrux_ml_kem.Vector.Avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_FieldElement = i16 + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val from_i16_array (array: t_Array i16 (sz 16)) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (v: t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val to_i16_array (v: t_PortableVector) + : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + +val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst new file mode 100644 index 000000000..c8b83fae6 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -0,0 +1,78 @@ +module Libcrux_ml_kem.Vector.Avx2.Sampling +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = + let field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let potential_coefficients:Core.Core_arch.X86.t____m256i = + Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input + in + let compare_with_field_modulus:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_cmpgt_epi16 field_modulus potential_coefficients + in + let good:t_Array u8 (sz 2) = + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ compare_with_field_modulus + in + let lower_shuffles:t_Array u8 (sz 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] + <: + u8) + <: + usize ] + in + let lower_shuffles:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles <: t_Slice u8) + in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_castsi256_si128 potential_coefficients + in + let lower_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_shuffle_epi8 lower_coefficients lower_shuffles + in + let output:t_Slice i16 = Libcrux_intrinsics.Avx2.mm_storeu_si128 output lower_coefficients in + let sampled_count:usize = + cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize + in + let upper_shuffles:t_Array u8 (sz 16) = + Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] + <: + u8) + <: + usize ] + in + let upper_shuffles:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles <: t_Slice u8) + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm256_extracti128_si256 1l potential_coefficients + in + let upper_coefficients:Core.Core_arch.X86.t____m128i = + Libcrux_intrinsics.Avx2.mm_shuffle_epi8 upper_coefficients upper_shuffles + in + let output:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range output + ({ + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Libcrux_intrinsics.Avx2.mm_storeu_si128 (output.[ { + Core.Ops.Range.f_start = sampled_count; + Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + upper_coefficients + <: + t_Slice i16) + in + let hax_temp_output:usize = + sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) + in + output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti new file mode 100644 index 000000000..361ba6196 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -0,0 +1,7 @@ +module Libcrux_ml_kem.Vector.Avx2.Sampling +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val rejection_sample (input: t_Slice u8) (output: t_Slice i16) + : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst new file mode 100644 index 000000000..068b98360 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -0,0 +1,537 @@ +module Libcrux_ml_kem.Vector.Avx2.Serialize +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let deserialize_1_ (bytes: t_Slice u8) = + let coefficients:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) + (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) + (cast (bytes.[ sz 0 ] <: u8) <: i16) + in + let shift_lsb_to_msb:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) + in + serialized + +let serialize_10_ (vector: Core.Core_arch.X86.t____m256i) = + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let adjacent_2_combined:Core.Core_arch.X86.t____m256i = + Libcrux_intrinsics.Avx2.mm256_madd_epi16 vector + (Libcrux_intrinsics.Avx2.mm256_set_epi16 (1s < Prims.l_True) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (vector: Core.Core_arch.X86.t____m256i) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst new file mode 100644 index 000000000..37cc8b8fd --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -0,0 +1,17 @@ +module Libcrux_ml_kem.Vector.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let from_i16_array (array: t_Slice i16) = + { f_elements = Libcrux_intrinsics.Avx2.mm256_loadu_si256_i16 array } <: t_SIMD256Vector + +let to_i16_array (v: t_SIMD256Vector) = + let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in + let output:t_Array i16 (sz 16) = + Libcrux_intrinsics.Avx2.mm256_storeu_si256_i16 output v.f_elements + in + output + +let zero (_: Prims.unit) = + { f_elements = Libcrux_intrinsics.Avx2.mm256_setzero_si256 () } <: t_SIMD256Vector diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti similarity index 70% rename from polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst rename to libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index c808ca3e2..7d65a411a 100644 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -1,47 +1,26 @@ -module Libcrux_polynomials_avx2 +module Libcrux_ml_kem.Vector.Avx2 #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -type t_SIMD256Vector = { f_elements:u8 } +type t_SIMD256Vector = { f_elements:Core.Core_arch.X86.t____m256i } -let from_i16_array (array: t_Slice i16) : t_SIMD256Vector = - { f_elements = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_loadu_si256 array } - <: - t_SIMD256Vector +val from_i16_array (array: t_Slice i16) + : Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) -let to_i16_array (v: t_SIMD256Vector) : t_Array i16 (sz 16) = - let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in - let output:t_Array i16 (sz 16) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_full output - (Core.Ops.Range.RangeFull <: Core.Ops.Range.t_RangeFull) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_storeu_si256 (output.[ Core.Ops.Range.RangeFull - <: - Core.Ops.Range.t_RangeFull ] - <: - t_Slice i16) - v.f_elements - <: - t_Slice i16) - in - output +val to_i16_array (v: t_SIMD256Vector) + : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) -let zero (_: Prims.unit) : t_SIMD256Vector = - { f_elements = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_setzero_si256 () } - <: - t_SIMD256Vector +val zero: Prims.unit -> Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_traits.t_Operations t_SIMD256Vector = +let impl: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { - _super_957087622381469234 = FStar.Tactics.Typeclasses.solve; - _super_2101570567305961368 = FStar.Tactics.Typeclasses.solve; + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); f_ZERO = (fun (_: Prims.unit) -> zero ()); - f_to_i16_array_pre = (fun (v: t_SIMD256Vector) -> true); - f_to_i16_array_post = (fun (v: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); - f_to_i16_array = (fun (v: t_SIMD256Vector) -> to_i16_array v); f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); @@ -50,7 +29,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_add = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.add lhs.f_elements rhs.f_elements } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); @@ -58,7 +37,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_sub = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); @@ -66,7 +45,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_multiply_by_constant = (fun (v: t_SIMD256Vector) (c: i16) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.multiply_by_constant v.f_elements c } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant v.f_elements c } <: t_SIMD256Vector); f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); @@ -79,7 +58,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant + Libcrux_ml_kem.Vector.Avx2.Arithmetic.bitwise_and_with_constant vector.f_elements constant } <: t_SIMD256Vector); @@ -91,26 +70,18 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> { - f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements + f_elements + = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.shift_right v_SHIFT_BY vector.f_elements } <: t_SIMD256Vector); - f_shift_left_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); - f_shift_left_post - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); - f_shift_left - = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.shift_left v_SHIFT_BY vector.f_elements } - <: - t_SIMD256Vector); f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } <: t_SIMD256Vector); f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); @@ -118,7 +89,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_barrett_reduce = (fun (vector: t_SIMD256Vector) -> - { f_elements = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce vector.f_elements } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce vector.f_elements } <: t_SIMD256Vector); f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); @@ -131,7 +102,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constant vector.f_elements constant } <: @@ -144,7 +115,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Compress.compress_message_coefficient vector.f_elements + Libcrux_ml_kem.Vector.Avx2.Compress.compress_message_coefficient vector.f_elements } <: t_SIMD256Vector); @@ -158,7 +129,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS + Libcrux_ml_kem.Vector.Avx2.Compress.compress_ciphertext_coefficient v_COEFFICIENT_BITS vector.f_elements } <: @@ -175,7 +146,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS + Libcrux_ml_kem.Vector.Avx2.Compress.decompress_ciphertext_coefficient v_COEFFICIENT_BITS vector.f_elements } <: @@ -200,7 +171,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 + Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 zeta3 } <: t_SIMD256Vector); @@ -211,7 +182,9 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } + { + f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 + } <: t_SIMD256Vector); f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); @@ -221,7 +194,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); f_inv_ntt_layer_1_step_pre @@ -244,7 +217,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_1_step vector.f_elements + Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_1_step vector.f_elements zeta0 zeta1 zeta2 @@ -262,7 +235,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 + Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_2_step vector.f_elements zeta0 zeta1 } <: t_SIMD256Vector); @@ -273,7 +246,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> - { f_elements = Libcrux_polynomials_avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } + { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); f_ntt_multiply_pre @@ -312,7 +285,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = { f_elements = - Libcrux_polynomials_avx2.Ntt.ntt_multiply lhs.f_elements + Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_multiply lhs.f_elements rhs.f_elements zeta0 zeta1 @@ -326,76 +299,85 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_1_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_1_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } + <: + t_SIMD256Vector); f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_4_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } + <: + t_SIMD256Vector); f_serialize_5_pre = (fun (vector: t_SIMD256Vector) -> true); f_serialize_5_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 10)) -> true); f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_5_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } + <: + t_SIMD256Vector); f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_10_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector - ); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } + <: + t_SIMD256Vector); f_serialize_11_pre = (fun (vector: t_SIMD256Vector) -> true); f_serialize_11_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 22)) -> true); f_serialize_11_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_11_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector - ); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } + <: + t_SIMD256Vector); f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> - Libcrux_polynomials_avx2.Serialize.serialize_12_ vector.f_elements); + Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_12_ = (fun (bytes: t_Slice u8) -> - { f_elements = Libcrux_polynomials_avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector - ); + { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } + <: + t_SIMD256Vector); f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); f_rej_sample_post = @@ -404,7 +386,7 @@ let impl: Libcrux_traits.t_Operations t_SIMD256Vector = = fun (input: t_Slice u8) (output: t_Slice i16) -> let tmp0, out:(t_Slice i16 & usize) = - Libcrux_polynomials_avx2.Sampling.rejection_sample input output + Libcrux_ml_kem.Vector.Avx2.Sampling.rejection_sample input output in let output:t_Slice i16 = tmp0 in let hax_temp_output:usize = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti new file mode 100644 index 000000000..931341051 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -0,0 +1,6 @@ +module Libcrux_ml_kem.Vector.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti new file mode 100644 index 000000000..fbf536a4b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -0,0 +1,7 @@ +module Libcrux_ml_kem.Vector.Rej_sample_table +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = + Rust_primitives.Hax.dropped_body diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst new file mode 100644 index 000000000..97eee7c1d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -0,0 +1,32 @@ +module Libcrux_ml_kem.Vector.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let decompress_1_ + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + = f_bitwise_and_with_constant #v_T (f_sub #v_T (f_ZERO #v_T () <: v_T) v <: v_T) 1665s + +let montgomery_multiply_fe + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + (fer: i16) + = f_montgomery_multiply_by_constant #v_T v fer + +let to_standard_domain + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (v: v_T) + = f_montgomery_multiply_by_constant #v_T v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS + +let to_unsigned_representative + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) + (a: v_T) + = + let t:v_T = f_shift_right #v_T 15l a in + let fm:v_T = f_bitwise_and_with_constant #v_T t v_FIELD_MODULUS in + f_add #v_T a fm diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti new file mode 100644 index 000000000..5c09d7209 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -0,0 +1,202 @@ +module Libcrux_ml_kem.Vector.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +class t_Operations (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + f_ZERO_pre:Prims.unit -> bool; + f_ZERO_post:Prims.unit -> v_Self -> bool; + f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); + f_from_i16_array_pre:t_Slice i16 -> bool; + f_from_i16_array_post:t_Slice i16 -> v_Self -> bool; + f_from_i16_array:x0: t_Slice i16 + -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); + f_add_pre:v_Self -> v_Self -> bool; + f_add_post:v_Self -> v_Self -> v_Self -> bool; + f_add:x0: v_Self -> x1: v_Self + -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); + f_sub_pre:v_Self -> v_Self -> bool; + f_sub_post:v_Self -> v_Self -> v_Self -> bool; + f_sub:x0: v_Self -> x1: v_Self + -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); + f_multiply_by_constant_pre:v_Self -> i16 -> bool; + f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_multiply_by_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_multiply_by_constant_pre x0 x1) + (fun result -> f_multiply_by_constant_post x0 x1 result); + f_bitwise_and_with_constant_pre:v_Self -> i16 -> bool; + f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> bool; + f_bitwise_and_with_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_bitwise_and_with_constant_pre x0 x1) + (fun result -> f_bitwise_and_with_constant_post x0 x1 result); + f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> bool; + f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> bool; + f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_shift_right_pre v_SHIFT_BY x0) + (fun result -> f_shift_right_post v_SHIFT_BY x0 result); + f_cond_subtract_3329_pre:v_Self -> bool; + f_cond_subtract_3329_post:v_Self -> v_Self -> bool; + f_cond_subtract_3329_:x0: v_Self + -> Prims.Pure v_Self + (f_cond_subtract_3329_pre x0) + (fun result -> f_cond_subtract_3329_post x0 result); + f_barrett_reduce_pre:v_Self -> bool; + f_barrett_reduce_post:v_Self -> v_Self -> bool; + f_barrett_reduce:x0: v_Self + -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); + f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> bool; + f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_montgomery_multiply_by_constant_pre x0 x1) + (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); + f_compress_1_pre:v_Self -> bool; + f_compress_1_post:v_Self -> v_Self -> bool; + f_compress_1_:x0: v_Self + -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; + f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_compress_pre v_COEFFICIENT_BITS x0) + (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; + f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self + -> Prims.Pure v_Self + (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) + (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); + f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 + -> Prims.Pure v_Self + (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) + (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); + f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; + f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 + -> Prims.Pure v_Self + (f_ntt_layer_2_step_pre x0 x1 x2) + (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); + f_ntt_layer_3_step_pre:v_Self -> i16 -> bool; + f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_ntt_layer_3_step:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_ntt_layer_3_step_pre x0 x1) + (fun result -> f_ntt_layer_3_step_post x0 x1 result); + f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) + (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); + f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; + f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_2_step_pre x0 x1 x2) + (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); + f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> bool; + f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 + -> Prims.Pure v_Self + (f_inv_ntt_layer_3_step_pre x0 x1) + (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); + f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> bool; + f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 + -> Prims.Pure v_Self + (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) + (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); + f_serialize_1_pre:v_Self -> bool; + f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> bool; + f_serialize_1_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 2)) + (f_serialize_1_pre x0) + (fun result -> f_serialize_1_post x0 result); + f_deserialize_1_pre:t_Slice u8 -> bool; + f_deserialize_1_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_1_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); + f_serialize_4_pre:v_Self -> bool; + f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> bool; + f_serialize_4_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 8)) + (f_serialize_4_pre x0) + (fun result -> f_serialize_4_post x0 result); + f_deserialize_4_pre:t_Slice u8 -> bool; + f_deserialize_4_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_4_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); + f_serialize_5_pre:v_Self -> bool; + f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> bool; + f_serialize_5_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 10)) + (f_serialize_5_pre x0) + (fun result -> f_serialize_5_post x0 result); + f_deserialize_5_pre:t_Slice u8 -> bool; + f_deserialize_5_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_5_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); + f_serialize_10_pre:v_Self -> bool; + f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> bool; + f_serialize_10_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 20)) + (f_serialize_10_pre x0) + (fun result -> f_serialize_10_post x0 result); + f_deserialize_10_pre:t_Slice u8 -> bool; + f_deserialize_10_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_10_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); + f_serialize_11_pre:v_Self -> bool; + f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> bool; + f_serialize_11_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 22)) + (f_serialize_11_pre x0) + (fun result -> f_serialize_11_post x0 result); + f_deserialize_11_pre:t_Slice u8 -> bool; + f_deserialize_11_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_11_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); + f_serialize_12_pre:v_Self -> bool; + f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> bool; + f_serialize_12_:x0: v_Self + -> Prims.Pure (t_Array u8 (sz 24)) + (f_serialize_12_pre x0) + (fun result -> f_serialize_12_post x0 result); + f_deserialize_12_pre:t_Slice u8 -> bool; + f_deserialize_12_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_12_:x0: t_Slice u8 + -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); + f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> bool; + f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> bool; + f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 + -> Prims.Pure (t_Slice i16 & usize) + (f_rej_sample_pre x0 x1) + (fun result -> f_rej_sample_post x0 x1 result) +} + +let v_FIELD_ELEMENTS_IN_VECTOR: usize = Rust_primitives.Hax.dropped_body + +let v_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body + +let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = Rust_primitives.Hax.dropped_body + +val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + +val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) + : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst new file mode 100644 index 000000000..c80c01c5c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fst @@ -0,0 +1,4871 @@ +module Libcrux_ml_kem.Vector +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + () + +let barrett_reduce_element (value: i16) = + let t:i32 = + ((Core.Convert.f_from #i32 #i16 value <: i32) *! v_BARRETT_MULTIPLIER <: i32) +! + (v_BARRETT_R >>! 1l <: i32) + in + let quotient:i16 = cast (t >>! v_BARRETT_SHIFT <: i32) <: i16 in + value -! (quotient *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) + +let compress_message_coefficient (fe: u16) = + let (shifted: i16):i16 = 1664s -! (cast (fe <: u16) <: i16) in + let mask:i16 = shifted >>! 15l in + let shifted_to_positive:i16 = mask ^. shifted in + let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in + cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 + +let get_n_least_significant_bits (n: u8) (value: u32) = value &. ((1ul <>! 35l in + cast (get_n_least_significant_bits coefficient_bits (cast (compressed <: u64) <: u32) <: u32) + <: + i16 + +let montgomery_reduce_element (value: i32) = + let _:i32 = v_MONTGOMERY_R in + let k:i32 = + (cast (cast (value <: i32) <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: i32) + in + let k_times_modulus:i32 = + (cast (cast (k <: i32) <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + in + let c:i16 = cast (k_times_modulus >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in + let value_high:i16 = cast (value >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in + value_high -! c + +let montgomery_multiply_fe_by_fer (fe fer: i16) = + montgomery_reduce_element ((cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) <: i32) + +let ntt_multiply_binomials (a0, a1: (i16 & i16)) (b0, b1: (i16 & i16)) (zeta: i16) = + montgomery_reduce_element (((cast (a0 <: i16) <: i32) *! (cast (b0 <: i16) <: i32) <: i32) +! + ((cast (montgomery_reduce_element ((cast (a1 <: i16) <: i32) *! (cast (b1 <: i16) <: i32) + <: + i32) + <: + i16) + <: + i32) *! + (cast (zeta <: i16) <: i32) + <: + i32) + <: + i32), + montgomery_reduce_element (((cast (a0 <: i16) <: i32) *! (cast (b1 <: i16) <: i32) <: i32) +! + ((cast (a1 <: i16) <: i32) *! (cast (b0 <: i16) <: i32) <: i32) + <: + i32) + <: + (i16 & i16) + +let rej_sample (a: t_Slice u8) (result: t_Slice i16) = + let sampled:usize = sz 0 in + let result, sampled:(t_Slice i16 & usize) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Slice.Iter.t_Chunks + u8) + (Core.Slice.impl__chunks #u8 a (sz 3) <: Core.Slice.Iter.t_Chunks u8) + <: + Core.Slice.Iter.t_Chunks u8) + (result, sampled <: (t_Slice i16 & usize)) + (fun temp_0_ bytes -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let bytes:t_Slice u8 = bytes in + let b1:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in + let b2:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in + let b3:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in + let d1:i16 = ((b2 &. 15s <: i16) <>! 4l <: i16) in + let result, sampled:(t_Slice i16 & usize) = + if d1 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + then + let result:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d1 + in + result, sampled +! sz 1 <: (t_Slice i16 & usize) + else result, sampled <: (t_Slice i16 & usize) + in + if d2 <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS && sampled <. sz 16 + then + let result:t_Slice i16 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result sampled d2 + in + result, sampled +! sz 1 <: (t_Slice i16 & usize) + else result, sampled <: (t_Slice i16 & usize)) + in + let hax_temp_output:usize = sampled in + result, hax_temp_output <: (t_Slice i16 & usize) + +let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + lhs + (fun lhs i -> + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = lhs in + let i:usize = i in + { + lhs with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) +! + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + lhs + +let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (barrett_reduce_element (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) &. c <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let compress (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (compress_message_coefficient (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ + i ] + <: + i16) + <: + u16) + <: + u8) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + let _:Prims.unit = + if true + then + let _:Prims.unit = + if + ~.(((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >=. 0s <: bool) && + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <. 4096s <: bool)) + then + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: v.elements[i] >= 0 && v.elements[i] < 4096" + + <: + Rust_primitives.Hax.t_Never) + in + () + in + if (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >=. 3329s + then + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) -! 3329s <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + else v) + in + v + +let decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + let decompressed:i32 = + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: i32) *! + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + in + let decompressed:i32 = + (decompressed <>! (v_COEFFICIENT_BITS +! 1l <: i32) in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (decompressed <: i32) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v) + in + v + +let from_i16_array (array: t_Slice i16) = + { + Libcrux_ml_kem.Vector.Portable.f_elements + = + Core.Result.impl__unwrap #(t_Array i16 (sz 16)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice i16) + #(t_Array i16 (sz 16)) + (array.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + <: + Core.Result.t_Result (t_Array i16 (sz 16)) Core.Array.t_TryFromSliceError) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + +let inv_ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta2 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + (barrett_reduce_element ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 + <: + usize ] + <: + i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta3 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let inv_ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (montgomery_multiply_fe_by_fer a_minus_b zeta0 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + (montgomery_multiply_fe_by_fer a_minus_b zeta1 <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let inv_ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) = + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let a_minus_b:i16 = + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) -! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) +! + (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (montgomery_multiply_fe_by_fer a_minus_b zeta <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] + <: + i16) + c + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) *! c <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 + <: + usize ] + <: + i16) + zeta2 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 + <: + usize ] + <: + i16) + zeta2 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 + <: + usize ] + <: + i16) + zeta3 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 + <: + usize ] + <: + i16) + zeta3 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + zeta0 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 + <: + usize ] + <: + i16) + zeta1 + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) = + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 ] <: i16) zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 9 ] <: i16) zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 10 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 11 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 12 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 13 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 14 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let t:i16 = + montgomery_multiply_fe_by_fer (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 15 ] <: i16) + zeta + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) -! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) +! t <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in + let result:t_Array u8 (sz 2) = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:t_Array u8 (sz 2) = result in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + ((result.[ sz 0 ] <: u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u8) < + let result:t_Array u8 (sz 2) = result in + let i:usize = i in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + ((result.[ sz 1 ] <: u8) |. + ((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) <: u8) <>! 8l <: i16) &. 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! + 8l + <: + i16) &. + 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! + 6l + <: + i16) &. + 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! + 4l + <: + i16) &. + 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! + 8l + <: + i16) &. + 3s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! + 6l + <: + i16) &. + 15s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! + 4l + <: + i16) &. + 63s + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 20) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + result + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 11) + (cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) <: u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 31s + <: + i16) + <: + u8) <>! 8l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 3s + <: + i16) + <: + u8) <>! 5l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 14) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 2l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. + 127s + <: + i16) + <: + u8) <>! + 10l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s + <: + i16) + <: + u8) <>! 7l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 17) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 1s + <: + i16) + <: + u8) <>! 4l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) >>! 1l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 63s + <: + i16) + <: + u8) <>! 9l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 20) + (((cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 7s + <: + i16) + <: + u8) <>! 6l + <: + i16) + <: + u8) + <: + u8) + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) >>! 3l + <: + i16) + <: + u8) + in + result + +let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 24) = Rust_primitives.Hax.repeat 0uy (sz 24) in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 1) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 6) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 255s <: i16) <: u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 10) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) >>! 8l <: i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 12) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 13) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 15) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 16) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 18) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 19) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 21) + (cast ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 255s + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 24) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 22) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) >>! 8l + <: + i16) |. + (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) &. 15s + <: + i16) <>! 4l + <: + i16) &. + 255s + <: + i16) + <: + u8) + in + result + +let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let result:t_Array u8 (sz 8) = Rust_primitives.Hax.repeat 0uy (sz 8) in + let result:t_Array u8 (sz 8) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 0) + (((cast (v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 2) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 3) + (cast (((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16) &. 3s <: i16) <>! 4l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 4) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) <>! 2l <: i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 5) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) &. 7s + <: + i16) <>! 3l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 7) + (cast ((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16) &. 15s + <: + i16) <>! 1l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 8) + (cast (((((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16) &. 3s + <: + i16) <>! 4l + <: + i16) + <: + i16) + <: + u8) + in + let result:t_Array u8 (sz 10) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + (sz 9) + (cast (((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) <>! 2l + <: + i16) + <: + i16) + <: + u8) + in + result + +let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v + (fun v i -> + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = v in + let i:usize = i in + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((v.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) >>! v_SHIFT_BY <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + v + +let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) = + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + lhs + (fun lhs i -> + let lhs:Libcrux_ml_kem.Vector.Portable.t_PortableVector = lhs in + let i:usize = i in + { + lhs with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) -! + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ i ] <: i16) + <: + i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + lhs + +let zero (_: Prims.unit) = + { Libcrux_ml_kem.Vector.Portable.f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + +let deserialize_1_ (v: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = result in + let i:usize = i in + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + ({ + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + result + (fun result i -> + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = result in + let i:usize = i in + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + i + (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) + <: + t_Array i16 (sz 16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector) + in + result + +let deserialize_10_ (bytes: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + ((((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((((cast (bytes.[ sz 10 +! sz 1 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + ((((cast (bytes.[ sz 10 +! sz 3 <: usize ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (((cast (bytes.[ sz 10 +! sz 4 <: usize ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((((cast (bytes.[ sz 10 +! sz 6 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((((cast (bytes.[ sz 10 +! sz 8 <: usize ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (((cast (bytes.[ sz 10 +! sz 9 <: usize ] <: u8) <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + result + +let deserialize_11_ (bytes: t_Slice u8) = + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + ((((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + ((((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + ((((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + ((((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + ((((cast (bytes.[ sz 11 +! sz 1 <: usize ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (((((cast (bytes.[ sz 11 +! sz 4 <: usize ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + ((((cast (bytes.[ sz 11 +! sz 5 <: usize ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + ((((cast (bytes.[ sz 11 +! sz 6 <: usize ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (((((cast (bytes.[ sz 11 +! sz 8 <: usize ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + ((((cast (bytes.[ sz 11 +! sz 9 <: usize ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let result:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + result with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (((cast (bytes.[ sz 11 +! sz 10 <: usize ] <: u8) <: i16) <>! 5l <: i16) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + result + +let deserialize_12_ (bytes: t_Slice u8) = + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in + let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in + let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in + let byte3:i16 = cast (bytes.[ sz 3 ] <: u8) <: i16 in + let byte4:i16 = cast (bytes.[ sz 4 ] <: u8) <: i16 in + let byte5:i16 = cast (bytes.[ sz 5 ] <: u8) <: i16 in + let byte6:i16 = cast (bytes.[ sz 6 ] <: u8) <: i16 in + let byte7:i16 = cast (bytes.[ sz 7 ] <: u8) <: i16 in + let byte8:i16 = cast (bytes.[ sz 8 ] <: u8) <: i16 in + let byte9:i16 = cast (bytes.[ sz 9 ] <: u8) <: i16 in + let byte10:i16 = cast (bytes.[ sz 10 ] <: u8) <: i16 in + let byte11:i16 = cast (bytes.[ sz 11 ] <: u8) <: i16 in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (((byte4 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (((byte7 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (((byte10 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let byte12:i16 = cast (bytes.[ sz 12 ] <: u8) <: i16 in + let byte13:i16 = cast (bytes.[ sz 13 ] <: u8) <: i16 in + let byte14:i16 = cast (bytes.[ sz 14 ] <: u8) <: i16 in + let byte15:i16 = cast (bytes.[ sz 15 ] <: u8) <: i16 in + let byte16:i16 = cast (bytes.[ sz 16 ] <: u8) <: i16 in + let byte17:i16 = cast (bytes.[ sz 17 ] <: u8) <: i16 in + let byte18:i16 = cast (bytes.[ sz 18 ] <: u8) <: i16 in + let byte19:i16 = cast (bytes.[ sz 19 ] <: u8) <: i16 in + let byte20:i16 = cast (bytes.[ sz 20 ] <: u8) <: i16 in + let byte21:i16 = cast (bytes.[ sz 21 ] <: u8) <: i16 in + let byte22:i16 = cast (bytes.[ sz 22 ] <: u8) <: i16 in + let byte23:i16 = cast (bytes.[ sz 23 ] <: u8) <: i16 in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (((byte13 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (((byte16 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (((byte19 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let re:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + re with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (((byte22 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + re + +let deserialize_4_ (bytes: t_Slice u8) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (cast ((bytes.[ sz 4 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (cast (((bytes.[ sz 4 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (cast ((bytes.[ sz 5 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (cast (((bytes.[ sz 5 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (cast ((bytes.[ sz 6 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (cast (((bytes.[ sz 6 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (cast ((bytes.[ sz 7 ] <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (cast (((bytes.[ sz 7 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let deserialize_5_ (bytes: t_Slice u8) = + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + (cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + (cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + (cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + (cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + (cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + (cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + (cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + (cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8) + (cast ((bytes.[ sz 5 +! sz 0 <: usize ] <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 9) + (cast ((((bytes.[ sz 5 +! sz 1 <: usize ] <: u8) &. 3uy <: u8) <>! 5l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 10) + (cast (((bytes.[ sz 5 +! sz 1 <: usize ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 11) + (cast ((((bytes.[ sz 5 +! sz 2 <: usize ] <: u8) &. 15uy <: u8) <>! 7l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 12) + (cast ((((bytes.[ sz 5 +! sz 3 <: usize ] <: u8) &. 1uy <: u8) <>! 4l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 13) + (cast (((bytes.[ sz 5 +! sz 3 <: usize ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 14) + (cast ((((bytes.[ sz 5 +! sz 4 <: usize ] <: u8) &. 7uy <: u8) <>! 6l <: u8) + <: + u8) + <: + i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let v:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + v with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 15) + (cast ((bytes.[ sz 5 +! sz 4 <: usize ] <: u8) >>! 3l <: u8) <: i16) + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + v + +let ntt_multiply + (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = zero () in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 0 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 1 ] <: i16) + <: + (i16 & i16)) + zeta0 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 0) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 1) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 2 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 3 ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta0 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 2) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 3) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 4 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 5 ] <: i16) + <: + (i16 & i16)) + zeta1 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 4) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 5) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 6 ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 7 ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta1 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 6) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 7) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 0 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 1 <: usize ] <: i16) + <: + (i16 & i16)) + zeta2 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 0 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 1 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 2 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 3 <: usize ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta2 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 2 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 3 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 4 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 5 <: usize ] <: i16) + <: + (i16 & i16)) + zeta3 + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 4 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 5 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let product:(i16 & i16) = + ntt_multiply_binomials ((lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] + <: + i16), + (lhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + (i16 & i16)) + ((rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 6 <: usize ] <: i16), + (rhs.Libcrux_ml_kem.Vector.Portable.f_elements.[ sz 8 +! sz 7 <: usize ] <: i16) + <: + (i16 & i16)) + (Core.Ops.Arith.Neg.neg zeta3 <: i16) + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 6 <: usize) + product._1 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + let out:Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + out with + Libcrux_ml_kem.Vector.Portable.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out + .Libcrux_ml_kem.Vector.Portable.f_elements + (sz 8 +! sz 7 <: usize) + product._2 + } + <: + Libcrux_ml_kem.Vector.Portable.t_PortableVector + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti new file mode 100644 index 000000000..39f142807 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.fsti @@ -0,0 +1,734 @@ +module Libcrux_ml_kem.Vector +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + () + +/// Values having this type hold a representative 'x' of the Kyber field. +/// We use 'fe' as a shorthand for this type. +unfold +let t_FieldElement = i16 + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R (mod FIELD_MODULUS). +/// We use 'fer' as a shorthand for this type. +unfold +let t_FieldElementTimesMontgomeryR = i16 + +/// If 'x' denotes a value of type `fe`, values having this type hold a +/// representative y ≡ x·MONTGOMERY_R^(-1) (mod FIELD_MODULUS). +/// We use 'mfe' as a shorthand for this type +unfold +let t_MontgomeryFieldElement = i16 + +/// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ +let v_BARRETT_MULTIPLIER: i32 = Rust_primitives.Hax.dropped_body + +let v_BARRETT_R: i32 = Rust_primitives.Hax.dropped_body + +let v_BARRETT_SHIFT: i32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_R: i32 = Rust_primitives.Hax.dropped_body + +let v_MONTGOMERY_SHIFT: u8 = Rust_primitives.Hax.dropped_body + +/// Signed Barrett Reduction +/// Given an input `value`, `barrett_reduce` outputs a representative `result` +/// such that: +/// - result ≡ value (mod FIELD_MODULUS) +/// - the absolute value of `result` is bound as follows: +/// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) +/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +val barrett_reduce_element (value: i16) + : Prims.Pure i16 + (requires + (Core.Convert.f_from #i32 #i16 value <: i32) >. (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i32) && + (Core.Convert.f_from #i32 #i16 value <: i32) <. v_BARRETT_R) + (ensures + fun result -> + let result:i16 = result in + result >. (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) && + result <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + +val compress_ciphertext_coefficient (coefficient_bits: u8) (fe: u16) + : Prims.Pure i16 + (requires + (coefficient_bits =. 4uy || coefficient_bits =. 5uy || coefficient_bits =. 10uy || + coefficient_bits =. 11uy) && + fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) + (ensures + fun result -> + let result:i16 = result in + result >=. 0s && + result <. (Core.Num.impl__i16__pow 2s (cast (coefficient_bits <: u8) <: u32) <: i16)) + +/// The `compress_*` functions implement the `Compress` function specified in the NIST FIPS +/// 203 standard (Page 18, Expression 4.5), which is defined as: +/// ```plaintext +/// Compress_d: ℤq -> ℤ_{2ᵈ} +/// Compress_d(x) = ⌈(2ᵈ/q)·x⌋ +/// ``` +/// Since `⌈x⌋ = ⌊x + 1/2⌋` we have: +/// ```plaintext +/// Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ +/// = ⌊(2^{d+1}·x + q) / 2q⌋ +/// ``` +/// For further information about the function implementations, consult the +/// `implementation_notes.pdf` document in this directory. +/// The NIST FIPS 203 standard can be found at +/// . +val compress_message_coefficient (fe: u16) + : Prims.Pure u8 + (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: u16)) + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies ((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool) && + Hax_lib.implies (~.((833us <=. fe <: bool) && (fe <=. 2596us <: bool)) <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool)) + +val get_n_least_significant_bits (n: u8) (value: u32) + : Prims.Pure u32 + (requires n =. 4uy || n =. 5uy || n =. 10uy || n =. 11uy || n =. v_MONTGOMERY_SHIFT) + (ensures + fun result -> + let result:u32 = result in + result <. (Core.Num.impl__u32__pow 2ul (Core.Convert.f_into #u8 #u32 n <: u32) <: u32)) + +/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to +/// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to +/// `x · y`, as follows: +/// `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` +/// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative +/// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. +val montgomery_multiply_fe_by_fer (fe fer: i16) + : Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) + +/// Signed Montgomery Reduction +/// Given an input `value`, `montgomery_reduce` outputs a representative `o` +/// such that: +/// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) +/// - the absolute value of `o` is bound as follows: +/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) +/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. +val montgomery_reduce_element (value: i32) + : Prims.Pure i16 + (requires + value >=. + ((Core.Ops.Arith.Neg.neg (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) + <: + i32) *! + v_MONTGOMERY_R + <: + i32) && + value <=. + ((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) *! v_MONTGOMERY_R + <: + i32)) + (ensures + fun result -> + let result:i16 = result in + result >=. + ((Core.Ops.Arith.Neg.neg (3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) + <: + i16) /! + 2s + <: + i16) && + result <=. ((3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) /! 2s <: i16)) + +/// Compute the product of two Kyber binomials with respect to the +/// modulus `X² - zeta`. +/// This function almost implements Algorithm 11 of the +/// NIST FIPS 203 standard, which is reproduced below: +/// ```plaintext +/// Input: a₀, a₁, b₀, b₁ ∈ ℤq. +/// Input: γ ∈ ℤq. +/// Output: c₀, c₁ ∈ ℤq. +/// c₀ ← a₀·b₀ + a₁·b₁·γ +/// c₁ ← a₀·b₁ + a₁·b₀ +/// return c₀, c₁ +/// ``` +/// We say "almost" because the coefficients output by this function are in +/// the Montgomery domain (unlike in the specification). +/// The NIST FIPS 203 standard can be found at +/// . +val ntt_multiply_binomials: (i16 & i16) -> (i16 & i16) -> zeta: i16 + -> Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + +val rej_sample (a: t_Slice u8) (result: t_Slice i16) + : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + +val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val compress (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val compress_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_1_ (v: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val from_i16_array (array: t_Slice i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val inv_ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_1_step + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val ntt_multiply + (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +val shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector + Prims.l_True + (fun _ -> Prims.l_True) + +val zero: Prims.unit + -> Prims.Pure Libcrux_ml_kem.Vector.Portable.t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_kem.Vector.Traits.t_Operations Libcrux_ml_kem.Vector.Portable.t_PortableVector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + f_ZERO_pre = (fun (_: Prims.unit) -> true); + f_ZERO_post + = + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_ZERO = (fun (_: Prims.unit) -> zero ()); + f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); + f_from_i16_array_post + = + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); + f_add_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_add_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_add + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + add lhs rhs); + f_sub_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_sub_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_sub + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + sub lhs rhs); + f_multiply_by_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> true); + f_multiply_by_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (c: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_multiply_by_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> multiply_by_constant v c); + f_bitwise_and_with_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> true); + f_bitwise_and_with_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (c: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_bitwise_and_with_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (c: i16) -> + bitwise_and_with_constant v c); + f_shift_right_pre + = + (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_shift_right_post + = + (fun + (v_SHIFT_BY: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_shift_right + = + (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + shift_right v_SHIFT_BY v); + f_cond_subtract_3329_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_cond_subtract_3329_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_cond_subtract_3329_ + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> cond_subtract_3329_ v); + f_barrett_reduce_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_barrett_reduce_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_barrett_reduce + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> barrett_reduce v); + f_montgomery_multiply_by_constant_pre + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (r: i16) -> true); + f_montgomery_multiply_by_constant_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (r: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_montgomery_multiply_by_constant + = + (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (r: i16) -> + montgomery_multiply_by_constant v r); + f_compress_1_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_compress_1_post + = + (fun + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_compress_1_ = (fun (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> compress_1_ v); + f_compress_pre + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_compress_post + = + (fun + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_compress + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + compress v_COEFFICIENT_BITS v); + f_decompress_ciphertext_coefficient_pre + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_decompress_ciphertext_coefficient_post + = + (fun + (v_COEFFICIENT_BITS: i32) + (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_decompress_ciphertext_coefficient + = + (fun (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> + decompress_ciphertext_coefficient v_COEFFICIENT_BITS v); + f_ntt_layer_1_step_pre + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_layer_1_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_1_step + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3); + f_ntt_layer_2_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> true); + f_ntt_layer_2_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_2_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> + ntt_layer_2_step a zeta0 zeta1); + f_ntt_layer_3_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> true); + f_ntt_layer_3_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_layer_3_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> ntt_layer_3_step a zeta + ); + f_inv_ntt_layer_1_step_pre + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_inv_ntt_layer_1_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_1_step + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + inv_ntt_layer_1_step a zeta0 zeta1 zeta2 zeta3); + f_inv_ntt_layer_2_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> true); + f_inv_ntt_layer_2_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_2_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta0: i16) (zeta1: i16) -> + inv_ntt_layer_2_step a zeta0 zeta1); + f_inv_ntt_layer_3_step_pre + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> true); + f_inv_ntt_layer_3_step_post + = + (fun + (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_inv_ntt_layer_3_step + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (zeta: i16) -> + inv_ntt_layer_3_step a zeta); + f_ntt_multiply_pre + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + true); + f_ntt_multiply_post + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + -> + true); + f_ntt_multiply + = + (fun + (lhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (rhs: Libcrux_ml_kem.Vector.Portable.t_PortableVector) + (zeta0: i16) + (zeta1: i16) + (zeta2: i16) + (zeta3: i16) + -> + ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); + f_serialize_1_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_1_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_1_ a); + f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); + f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_4_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_4_ a); + f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); + f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_5_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 10)) -> true); + f_serialize_5_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_5_ a); + f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); + f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_10_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_10_ a); + f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); + f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_11_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 22)) -> true); + f_serialize_11_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_11_ a); + f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); + f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_serialize_12_post + = + (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> serialize_12_ a); + f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12_post + = + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.t_PortableVector) -> true); + f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a); + f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); + f_rej_sample_post + = + (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true); + f_rej_sample + = + fun (a: t_Slice u8) (out: t_Slice i16) -> + let tmp0, out1:(t_Slice i16 & usize) = rej_sample a out in + let out:t_Slice i16 = tmp0 in + let hax_temp_output:usize = out1 in + out, hax_temp_output <: (t_Slice i16 & usize) + } diff --git a/libcrux-ml-kem/src/constants.rs b/libcrux-ml-kem/src/constants.rs index cf89e9348..885a3eaec 100644 --- a/libcrux-ml-kem/src/constants.rs +++ b/libcrux-ml-kem/src/constants.rs @@ -1,6 +1,3 @@ -/// Field modulus: 3329 -pub(crate) const _FIELD_MODULUS: i16 = 3329; - /// Each field element needs floor(log_2(FIELD_MODULUS)) + 1 = 12 bits to represent pub(crate) const BITS_PER_COEFFICIENT: usize = 12; diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 5b0a163b2..d22029642 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -170,52 +170,38 @@ pub(crate) mod avx2 { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; - match K { + match K as u8 { 2 => { - let mut dummy_out0 = [0u8; LEN]; - let mut dummy_out1 = [0u8; LEN]; - let (out0, out1) = out.split_at_mut(1); x4::shake256( - &input[0], - &input[1], - &input[0], - &input[0], - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, + &input[0], &input[1], &input[0], &input[0], &mut out0, &mut out1, + &mut out2, &mut out3, ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); x4::shake256( - &input[0], - &input[1], - &input[2], - &input[0], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, + &input[0], &input[1], &input[2], &input[0], &mut out0, &mut out1, + &mut out2, &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); x4::shake256( - &input[0], - &input[1], - &input[2], - &input[3], - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], + &input[0], &input[1], &input[2], &input[3], &mut out0, &mut out1, + &mut out2, &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function must only be called with N = 2, 3, 4"), } @@ -227,7 +213,7 @@ pub(crate) mod avx2 { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = x4::incremental::shake128_init(); - match K { + match K as u8 { 2 => { x4::incremental::shake128_absorb_final( &mut state, &input[0], &input[1], &input[0], &input[0], @@ -255,42 +241,32 @@ pub(crate) mod avx2 { fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { + let mut out0 = [0u8; THREE_BLOCKS]; + let mut out1 = [0u8; THREE_BLOCKS]; + let mut out2 = [0u8; THREE_BLOCKS]; + let mut out3 = [0u8; THREE_BLOCKS]; + x4::incremental::shake128_squeeze_first_three_blocks( + &mut self.shake128_state, + &mut out0, + &mut out1, + &mut out2, + &mut out3, + ); + match K as u8 { 2 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let mut dummy_out1 = [0u8; THREE_BLOCKS]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_first_three_blocks( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function must only be called with N = 2, 3, 4"), } @@ -301,42 +277,32 @@ pub(crate) mod avx2 { fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; - match K { + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + x4::incremental::shake128_squeeze_next_block( + &mut self.shake128_state, + &mut out0, + &mut out1, + &mut out2, + &mut out3, + ); + match K as u8 { 2 => { - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let mut dummy_out1 = [0u8; BLOCK_SIZE]; - let (out0, out1) = out.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut dummy_out0, - &mut dummy_out1, - ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut dummy_out0 = [0u8; BLOCK_SIZE]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut dummy_out0, - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x4::incremental::shake128_squeeze_next_block( - &mut self.shake128_state, - &mut out0[0], - &mut out1[0], - &mut out2[0], - &mut out3[0], - ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function is only called with 2, 3, 4"), } @@ -385,24 +351,30 @@ pub(crate) mod neon { fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; LEN]; K]; - match K { + let mut out0 = [0u8; LEN]; + let mut out1 = [0u8; LEN]; + let mut out2 = [0u8; LEN]; + let mut out3 = [0u8; LEN]; + match K as u8 { 2 => { - let (out0, out1) = out.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + out[0] = out0; + out[1] = out1; } 3 => { - let mut extra = [0u8; LEN]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[2], &mut out2[0], &mut extra); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + x2::shake256(&input[2], &input[2], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); - x2::shake256(&input[0], &input[1], &mut out0[0], &mut out1[0]); - x2::shake256(&input[2], &input[3], &mut out2[0], &mut out3[0]); + x2::shake256(&input[0], &input[1], &mut out0, &mut out1); + x2::shake256(&input[2], &input[3], &mut out2, &mut out3); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("Only 2, 3, or 4 are supported for N"), } @@ -416,7 +388,7 @@ pub(crate) mod neon { x2::incremental::shake128_init(), x2::incremental::shake128_init(), ]; - match K { + match K as u8 { 2 => { x2::incremental::shake128_absorb_final(&mut state[0], &input[0], &input[1]); } @@ -441,44 +413,51 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; - match K { + let mut out0 = [0u8; THREE_BLOCKS]; + let mut out1 = [0u8; THREE_BLOCKS]; + let mut out2 = [0u8; THREE_BLOCKS]; + let mut out3 = [0u8; THREE_BLOCKS]; + + match K as u8 { 2 => { - let (out0, out1) = out.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); + out[0] = out0; + out[1] = out1; } 3 => { - let mut extra = [0u8; THREE_BLOCKS]; - let (out0, out12) = out.split_at_mut(1); - let (out1, out2) = out12.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[1], - &mut out2[0], - &mut extra, + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; } 4 => { - let (out0, out123) = out.split_at_mut(1); - let (out1, out23) = out123.split_at_mut(1); - let (out2, out3) = out23.split_at_mut(1); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[0], - &mut out0[0], - &mut out1[0], + &mut out0, + &mut out1, ); x2::incremental::shake128_squeeze_first_three_blocks( &mut self.shake128_state[1], - &mut out2[0], - &mut out3[0], + &mut out2, + &mut out3, ); + out[0] = out0; + out[1] = out1; + out[2] = out2; + out[3] = out3; } _ => unreachable!("This function can only called be called with N = 2, 3, 4"), } @@ -490,10 +469,13 @@ pub(crate) mod neon { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; - match K { + let mut out0 = [0u8; BLOCK_SIZE]; + let mut out1 = [0u8; BLOCK_SIZE]; + let mut out2 = [0u8; BLOCK_SIZE]; + let mut out3 = [0u8; BLOCK_SIZE]; + + match K as u8 { 2 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, @@ -503,10 +485,6 @@ pub(crate) mod neon { out[1] = out1; } 3 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, @@ -522,10 +500,6 @@ pub(crate) mod neon { out[2] = out2; } 4 => { - let mut out0 = [0u8; BLOCK_SIZE]; - let mut out1 = [0u8; BLOCK_SIZE]; - let mut out2 = [0u8; BLOCK_SIZE]; - let mut out3 = [0u8; BLOCK_SIZE]; x2::incremental::shake128_squeeze_next_block( &mut self.shake128_state[0], &mut out0, diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 3c67ef508..719f009b9 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -4,9 +4,10 @@ use crate::{ }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, - ind_cpa::{into_padded_array, serialize_public_key}, + ind_cpa::serialize_public_key, serialize::deserialize_ring_elements_reduced, types::{MlKemCiphertext, MlKemKeyPair, MlKemPrivateKey, MlKemPublicKey}, + utils::into_padded_array, vector::Operations, }; diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 5014f06da..dbe59a37c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -13,18 +13,10 @@ use crate::{ deserialize_then_decompress_ring_element_v, deserialize_to_uncompressed_ring_element, serialize_uncompressed_ring_element, }, + utils::into_padded_array, vector::Operations, }; -/// Pad the `slice` with `0`s at the end. -#[inline(always)] -pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { - debug_assert!(slice.len() <= LEN); - let mut out = [0u8; LEN]; - out[0..slice.len()].copy_from_slice(slice); - out -} - /// Concatenate `t` and `ρ` into the public key. #[inline(always)] pub(crate) fn serialize_public_key< diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index e0687c7f8..2a431fdb5 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -57,6 +57,7 @@ pub(crate) mod constants; /// Helpers for verification and extraction mod helper; +mod utils; mod constant_time_ops; mod hash_functions; diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 79fb38507..2a1a28a3a 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -21,9 +21,9 @@ const VECTOR_V_COMPRESSION_FACTOR_1024: usize = 5; const C2_SIZE_1024: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_1024) / 8; const CPA_PKE_SECRET_KEY_SIZE_1024: usize = (RANK_1024 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_1024: usize = T_AS_NTT_ENCODED_SIZE_1024 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_1024: usize = T_AS_NTT_ENCODED_SIZE_1024 + 32; const CPA_PKE_CIPHERTEXT_SIZE_1024: usize = C1_SIZE_1024 + C2_SIZE_1024; -const SECRET_KEY_SIZE_1024: usize = CPA_PKE_SECRET_KEY_SIZE_1024 +pub(crate) const SECRET_KEY_SIZE_1024: usize = CPA_PKE_SECRET_KEY_SIZE_1024 + CPA_PKE_PUBLIC_KEY_SIZE_1024 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index caf50dda5..f457e551a 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -21,9 +21,9 @@ const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4; const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8; const CPA_PKE_SECRET_KEY_SIZE_512: usize = (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512; -const SECRET_KEY_SIZE_512: usize = +pub(crate) const SECRET_KEY_SIZE_512: usize = CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; const ETA1: usize = 3; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 3bd9333f4..a7030cb0c 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -21,7 +21,7 @@ const VECTOR_V_COMPRESSION_FACTOR_768: usize = 4; const C2_SIZE_768: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_768) / 8; const CPA_PKE_SECRET_KEY_SIZE_768: usize = (RANK_768 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -const CPA_PKE_PUBLIC_KEY_SIZE_768: usize = T_AS_NTT_ENCODED_SIZE_768 + 32; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_768: usize = T_AS_NTT_ENCODED_SIZE_768 + 32; // These two are used in the hybrid kem. This could probably be improved. pub(crate) const CPA_PKE_CIPHERTEXT_SIZE_768: usize = C1_SIZE_768 + C2_SIZE_768; pub(crate) const SECRET_KEY_SIZE_768: usize = diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs new file mode 100644 index 000000000..67300d163 --- /dev/null +++ b/libcrux-ml-kem/src/utils.rs @@ -0,0 +1,33 @@ +// C extraction: +// A couple helper functions and definitions -- this file ends up being bundled in +// libcrux_core.{c,h}, so if you need something that has to be shared across multiple mlkem +// instances / implementations, it can go in here. + +/// Pad the `slice` with `0`s at the end. +#[inline(always)] +pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { + debug_assert!(slice.len() <= LEN); + let mut out = [0u8; LEN]; + out[0..slice.len()].copy_from_slice(slice); + out +} + +// C extraction: +// +// This is only enabled when extracting. +// +// Without these type abbreviations, the monomorphized definitions end up being inserted at the +// first location that they are used, which might be, e.g., the avx2 impl of mlkem512, resulting in +// the portable impl of mlkem512 including the header for the avx2 impl of mlkem512 to have this +// type definition in scope! +// +// To avoid that, we manually place those definitions in this file, which ends up in a shared +// header. +// +// TODO: use proper constants. They don't work right now ... +#[cfg(eurydice)] +mod extraction_helper { + type Keypair512 = ([u8; 768], [u8; 800]); + type Keypair768 = ([u8; 1152], [u8; 1184]); + type Keypair1024 = ([u8; 1536], [u8; 1568]); +} diff --git a/libcrux-ml-kem/src/vector.rs b/libcrux-ml-kem/src/vector.rs index 7f2ca8acb..010cba802 100644 --- a/libcrux-ml-kem/src/vector.rs +++ b/libcrux-ml-kem/src/vector.rs @@ -77,7 +77,7 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { /// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) /// /// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. -#[cfg_attr(hax, hax_lib::requires(value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R))] +#[cfg_attr(hax, hax_lib::requires(value >= -(FIELD_MODULUS as i32) * MONTGOMERY_R && value <= (FIELD_MODULUS as i32) * MONTGOMERY_R))] #[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code @@ -143,7 +143,7 @@ fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVec /// /// The NIST FIPS 203 standard can be found at /// . -#[cfg_attr(hax, hax_lib::requires(fe < (crate::constants::FIELD_MODULUS as u16)))] +#[cfg_attr(hax, hax_lib::requires(fe < (FIELD_MODULUS as u16)))] #[cfg_attr(hax, hax_lib::ensures(|result| hax_lib::implies(833 <= fe && fe <= 2596, || result == 1) && hax_lib::implies(!(833 <= fe && fe <= 2596), || result == 0) @@ -179,7 +179,7 @@ pub(crate) fn compress_message_coefficient(fe: u16) -> u8 { coefficient_bits == 5 || coefficient_bits == 10 || coefficient_bits == 11) && - fe < (crate::constants::FIELD_MODULUS as u16)))] + fe < (FIELD_MODULUS as u16)))] #[cfg_attr(hax, hax_lib::ensures( |result| result >= 0 && result < 2i16.pow(coefficient_bits as u32)))] diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti new file mode 100644 index 000000000..9fdd87ec7 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.Incremental.fsti @@ -0,0 +1,44 @@ +module Libcrux_sha3.Avx2.X4.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_KeccakState4 = { f_state:t_Array Libcrux_sha3.Neon.X2.Incremental.t_KeccakState2 (sz 2) } + +/// Initialise the state and perform up to 4 absorbs at the same time, +/// using two [`KeccakState4`]. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_absorb_finalxN (v_N: usize) (input: t_Array (t_Array u8 (sz 34)) v_N) + : Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState4`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeeze3xN (v_LEN v_N: usize) (state: t_KeccakState4) + : Prims.Pure (t_KeccakState4 & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState4`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeezexN (v_LEN v_N: usize) (state: t_KeccakState4) + : Prims.Pure (t_KeccakState4 & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_absorb_final (s: t_KeccakState4) (data0 data1 data2 data3: t_Slice u8) + : Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the [`KeccakState4`]. +val shake128_init: Prims.unit -> Prims.Pure t_KeccakState4 Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_first_three_blocks (s: t_KeccakState4) (out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_KeccakState4 & t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_squeeze_next_block (s: t_KeccakState4) (out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_KeccakState4 & t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti new file mode 100644 index 000000000..91f8501c5 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Avx2.X4.fsti @@ -0,0 +1,15 @@ +module Libcrux_sha3.Avx2.X4 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Run up to 4 SHAKE256 operations in parallel. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake256xN (v_LEN v_N: usize) (input: t_Array (t_Array u8 (sz 33)) v_N) + : Prims.Pure (t_Array (t_Array u8 v_LEN) v_N) Prims.l_True (fun _ -> Prims.l_True) + +/// Perform 4 SHAKE256 operations in parallel +val shake256 (input0 input1 input2 input3 out0 out1 out2 out3: t_Slice u8) + : Prims.Pure (t_Slice u8 & t_Slice u8 & t_Slice u8 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst new file mode 100644 index 000000000..cea4f9ac0 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fst @@ -0,0 +1,255 @@ +module Libcrux_sha3.Generic_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits in + () + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn keccak( + data: [&[int]; N], + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "keccak"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_and_last( + s: &libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_and_last"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_block( + s: &libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_block"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_five_blocks( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_five_blocks"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_first_three_blocks( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_first_three_blocks"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_last( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_last"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn squeeze_next_block( + mut s: libcrux_sha3::generic_keccak::t_KeccakState, + out: [&mut [int]; N], +) -> tuple0 +where + _: libcrux_sha3::traits::t_KeccakItem, +{ + { + let hax_temp_output: tuple0 = { rust_primitives::hax::dropped_body }; + s + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "generic_keccak"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "squeeze_next_block"); + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti new file mode 100644 index 000000000..a7245528f --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Generic_keccak.fsti @@ -0,0 +1,13 @@ +module Libcrux_sha3.Generic_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits in + () + +val t_KeccakState (v_N: usize) (#v_T: Type0) {| i1: Libcrux_sha3.Traits.t_KeccakStateItem v_T v_N |} + : Type0 diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti new file mode 100644 index 000000000..c9ca03f55 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.Incremental.fsti @@ -0,0 +1,47 @@ +module Libcrux_sha3.Neon.X2.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +unfold +let t_KeccakState2Internal = + Libcrux_sha3.Generic_keccak.t_KeccakState (sz 2) Core.Core_arch.Arm_shared.Neon.t_uint64x2_t + +type t_KeccakState2 = { + f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 2) + Core.Core_arch.Arm_shared.Neon.t_uint64x2_t +} + +/// Initialise the state and perform up to 4 absorbs at the same time, +/// using two [`KeccakState2`]. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_absorb_finalxN (v_N: usize) (input: t_Array (t_Array u8 (sz 34)) v_N) + : Prims.Pure (t_Array t_KeccakState2 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze up to 3 x 4 (N) blocks in parallel, using two [`KeccakState2`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeeze3xN (v_LEN v_N: usize) (state: t_Array t_KeccakState2 (sz 2)) + : Prims.Pure (t_Array t_KeccakState2 (sz 2) & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze up to 4 (N) blocks in parallel, using two [`KeccakState2`]. +/// Each block is of size `LEN`. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake128_squeezexN (v_LEN v_N: usize) (state: t_Array t_KeccakState2 (sz 2)) + : Prims.Pure (t_Array t_KeccakState2 (sz 2) & t_Array (t_Array u8 v_LEN) v_N) + Prims.l_True + (fun _ -> Prims.l_True) + +val shake128_absorb_final (s: t_KeccakState2) (data0 data1: t_Slice u8) + : Prims.Pure t_KeccakState2 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the `KeccakState2`. +val shake128_init: Prims.unit -> Prims.Pure t_KeccakState2 Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_first_three_blocks (s: t_KeccakState2) (out0 out1: t_Slice u8) + : Prims.Pure (t_KeccakState2 & t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +val shake128_squeeze_next_block (s: t_KeccakState2) (out0 out1: t_Slice u8) + : Prims.Pure (t_KeccakState2 & t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti new file mode 100644 index 000000000..521b0ebf2 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.X2.fsti @@ -0,0 +1,14 @@ +module Libcrux_sha3.Neon.X2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Run up to 4 SHAKE256 operations in parallel. +/// **PANICS** when `N` is not 2, 3, or 4. +val v__shake256xN (v_LEN v_N: usize) (input: t_Array (t_Array u8 (sz 33)) v_N) + : Prims.Pure (t_Array (t_Array u8 v_LEN) v_N) Prims.l_True (fun _ -> Prims.l_True) + +/// Run SHAKE256 on both inputs in parallel. +/// Writes the two results into `out0` and `out1` +val shake256 (input0 input1 out0 out1: t_Slice u8) + : Prims.Pure (t_Slice u8 & t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti new file mode 100644 index 000000000..28b47c4f9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Neon.fsti @@ -0,0 +1,24 @@ +module Libcrux_sha3.Neon +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// A portable SHA3 224 implementation. +val sha224 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 256 implementation. +val sha256 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 384 implementation. +val sha384 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 512 implementation. +val sha512 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE128 implementation. +val shake128 (v_LEN: usize) (digest: t_Array u8 v_LEN) (data: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE256 implementation. +val shake256 (v_LEN: usize) (digest: t_Array u8 v_LEN) (data: t_Slice u8) + : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti new file mode 100644 index 000000000..1bf58e63e --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.Incremental.fsti @@ -0,0 +1,30 @@ +module Libcrux_sha3.Portable.Incremental +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// Absorb +val shake128_absorb_final (s: Libcrux_sha3.Portable.t_KeccakState1) (data0: t_Slice u8) + : Prims.Pure Libcrux_sha3.Portable.t_KeccakState1 Prims.l_True (fun _ -> Prims.l_True) + +/// Initialise the SHAKE state. +val shake128_init: Prims.unit + -> Prims.Pure Libcrux_sha3.Portable.t_KeccakState1 Prims.l_True (fun _ -> Prims.l_True) + +/// Squeeze five blocks +val shake128_squeeze_first_five_blocks (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze three blocks +val shake128_squeeze_first_three_blocks (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Squeeze another block +val shake128_squeeze_next_block (s: Libcrux_sha3.Portable.t_KeccakState1) (out0: t_Slice u8) + : Prims.Pure (Libcrux_sha3.Portable.t_KeccakState1 & t_Slice u8) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst new file mode 100644 index 000000000..47ead7e32 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fst @@ -0,0 +1,34 @@ +module Libcrux_sha3.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn keccakx1( + data: [&[int]; 1], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "keccakx1"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti new file mode 100644 index 000000000..4e914abbc --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable.fsti @@ -0,0 +1,26 @@ +module Libcrux_sha3.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +/// A portable SHA3 224 implementation. +val sha224 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 256 implementation. +val sha256 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 384 implementation. +val sha384 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHA3 512 implementation. +val sha512 (digest data: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE128 implementation. +val shake128 (digest data: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +/// A portable SHAKE256 implementation. +val shake256 (digest data: t_Slice u8) + : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + +type t_KeccakState1 = { f_state:Libcrux_sha3.Generic_keccak.t_KeccakState (sz 1) u64 } diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst new file mode 100644 index 000000000..9e2f1444c --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fst @@ -0,0 +1,187 @@ +module Libcrux_sha3.Portable_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_1_( + out: [&mut [int]; 1], + mid: int, +) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_1"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[int; 5]; 5], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem for int { + fn f_zero(_: tuple0) -> int { + { + 0 + } + } + fn f_xor5(a: int, b: int, c: int, d: int, e: int) -> int { + { + libcrux_sha3::portable_keccak::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor(a: int, b: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant(a: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__veorq_n_u64(a, c) + } + } + fn f_xor(a: int, b: int) -> int { + { + core::ops::bit::BitXor::bitxor(a, b) + } + } + fn f_load_block( + mut a: [[int; 5]; 5], + b: [&[int]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[int; 5]; 5], + b: [&mut [int]; 1], + ) -> tuple0 { + { + libcrux_sha3::portable_keccak::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[int; 5]; 5], + b: [[int; 200]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block_full::( + &mut (a), + b, + ) + } + }; + a + } + } + fn f_store_block_full( + a: &[[int; 5]; 5], + ) -> [[int; 200]; 1] { + { + libcrux_sha3::portable_keccak::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 1], start: int, len: int) -> [&[int]; 1] { + { + libcrux_sha3::portable_keccak::slice_1_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 1], + mid: int, + ) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + { + libcrux_sha3::portable_keccak::split_at_mut_1_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti new file mode 100644 index 000000000..8eeae34d6 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Portable_keccak.fsti @@ -0,0 +1,218 @@ +module Libcrux_sha3.Portable_keccak +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val v__vbcaxq_u64 (a b c: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__veor5q_u64 (a b c d e: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__veorq_n_u64 (a c: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__vrax1q_u64 (a b: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val v__vxarq_u64 (v_LEFT v_RIGHT: i32) (a b: u64) + : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val load_block + (v_RATE: usize) + (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + (blocks: t_Array (t_Slice u8) (sz 1)) + : Prims.Pure (t_Array (t_Array u64 (sz 5)) (sz 5)) Prims.l_True (fun _ -> Prims.l_True) + +val load_block_full + (v_RATE: usize) + (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + (blocks: t_Array (t_Array u8 (sz 200)) (sz 1)) + : Prims.Pure (t_Array (t_Array u64 (sz 5)) (sz 5)) Prims.l_True (fun _ -> Prims.l_True) + +val rotate_left (v_LEFT v_RIGHT: i32) (x: u64) : Prims.Pure u64 Prims.l_True (fun _ -> Prims.l_True) + +val slice_1_ (a: t_Array (t_Slice u8) (sz 1)) (start len: usize) + : Prims.Pure (t_Array (t_Slice u8) (sz 1)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_1_( + out: [&mut [int]; 1], + mid: int, +) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_1"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[int; 5]; 5], + out: [&mut [int]; 1], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +val store_block_full (v_RATE: usize) (s: t_Array (t_Array u64 (sz 5)) (sz 5)) + : Prims.Pure (t_Array (t_Array u8 (sz 200)) (sz 1)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem for int { + fn f_zero(_: tuple0) -> int { + { + 0 + } + } + fn f_xor5(a: int, b: int, c: int, d: int, e: int) -> int { + { + libcrux_sha3::portable_keccak::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate(a: int, b: int) -> int { + { + libcrux_sha3::portable_keccak::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor(a: int, b: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant(a: int, c: int) -> int { + { + libcrux_sha3::portable_keccak::v__veorq_n_u64(a, c) + } + } + fn f_xor(a: int, b: int) -> int { + { + core::ops::bit::BitXor::bitxor(a, b) + } + } + fn f_load_block( + mut a: [[int; 5]; 5], + b: [&[int]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[int; 5]; 5], + b: [&mut [int]; 1], + ) -> tuple0 { + { + libcrux_sha3::portable_keccak::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[int; 5]; 5], + b: [[int; 200]; 1], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::portable_keccak::load_block_full::( + &mut (a), + b, + ) + } + }; + a + } + } + fn f_store_block_full( + a: &[[int; 5]; 5], + ) -> [[int; 200]; 1] { + { + libcrux_sha3::portable_keccak::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 1], start: int, len: int) -> [&[int]; 1] { + { + libcrux_sha3::portable_keccak::slice_1_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 1], + mid: int, + ) -> tuple2<[&mut [int]; 1], [&mut [int]; 1]> { + { + libcrux_sha3::portable_keccak::split_at_mut_1_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "portable_keccak"); disambiguator = 0 + }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst new file mode 100644 index 000000000..d3a7b18d9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fst @@ -0,0 +1,214 @@ +module Libcrux_sha3.Simd.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_4_( + out: [&mut [int]; 4], + mid: int, +) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_4"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[core::core_arch::x86::t____m256i; 5]; 5], + out: [&mut [int]; 4], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem + for core::core_arch::x86::t____m256i +{ + fn f_zero(_: tuple0) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_set1_epi64x(0) + } + } + fn f_xor5( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + d: core::core_arch::x86::t____m256i, + e: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant( + a: core::core_arch::x86::t____m256i, + c: int, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veorq_n_u64(a, c) + } + } + fn f_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_xor_si256(a, b) + } + } + fn f_load_block( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [&[int]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + b: [&mut [int]; 4], + ) -> tuple0 { + { + libcrux_sha3::simd::avx2::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [[int; 200]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block_full::(&mut (a), b) + } + }; + a + } + } + fn f_store_block_full( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + ) -> [[int; 200]; 4] { + { + libcrux_sha3::simd::avx2::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 4], start: int, len: int) -> [&[int]; 4] { + { + libcrux_sha3::simd::avx2::slice_4_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 4], + mid: int, + ) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + { + libcrux_sha3::simd::avx2::split_at_mut_4_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti new file mode 100644 index 000000000..e0f54aaa9 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Simd.Avx2.fsti @@ -0,0 +1,256 @@ +module Libcrux_sha3.Simd.Avx2 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val v__vbcaxq_u64 (a b c: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__veor5q_u64 (a b c d e: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__veorq_n_u64 (a: Core.Core_arch.X86.t____m256i) (c: u64) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__vrax1q_u64 (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val v__vxarq_u64 (v_LEFT v_RIGHT: i32) (a b: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val load_block + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + (blocks: t_Array (t_Slice u8) (sz 4)) + : Prims.Pure (t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + Prims.l_True + (fun _ -> Prims.l_True) + +val load_block_full + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + (blocks: t_Array (t_Array u8 (sz 200)) (sz 4)) + : Prims.Pure (t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + Prims.l_True + (fun _ -> Prims.l_True) + +val rotate_left (v_LEFT v_RIGHT: i32) (x: Core.Core_arch.X86.t____m256i) + : Prims.Pure Core.Core_arch.X86.t____m256i Prims.l_True (fun _ -> Prims.l_True) + +val slice_4_ (a: t_Array (t_Slice u8) (sz 4)) (start len: usize) + : Prims.Pure (t_Array (t_Slice u8) (sz 4)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn split_at_mut_4_( + out: [&mut [int]; 4], + mid: int, +) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "split_at_mut_4"); disambiguator = 0 + } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[inline(always)] +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +fn store_block( + s: &[[core::core_arch::x86::t____m256i; 5]; 5], + out: [&mut [int]; 4], +) -> tuple0 { + rust_primitives::hax::dropped_body +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "store_block"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) + +val store_block_full + (v_RATE: usize) + (s: t_Array (t_Array Core.Core_arch.X86.t____m256i (sz 5)) (sz 5)) + : Prims.Pure (t_Array (t_Array u8 (sz 200)) (sz 4)) Prims.l_True (fun _ -> Prims.l_True) + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +#[cfg(feature = "simd256")] +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +impl libcrux_sha3::traits::t_KeccakItem + for core::core_arch::x86::t____m256i +{ + fn f_zero(_: tuple0) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_set1_epi64x(0) + } + } + fn f_xor5( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + d: core::core_arch::x86::t____m256i, + e: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veor5q_u64(a, b, c, d, e) + } + } + fn f_rotate_left1_and_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vrax1q_u64(a, b) + } + } + fn f_xor_and_rotate( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vxarq_u64::( + a, b, + ) + } + } + fn f_and_not_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + c: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__vbcaxq_u64(a, b, c) + } + } + fn f_xor_constant( + a: core::core_arch::x86::t____m256i, + c: int, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_sha3::simd::avx2::v__veorq_n_u64(a, c) + } + } + fn f_xor( + a: core::core_arch::x86::t____m256i, + b: core::core_arch::x86::t____m256i, + ) -> core::core_arch::x86::t____m256i { + { + libcrux_intrinsics::avx2::mm256_xor_si256(a, b) + } + } + fn f_load_block( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [&[int]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block::(&mut (a), b) + } + }; + a + } + } + fn f_store_block( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + b: [&mut [int]; 4], + ) -> tuple0 { + { + libcrux_sha3::simd::avx2::store_block::(&(deref(a)), b) + } + } + fn f_load_block_full( + mut a: [[core::core_arch::x86::t____m256i; 5]; 5], + b: [[int; 200]; 4], + ) -> tuple0 { + { + let hax_temp_output: tuple0 = { + { + libcrux_sha3::simd::avx2::load_block_full::(&mut (a), b) + } + }; + a + } + } + fn f_store_block_full( + a: &[[core::core_arch::x86::t____m256i; 5]; 5], + ) -> [[int; 200]; 4] { + { + libcrux_sha3::simd::avx2::store_block_full::(&(deref(a))) + } + } + fn f_slice_n(a: [&[int]; 4], start: int, len: int) -> [&[int]; 4] { + { + libcrux_sha3::simd::avx2::slice_4_(a, start, len) + } + } + fn f_split_at_mut_n( + a: [&mut [int]; 4], + mid: int, + ) -> tuple2<[&mut [int]; 4], [&mut [int]; 4]> { + { + libcrux_sha3::simd::avx2::split_at_mut_4_(a, mid) + } + } +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "simd"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2"); disambiguator = 0 }; + { Concrete_ident.Imported.data = Concrete_ident.Imported.Impl; + disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst new file mode 100644 index 000000000..af3a30a98 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fst @@ -0,0 +1,61 @@ +module Libcrux_sha3.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (RefMut) The mutation of this &mut is not allowed here. + +Last available AST for this item: + +/** A trait for multiplexing implementations.*/ +#[no_std()] +#[forbid(unsafe_code)] +#[feature(register_tool)] +#[register_tool(_hax)] +trait t_KeccakItem +where + _: core::clone::t_Clone, + _: core::marker::t_Copy, +{ + fn f_zero(_: tuple0) -> Self; + fn f_xor5(_: Self, _: Self, _: Self, _: Self, _: Self) -> Self; + fn f_rotate_left1_and_xor(_: Self, _: Self) -> Self; + fn f_xor_and_rotate(_: Self, _: Self) -> Self; + fn f_and_not_xor(_: Self, _: Self, _: Self) -> Self; + fn f_xor_constant(_: Self, _: int) -> Self; + fn f_xor(_: Self, _: Self) -> Self; + fn f_load_block( + _: [[Self; 5]; 5], + _: [&[int]; N], + ) -> [[Self; 5]; 5]; + fn f_store_block( + _: &[[Self; 5]; 5], + _: [&mut [int]; N], + ) -> tuple0; + fn f_load_block_full( + _: [[Self; 5]; 5], + _: [[int; 200]; N], + ) -> [[Self; 5]; 5]; + fn f_store_block_full( + _: &[[Self; 5]; 5], + ) -> [[int; 200]; N]; + fn f_slice_n(_: [&[int]; N], _: int, _: int) -> [&[int]; N]; + fn f_split_at_mut_n( + _: [&mut [int]; N], + _: int, + ) -> tuple2<[&mut [int]; N], [&mut [int]; N]>; +} + + +Last AST: +/* print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = +{ Concrete_ident.Imported.krate = "libcrux_sha3"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "traits"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "KeccakItem"); disambiguator = 0 } + ] + }; +kind = Concrete_ident.Kind.Value }) */ + *) diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti new file mode 100644 index 000000000..60af4096d --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.Traits.fsti @@ -0,0 +1,27 @@ +module Libcrux_sha3.Traits +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_sha3.Traits.Internal in + () + +/// A Keccak Item +/// This holds the internal state and depends on the architecture. +class t_KeccakStateItem (v_Self: Type0) (v_N: usize) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_7919791445461910775:Libcrux_sha3.Traits.Internal.t_KeccakItem + v_Self v_N +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl + (v_N: usize) + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_sha3.Traits.Internal.t_KeccakItem v_T v_N) + : t_KeccakStateItem v_T v_N = + { _super_7919791445461910775 = FStar.Tactics.Typeclasses.solve; __marker_trait = () } diff --git a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti index fb67a8888..9f4daa21b 100644 --- a/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti +++ b/libcrux-sha3/proofs/fstar/extraction/Libcrux_sha3.fsti @@ -3,18 +3,18 @@ module Libcrux_sha3 open Core open FStar.Mul -let discriminant_Algorithm_Sha3_224_: u32 = 1ul +let discriminant_Algorithm_Sha224: u32 = 1ul -let discriminant_Algorithm_Sha3_256_: u32 = 2ul +let discriminant_Algorithm_Sha256: u32 = 2ul -let discriminant_Algorithm_Sha3_384_: u32 = 3ul +let discriminant_Algorithm_Sha384: u32 = 3ul /// The Digest Algorithm. type t_Algorithm = - | Algorithm_Sha3_224_ : t_Algorithm - | Algorithm_Sha3_256_ : t_Algorithm - | Algorithm_Sha3_384_ : t_Algorithm - | Algorithm_Sha3_512_ : t_Algorithm + | Algorithm_Sha224 : t_Algorithm + | Algorithm_Sha256 : t_Algorithm + | Algorithm_Sha384 : t_Algorithm + | Algorithm_Sha512 : t_Algorithm [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Core.Convert.t_From u32 t_Algorithm = @@ -25,25 +25,29 @@ let impl_1: Core.Convert.t_From u32 t_Algorithm = = fun (v: t_Algorithm) -> match v with - | Algorithm_Sha3_224_ -> 1ul - | Algorithm_Sha3_256_ -> 2ul - | Algorithm_Sha3_384_ -> 3ul - | Algorithm_Sha3_512_ -> 4ul + | Algorithm_Sha224 -> 1ul + | Algorithm_Sha256 -> 2ul + | Algorithm_Sha384 -> 3ul + | Algorithm_Sha512 -> 4ul } -let discriminant_Algorithm_Sha3_512_: u32 = 4ul +let discriminant_Algorithm_Sha512: u32 = 4ul val t_Algorithm_cast_to_repr (x: t_Algorithm) : Prims.Pure u32 Prims.l_True (fun _ -> Prims.l_True) +/// A SHA3 224 Digest unfold let t_Sha3_224Digest = t_Array u8 (sz 28) +/// A SHA3 256 Digest unfold let t_Sha3_256Digest = t_Array u8 (sz 32) +/// A SHA3 384 Digest unfold let t_Sha3_384Digest = t_Array u8 (sz 48) +/// A SHA3 512 Digest unfold let t_Sha3_512Digest = t_Array u8 (sz 64) @@ -55,32 +59,30 @@ val hash (v_LEN: usize) (algorithm: t_Algorithm) (payload: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 224 -val sha224 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 28)) Prims.l_True (fun _ -> Prims.l_True) +val sha224 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 28)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 224 +/// Preconditions: +/// - `digest.len() == 28` val sha224_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 256 -val sha256 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val sha256 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 256 val sha256_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 384 -val sha384 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 48)) Prims.l_True (fun _ -> Prims.l_True) +val sha384 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 48)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 384 val sha384_ema (digest payload: t_Slice u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 512 -val sha512 (payload: t_Slice u8) - : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +val sha512 (data: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) /// SHA3 512 val sha512_ema (digest payload: t_Slice u8) @@ -105,26 +107,12 @@ let impl: Core.Convert.t_From t_Algorithm u32 = = fun (v: u32) -> match v with - | 1ul -> Algorithm_Sha3_224_ <: t_Algorithm - | 2ul -> Algorithm_Sha3_256_ <: t_Algorithm - | 3ul -> Algorithm_Sha3_384_ <: t_Algorithm - | 4ul -> Algorithm_Sha3_512_ <: t_Algorithm + | 1ul -> Algorithm_Sha224 <: t_Algorithm + | 2ul -> Algorithm_Sha256 <: t_Algorithm + | 3ul -> Algorithm_Sha384 <: t_Algorithm + | 4ul -> Algorithm_Sha512 <: t_Algorithm | _ -> - Rust_primitives.Hax.never_to_any (Core.Panicking.panic_fmt (Core.Fmt.impl_2__new_v1 (Rust_primitives.unsize - (let list = ["Unknown Digest mode "] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice string) - (Rust_primitives.unsize (let list = - [Core.Fmt.Rt.impl_1__new_display v <: Core.Fmt.Rt.t_Argument] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 1); - Rust_primitives.Hax.array_of_list 1 list) - <: - t_Slice Core.Fmt.Rt.t_Argument) - <: - Core.Fmt.t_Arguments) + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "explicit panic" <: Rust_primitives.Hax.t_Never) } diff --git a/libcrux-sha3/src/generic_keccak.rs b/libcrux-sha3/src/generic_keccak.rs index 0737e2581..ef63a654a 100644 --- a/libcrux-sha3/src/generic_keccak.rs +++ b/libcrux-sha3/src/generic_keccak.rs @@ -7,11 +7,11 @@ use crate::traits::*; #[cfg_attr(hax, hax_lib::opaque_type)] #[derive(Clone, Copy)] -pub(crate) struct KeccakState> { +pub(crate) struct KeccakState> { st: [[T; 5]; 5], } -impl> Index for KeccakState { +impl> Index for KeccakState { type Output = [T; 5]; fn index(&self, index: usize) -> &Self::Output { @@ -19,7 +19,7 @@ impl> Index for KeccakState { } } -impl> KeccakState { +impl> KeccakState { /// Create a new Shake128 x4 state. #[inline(always)] pub(crate) fn new() -> Self { @@ -36,7 +36,7 @@ const _ROTC: [usize; 24] = [ ]; #[inline(always)] -pub(crate) fn theta_rho>(s: &mut KeccakState) { +pub(crate) fn theta_rho>(s: &mut KeccakState) { let c: [T; 5] = [ T::xor5(s.st[0][0], s.st[1][0], s.st[2][0], s.st[3][0], s.st[4][0]), T::xor5(s.st[0][1], s.st[1][1], s.st[2][1], s.st[3][1], s.st[4][1]), @@ -88,7 +88,7 @@ const _PI: [usize; 24] = [ ]; #[inline(always)] -pub(crate) fn pi>(s: &mut KeccakState) { +pub(crate) fn pi>(s: &mut KeccakState) { let old = s.st.clone(); s.st[0][1] = old[1][1]; s.st[0][2] = old[2][2]; @@ -117,7 +117,7 @@ pub(crate) fn pi>(s: &mut KeccakState) { } #[inline(always)] -pub(crate) fn chi>(s: &mut KeccakState) { +pub(crate) fn chi>(s: &mut KeccakState) { let old = s.st; for i in 0..5 { for j in 0..5 { @@ -154,12 +154,12 @@ const ROUNDCONSTANTS: [u64; 24] = [ ]; #[inline(always)] -pub(crate) fn iota>(s: &mut KeccakState, i: usize) { +pub(crate) fn iota>(s: &mut KeccakState, i: usize) { s.st[0][0] = T::xor_constant(s.st[0][0], ROUNDCONSTANTS[i]); } #[inline(always)] -pub(crate) fn keccakf1600>(s: &mut KeccakState) { +pub(crate) fn keccakf1600>(s: &mut KeccakState) { for i in 0..24 { theta_rho(s); pi(s); @@ -169,7 +169,7 @@ pub(crate) fn keccakf1600>(s: &mut KeccakState< } #[inline(always)] -pub(crate) fn absorb_block, const RATE: usize>( +pub(crate) fn absorb_block, const RATE: usize>( s: &mut KeccakState, blocks: [&[u8]; N], ) { @@ -178,7 +178,12 @@ pub(crate) fn absorb_block, const RATE: usize>( } #[inline(always)] -pub(crate) fn absorb_final, const RATE: usize, const DELIM: u8>( +pub(crate) fn absorb_final< + const N: usize, + T: KeccakStateItem, + const RATE: usize, + const DELIM: u8, +>( s: &mut KeccakState, last: [&[u8]; N], ) { @@ -195,7 +200,7 @@ pub(crate) fn absorb_final, const RATE: usize, } #[inline(always)] -pub(crate) fn squeeze_first_block, const RATE: usize>( +pub(crate) fn squeeze_first_block, const RATE: usize>( s: &KeccakState, out: [&mut [u8]; N], ) { @@ -203,7 +208,7 @@ pub(crate) fn squeeze_first_block, const RATE: } #[inline(always)] -pub(crate) fn squeeze_next_block, const RATE: usize>( +pub(crate) fn squeeze_next_block, const RATE: usize>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -212,7 +217,11 @@ pub(crate) fn squeeze_next_block, const RATE: u } #[inline(always)] -pub(crate) fn squeeze_first_three_blocks, const RATE: usize>( +pub(crate) fn squeeze_first_three_blocks< + const N: usize, + T: KeccakStateItem, + const RATE: usize, +>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -224,7 +233,11 @@ pub(crate) fn squeeze_first_three_blocks, const } #[inline(always)] -pub(crate) fn squeeze_first_five_blocks, const RATE: usize>( +pub(crate) fn squeeze_first_five_blocks< + const N: usize, + T: KeccakStateItem, + const RATE: usize, +>( s: &mut KeccakState, out: [&mut [u8]; N], ) { @@ -243,7 +256,7 @@ pub(crate) fn squeeze_first_five_blocks, const } #[inline(always)] -pub(crate) fn squeeze_last, const RATE: usize>( +pub(crate) fn squeeze_last, const RATE: usize>( mut s: KeccakState, out: [&mut [u8]; N], ) { @@ -255,7 +268,7 @@ pub(crate) fn squeeze_last, const RATE: usize>( } #[inline(always)] -pub(crate) fn squeeze_first_and_last, const RATE: usize>( +pub(crate) fn squeeze_first_and_last, const RATE: usize>( s: &KeccakState, out: [&mut [u8]; N], ) { @@ -266,7 +279,7 @@ pub(crate) fn squeeze_first_and_last, const RAT } #[inline(always)] -pub(crate) fn keccak, const RATE: usize, const DELIM: u8>( +pub(crate) fn keccak, const RATE: usize, const DELIM: u8>( data: [&[u8]; N], out: [&mut [u8]; N], ) { diff --git a/libcrux-sha3/src/portable_keccak.rs b/libcrux-sha3/src/portable_keccak.rs index fd0015804..382a9e483 100644 --- a/libcrux-sha3/src/portable_keccak.rs +++ b/libcrux-sha3/src/portable_keccak.rs @@ -1,6 +1,6 @@ //! A portable SHA3 implementation using the generic implementation. -use crate::traits::*; +use crate::traits::internal::*; #[inline(always)] fn rotate_left(x: u64) -> u64 { diff --git a/libcrux-sha3/src/simd/arm64.rs b/libcrux-sha3/src/simd/arm64.rs index bc32dea34..773c5e036 100644 --- a/libcrux-sha3/src/simd/arm64.rs +++ b/libcrux-sha3/src/simd/arm64.rs @@ -1,6 +1,6 @@ use libcrux_intrinsics::arm64::*; -use crate::traits::KeccakItem; +use crate::traits::internal::KeccakItem; #[allow(non_camel_case_types)] pub type uint64x2_t = _uint64x2_t; diff --git a/libcrux-sha3/src/simd/avx2.rs b/libcrux-sha3/src/simd/avx2.rs index 04005c483..f55de7ffb 100644 --- a/libcrux-sha3/src/simd/avx2.rs +++ b/libcrux-sha3/src/simd/avx2.rs @@ -1,4 +1,4 @@ -use crate::traits::*; +use crate::traits::internal::*; use libcrux_intrinsics::avx2::*; #[inline(always)] diff --git a/libcrux-sha3/src/traits.rs b/libcrux-sha3/src/traits.rs index f8dc30c79..fa3f5f846 100644 --- a/libcrux-sha3/src/traits.rs +++ b/libcrux-sha3/src/traits.rs @@ -1,16 +1,25 @@ -/// A trait for multiplexing implementations. -pub trait KeccakItem: Clone + Copy { - fn zero() -> Self; - fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; - fn rotate_left1_and_xor(a: Self, b: Self) -> Self; - fn xor_and_rotate(a: Self, b: Self) -> Self; - fn and_not_xor(a: Self, b: Self, c: Self) -> Self; - fn xor_constant(a: Self, c: u64) -> Self; - fn xor(a: Self, b: Self) -> Self; - fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); - fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); - fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); - fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; - fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; - fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); +/// A Keccak Item +/// This holds the internal state and depends on the architecture. +pub trait KeccakStateItem: internal::KeccakItem {} + +// Implement the public trait for all items. +impl> KeccakStateItem for T {} + +pub(crate) mod internal { + /// A trait for multiplexing implementations. + pub trait KeccakItem: Clone + Copy { + fn zero() -> Self; + fn xor5(a: Self, b: Self, c: Self, d: Self, e: Self) -> Self; + fn rotate_left1_and_xor(a: Self, b: Self) -> Self; + fn xor_and_rotate(a: Self, b: Self) -> Self; + fn and_not_xor(a: Self, b: Self, c: Self) -> Self; + fn xor_constant(a: Self, c: u64) -> Self; + fn xor(a: Self, b: Self) -> Self; + fn load_block(a: &mut [[Self; 5]; 5], b: [&[u8]; N]); + fn store_block(a: &[[Self; 5]; 5], b: [&mut [u8]; N]); + fn load_block_full(a: &mut [[Self; 5]; 5], b: [[u8; 200]; N]); + fn store_block_full(a: &[[Self; 5]; 5]) -> [[u8; 200]; N]; + fn slice_n(a: [&[u8]; N], start: usize, len: usize) -> [&[u8]; N]; + fn split_at_mut_n(a: [&mut [u8]; N], mid: usize) -> ([&mut [u8]; N], [&mut [u8]; N]); + } } diff --git a/libcrux-simd/src/aarch64.rs b/libcrux-simd/src/aarch64.rs deleted file mode 100644 index 325dc3014..000000000 --- a/libcrux-simd/src/aarch64.rs +++ /dev/null @@ -1,130 +0,0 @@ -use core::arch::aarch64::*; - -/// A 128-bit integer type for SIMD instructions. -pub type Vec128 = uint32x4_t; - -/// We can't compute on a const `N`. So this is a little ugly. -/// Ensure that the `N` you provide is handled here. -/// -/// 16 is handled differently because it's more efficient this way. -#[inline(always)] -pub fn rotate_left128_u32(a: Vec128, n: u32) -> Vec128 { - assert!(n >= 1 && n <= 32); - match n { - 7 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 7), a, 32 - 7) }, - 8 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 8), a, 32 - 8) }, - 12 => unsafe { vsriq_n_u32(vshlq_n_u32(a, 12), a, 32 - 12) }, - 16 => unsafe { vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(a))) }, - _ => unimplemented!(), - } -} - -#[inline(always)] -pub fn rotate_left128_u32_16(a: Vec128) -> Vec128 { - unsafe { vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(a))) } -} - -#[inline(always)] -pub fn rotate_left128_u32_12(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 12), a, 32 - 12) } -} - -#[inline(always)] -pub fn rotate_left128_u32_8(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 8), a, 32 - 8) } -} - -#[inline(always)] -pub fn rotate_left128_u32_7(a: Vec128) -> Vec128 { - unsafe { vsriq_n_u32(vshlq_n_u32(a, 7), a, 32 - 7) } -} - -#[inline(always)] -pub fn add32(a: Vec128, b: Vec128) -> Vec128 { - unsafe { vaddq_u32(a, b) } -} - -#[inline(always)] -pub fn xor32(a: Vec128, b: Vec128) -> Vec128 { - unsafe { veorq_u32(a, b) } -} - -#[inline(always)] -pub fn load32(x: u32) -> Vec128 { - unsafe { vdupq_n_u32(x) } -} - -#[inline(always)] -// 16 u8, interpreted as 4 u32 -pub fn load8_32_le(value: &[u8]) -> Vec128 { - unsafe { vld1q_u32(value.as_ptr() as *const u32) } -} - -/// Load a `u8` slice into 4 `u32`. -/// -/// The slice must be `value.len() <= 4 * 4`. -/// When the slice is shorter, it is padded with `0`s. -#[inline(always)] -pub fn u32_from_le_bytes(value: &[u8]) -> Vec128 { - let mut padded = [0u8; 16]; - padded[0..value.len()].copy_from_slice(value); - load8_32_le(&padded) -} - -#[inline(always)] -// 4 u32, interpreted as 4 u32 -pub fn load32_le(values: [u32; 4]) -> Vec128 { - unsafe { vld1q_u32(values.as_ptr() as *const u32) } -} - -#[inline(always)] -// store vec128 into u8 slice -pub fn store8_32_le(value: Vec128, out: &mut [u8; 16]) { - unsafe { vst1q_u32(out.as_mut_ptr() as *mut u32, value) } -} - -/// Store 4 `u32` into little endian bytes. -/// -/// When the output has less than 16 bytes left to write in, only the available -/// number of bytes are written. -#[inline(always)] -pub fn u32_to_le_bytes(out: &mut [u8], value: Vec128) { - let mut padded = [0u8; 16]; - store8_32_le_ip(&mut padded, value); - out.copy_from_slice(&padded[0..out.len()]); -} - -#[inline(always)] -pub fn store8_32_le_ip(out: &mut [u8], value: Vec128) { - unsafe { vst1q_u32(out.as_mut_ptr() as *mut u32, value) } -} - -#[inline(always)] -pub fn interleave_low64(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { - vreinterpretq_u32_u64(vzip1q_u64( - vreinterpretq_u64_u32(x1), - vreinterpretq_u64_u32(x2), - )) - } -} - -#[inline(always)] -pub fn interleave_high64(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { - vreinterpretq_u32_u64(vzip2q_u64( - vreinterpretq_u64_u32(x1), - vreinterpretq_u64_u32(x2), - )) - } -} - -#[inline(always)] -pub fn interleave_low32(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { vzip1q_u32(x1, x2) } -} - -#[inline(always)] -pub fn interleave_high32(x1: Vec128, x2: Vec128) -> Vec128 { - unsafe { vzip2q_u32(x1, x2) } -} diff --git a/libcrux-simd/src/lib.rs b/libcrux-simd/src/lib.rs deleted file mode 100644 index 6e98921d3..000000000 --- a/libcrux-simd/src/lib.rs +++ /dev/null @@ -1,12 +0,0 @@ -//! # Hardware abstraction -//! -//! This crate implements hardware abstraction for 128-bit and 256-bit SIMD on -//! x64 and aarch64. - -#![no_std] - -/// When we build for aarch64 and the simd128 config is enabled. -#[cfg(all(target_arch = "aarch64", feature = "simd128"))] -pub use aarch64; - -pub mod scalar; diff --git a/libcrux-simd/src/scalar.rs b/libcrux-simd/src/scalar.rs deleted file mode 100644 index 1903d1548..000000000 --- a/libcrux-simd/src/scalar.rs +++ /dev/null @@ -1,61 +0,0 @@ -#[inline(always)] -pub fn rotate_left128_u32(a: u32, n: u32) -> u32 { - a.rotate_left(n) -} - -#[inline(always)] -pub fn add32(a: u32, b: u32) -> u32 { - a.wrapping_add(b) -} - -#[inline(always)] -pub fn xor32(a: u32, b: u32) -> u32 { - a ^ b -} - -#[inline(always)] -pub fn load32(x: u32) -> u32 { - x -} - -#[inline(always)] -/// No-op -pub fn load32_le(values: [u32; 1]) -> u32 { - values[0] -} - -/// Load a `u8` slice into a `u32`. -/// -/// The slice must be `value.len() <= 4`. -/// When the slice is shorter, it is padded with `0`s. -#[inline(always)] -pub fn u32_from_le_bytes(value: &[u8]) -> u32 { - let mut padded = [0u8; 4]; - padded[0..value.len()].copy_from_slice(value); - load8_32_le(&padded) -} - -/// u32 from u8s le -#[inline(always)] -pub fn load8_32_le(value: &[u8]) -> u32 { - u32::from_le_bytes(value.try_into().unwrap()) -} - -/// Store a `u32` into little endian bytes. -/// -/// When the output has less than 4 bytes left to write in, only the available -/// number of bytes are written. -#[inline(always)] -pub fn u32_to_le_bytes(out: &mut [u8], value: u32) { - let mut padded = [0u8; 4]; - store8_32_le_ip(&mut padded, value); - out.copy_from_slice(&padded[0..out.len()]); -} - -#[inline(always)] -pub fn store8_32_le_ip(out: &mut [u8], value: u32) { - let tmp = value.to_le_bytes(); - for j in 0..4 { - out[j] = tmp[j]; - } -} diff --git a/polynomials-aarch64/src/neon.rs b/polynomials-aarch64/src/neon.rs deleted file mode 100644 index 88157fdf3..000000000 --- a/polynomials-aarch64/src/neon.rs +++ /dev/null @@ -1,282 +0,0 @@ -#![allow(non_camel_case_types)] -pub(crate) use core::arch::aarch64::*; - -#[inline(always)] -pub(crate) fn _vdupq_n_s16(i: i16) -> int16x8_t { - unsafe { vdupq_n_s16(i) } -} - -#[inline(always)] -pub(crate) fn _vst1q_s16(out: &mut [i16], v: int16x8_t) { - unsafe { vst1q_s16(out.as_mut_ptr(), v) } -} - -#[inline(always)] -pub(crate) fn _vld1q_s16(array: &[i16]) -> int16x8_t { - unsafe { vld1q_s16(array.as_ptr()) } -} - -#[inline(always)] -pub(crate) fn _vaddq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { - unsafe { vaddq_s16(lhs, rhs) } -} - -#[inline(always)] -pub(crate) fn _vsubq_s16(lhs: int16x8_t, rhs: int16x8_t) -> int16x8_t { - unsafe { vsubq_s16(lhs, rhs) } -} - -#[inline(always)] -pub(crate) fn _vmulq_n_s16(v: int16x8_t, c: i16) -> int16x8_t { - unsafe { vmulq_n_s16(v, c) } -} - -#[inline(always)] -pub(crate) fn _vmulq_n_u16(v: uint16x8_t, c: u16) -> uint16x8_t { - unsafe { vmulq_n_u16(v, c) } -} - -#[inline(always)] -pub(crate) fn _vshrq_n_s16(v: int16x8_t) -> int16x8_t { - unsafe { vshrq_n_s16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshrq_n_u16(v: uint16x8_t) -> uint16x8_t { - unsafe { vshrq_n_u16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshlq_n_s16(v: int16x8_t) -> int16x8_t { - unsafe { vshlq_n_s16::(v) } -} - -#[inline(always)] -pub(crate) fn _vshlq_n_u32(v: uint32x4_t) -> uint32x4_t { - unsafe { vshlq_n_u32::(v) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_n_s16(k: int16x8_t, b: i16) -> int16x8_t { - unsafe { vqdmulhq_n_s16(k, b) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { - unsafe { vqdmulhq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _vcgeq_s16(v: int16x8_t, c: int16x8_t) -> uint16x8_t { - unsafe { vcgeq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _vandq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vandq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u16(m0: uint16x8_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u16(m0) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u16_s16(m0: int16x8_t) -> uint16x8_t { - unsafe { vreinterpretq_u16_s16(m0) } -} -#[inline(always)] -pub(crate) fn _vmulq_s16(v: int16x8_t, c: int16x8_t) -> int16x8_t { - unsafe { vmulq_s16(v, c) } -} -#[inline(always)] -pub(crate) fn _veorq_s16(mask: int16x8_t, shifted: int16x8_t) -> int16x8_t { - unsafe { veorq_s16(mask, shifted) } -} -#[inline(always)] -pub(crate) fn _vdupq_n_u32(value: u32) -> uint32x4_t { - unsafe { vdupq_n_u32(value) } -} -#[inline(always)] -pub(crate) fn _vaddq_u32(compressed: uint32x4_t, half: uint32x4_t) -> uint32x4_t { - unsafe { vaddq_u32(compressed, half) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s32_u32(compressed: uint32x4_t) -> int32x4_t { - unsafe { vreinterpretq_s32_u32(compressed) } -} -#[inline(always)] -pub(crate) fn _vqdmulhq_n_s32(a: int32x4_t, b: i32) -> int32x4_t { - unsafe { vqdmulhq_n_s32(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_u32_s32(a: int32x4_t) -> uint32x4_t { - unsafe { vreinterpretq_u32_s32(a) } -} - -#[inline(always)] -pub(super) fn _vshrq_n_u32(a: uint32x4_t) -> uint32x4_t { - unsafe { vshrq_n_u32::(a) } -} -#[inline(always)] -pub(crate) fn _vandq_u32(a: uint32x4_t, b: uint32x4_t) -> uint32x4_t { - unsafe { vandq_u32(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u32_s16(a: int16x8_t) -> uint32x4_t { - unsafe { vreinterpretq_u32_s16(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u32(a: uint32x4_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u32(a) } -} -#[inline(always)] -pub(crate) fn _vtrn1q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vtrn1q_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vtrn2q_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vtrn2q_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vmulq_n_u32(a: uint32x4_t, b: u32) -> uint32x4_t { - unsafe { vmulq_n_u32(a, b) } -} - -#[inline(always)] -pub(super) fn _vtrn1q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vtrn1q_s32(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_s32(a: int32x4_t) -> int16x8_t { - unsafe { vreinterpretq_s16_s32(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s32_s16(a: int16x8_t) -> int32x4_t { - unsafe { vreinterpretq_s32_s16(a) } -} - -#[inline(always)] -pub(super) fn _vtrn2q_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vtrn2q_s32(a, b) } -} -#[inline(always)] -pub(crate) fn _vtrn1q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vtrn1q_s64(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_s64(a: int64x2_t) -> int16x8_t { - unsafe { vreinterpretq_s16_s64(a) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s64_s16(a: int16x8_t) -> int64x2_t { - unsafe { vreinterpretq_s64_s16(a) } -} -#[inline(always)] -pub(crate) fn _vtrn2q_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vtrn2q_s64(a, b) } -} -#[inline(always)] -pub(crate) fn _vmull_s16(a: int16x4_t, b: int16x4_t) -> int32x4_t { - unsafe { vmull_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vget_low_s16(a: int16x8_t) -> int16x4_t { - unsafe { vget_low_s16(a) } -} -#[inline(always)] -pub(crate) fn _vmull_high_s16(a: int16x8_t, b: int16x8_t) -> int32x4_t { - unsafe { vmull_high_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vmlal_s16(a: int32x4_t, b: int16x4_t, c: int16x4_t) -> int32x4_t { - unsafe { vmlal_s16(a, b, c) } -} -#[inline(always)] -pub(crate) fn _vmlal_high_s16(a: int32x4_t, b: int16x8_t, c: int16x8_t) -> int32x4_t { - unsafe { vmlal_high_s16(a, b, c) } -} -#[inline(always)] -pub(crate) fn _vld1q_u8(ptr: &[u8]) -> uint8x16_t { - unsafe { vld1q_u8(ptr.as_ptr()) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u8_s16(a: int16x8_t) -> uint8x16_t { - unsafe { vreinterpretq_u8_s16(a) } -} -#[inline(always)] -pub(crate) fn _vqtbl1q_u8(t: uint8x16_t, idx: uint8x16_t) -> uint8x16_t { - unsafe { vqtbl1q_u8(t, idx) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_s16_u8(a: uint8x16_t) -> int16x8_t { - unsafe { vreinterpretq_s16_u8(a) } -} -#[inline(always)] -pub(crate) fn _vshlq_s16(a: int16x8_t, b: int16x8_t) -> int16x8_t { - unsafe { vshlq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vshlq_u16(a: uint16x8_t, b: int16x8_t) -> uint16x8_t { - unsafe { vshlq_u16(a, b) } -} -#[inline(always)] -pub(crate) fn _vaddv_u16(a: uint16x4_t) -> u16 { - unsafe { vaddv_u16(a) } -} -#[inline(always)] -pub(crate) fn _vget_low_u16(a: uint16x8_t) -> uint16x4_t { - unsafe { vget_low_u16(a) } -} -#[inline(always)] -pub(crate) fn _vget_high_u16(a: uint16x8_t) -> uint16x4_t { - unsafe { vget_high_u16(a) } -} -#[inline(always)] -pub(crate) fn _vaddvq_s16(a: int16x8_t) -> i16 { - unsafe { vaddvq_s16(a) } -} - -#[inline(always)] -pub(super) fn _vsliq_n_s32(a: int32x4_t, b: int32x4_t) -> int32x4_t { - unsafe { vsliq_n_s32::(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_s64_s32(a: int32x4_t) -> int64x2_t { - unsafe { vreinterpretq_s64_s32(a) } -} - -#[inline(always)] -pub(super) fn _vsliq_n_s64(a: int64x2_t, b: int64x2_t) -> int64x2_t { - unsafe { vsliq_n_s64::(a, b) } -} - -#[inline(always)] -pub(super) fn _vreinterpretq_u8_s64(a: int64x2_t) -> uint8x16_t { - unsafe { vreinterpretq_u8_s64(a) } -} - -#[inline(always)] -pub(super) fn _vst1q_u8(out: &mut [u8], v: uint8x16_t) { - unsafe { vst1q_u8(out.as_mut_ptr(), v) } -} -#[inline(always)] -pub(crate) fn _vdupq_n_u16(value: u16) -> uint16x8_t { - unsafe { vdupq_n_u16(value) } -} -#[inline(always)] -pub(crate) fn _vandq_u16(a: uint16x8_t, b: uint16x8_t) -> uint16x8_t { - unsafe { vandq_u16(a, b) } -} -#[inline(always)] -pub(crate) fn _vreinterpretq_u16_u8(a: uint8x16_t) -> uint16x8_t { - unsafe { vreinterpretq_u16_u8(a) } -} -#[inline(always)] -pub(crate) fn _vld1q_u16(ptr: &[u16]) -> uint16x8_t { - unsafe { vld1q_u16(ptr.as_ptr()) } -} -#[inline(always)] -pub(crate) fn _vcleq_s16(a: int16x8_t, b: int16x8_t) -> uint16x8_t { - unsafe { vcleq_s16(a, b) } -} -#[inline(always)] -pub(crate) fn _vaddvq_u16(a: uint16x8_t) -> u16 { - unsafe { vaddvq_u16(a) } -} diff --git a/polynomials-aarch64/src/rejsample.rs b/polynomials-aarch64/src/rejsample.rs deleted file mode 100644 index 64e64a0dc..000000000 --- a/polynomials-aarch64/src/rejsample.rs +++ /dev/null @@ -1,797 +0,0 @@ -#![forbid(unsafe_code)] - -use crate::neon::*; - -/// This table is taken from PQClean. It is used in rej_sample -// It implements the following logic: -// let mut index : [u8;16] = [0u8; 16]; -// let mut idx = 0; -// for i in 0..8 { -// if used > 0 { -// let next = used.trailing_zeros(); -// idx = idx + next; -// index[i*2] = (idx*2) as u8; -// index[i*2+1] = (idx*2 + 1) as u8; -// idx = idx + 1; -// used = used >> (next+1); -// } -// } -// let index_vec = unsafe { vld1q_u8(index.as_ptr() as *const u8) }; -// End of index table lookup calculation - -const IDX_TABLE: [[u8; 16]; 256] = [ - [ - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, - ], // 0 - [ - 0, 1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 1 - [ - 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 2 - [ - 0, 1, 2, 3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 3 - [ - 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 4 - [ - 0, 1, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 5 - [ - 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 6 - [ - 0, 1, 2, 3, 4, 5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 7 - [ - 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 8 - [ - 0, 1, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 9 - [ - 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 10 - [ - 0, 1, 2, 3, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 11 - [ - 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 12 - [ - 0, 1, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 13 - [ - 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 14 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 15 - [ - 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 16 - [ - 0, 1, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 17 - [ - 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 18 - [ - 0, 1, 2, 3, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 19 - [ - 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 20 - [ - 0, 1, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 21 - [ - 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 22 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 23 - [ - 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 24 - [ - 0, 1, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 25 - [ - 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 26 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 27 - [ - 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 28 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 29 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 30 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 31 - [ - 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 32 - [ - 0, 1, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 33 - [ - 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 34 - [ - 0, 1, 2, 3, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 35 - [ - 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 36 - [ - 0, 1, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 37 - [ - 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 38 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 39 - [ - 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 40 - [ - 0, 1, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 41 - [ - 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 42 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 43 - [ - 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 44 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 45 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 46 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 47 - [ - 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 48 - [ - 0, 1, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 49 - [ - 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 50 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 51 - [ - 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 52 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 53 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 54 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 55 - [ - 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 56 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 57 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 58 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 59 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 60 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 61 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 62 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0xff, 0xff, 0xff, 0xff], // 63 - [ - 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 64 - [ - 0, 1, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 65 - [ - 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 66 - [ - 0, 1, 2, 3, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 67 - [ - 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 68 - [ - 0, 1, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 69 - [ - 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 70 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 71 - [ - 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 72 - [ - 0, 1, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 73 - [ - 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 74 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 75 - [ - 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 76 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 77 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 78 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 79 - [ - 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 80 - [ - 0, 1, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 81 - [ - 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 82 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 83 - [ - 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 84 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 85 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 86 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 87 - [ - 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 88 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 89 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 90 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 91 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 92 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 93 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 94 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 0xff, 0xff, 0xff, 0xff], // 95 - [ - 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 96 - [ - 0, 1, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 97 - [ - 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 98 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 99 - [ - 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 100 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 101 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 102 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 103 - [ - 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 104 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 105 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 106 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 107 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 108 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 109 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 110 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 111 - [ - 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 112 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 113 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 114 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 115 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 116 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 117 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 118 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 119 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 120 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 121 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 122 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 123 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 124 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 125 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff, 0xff, 0xff, - ], // 126 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 0xff, 0xff], // 127 - [ - 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 128 - [ - 0, 1, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 129 - [ - 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 130 - [ - 0, 1, 2, 3, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 131 - [ - 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 132 - [ - 0, 1, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 133 - [ - 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 134 - [ - 0, 1, 2, 3, 4, 5, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 135 - [ - 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 136 - [ - 0, 1, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 137 - [ - 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 138 - [ - 0, 1, 2, 3, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 139 - [ - 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 140 - [ - 0, 1, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 141 - [ - 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 142 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 143 - [ - 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 144 - [ - 0, 1, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 145 - [ - 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 146 - [ - 0, 1, 2, 3, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 147 - [ - 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 148 - [ - 0, 1, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 149 - [ - 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 150 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 151 - [ - 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 152 - [ - 0, 1, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 153 - [ - 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 154 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 155 - [ - 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 156 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 157 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 158 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 0xff, 0xff, 0xff, 0xff], // 159 - [ - 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 160 - [ - 0, 1, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 161 - [ - 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 162 - [ - 0, 1, 2, 3, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 163 - [ - 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 164 - [ - 0, 1, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 165 - [ - 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 166 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 167 - [ - 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 168 - [ - 0, 1, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 169 - [ - 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 170 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 171 - [ - 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 172 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 173 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 174 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 175 - [ - 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 176 - [ - 0, 1, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 177 - [ - 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 178 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 179 - [ - 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 180 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 181 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 182 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 183 - [ - 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 184 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 185 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 186 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 187 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 188 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 189 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 190 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, 15, 0xff, 0xff], // 191 - [ - 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 192 - [ - 0, 1, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 193 - [ - 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 194 - [ - 0, 1, 2, 3, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 195 - [ - 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 196 - [ - 0, 1, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 197 - [ - 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 198 - [ - 0, 1, 2, 3, 4, 5, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 199 - [ - 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 200 - [ - 0, 1, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 201 - [ - 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 202 - [ - 0, 1, 2, 3, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 203 - [ - 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 204 - [ - 0, 1, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 205 - [ - 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 206 - [ - 0, 1, 2, 3, 4, 5, 6, 7, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 207 - [ - 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 208 - [ - 0, 1, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 209 - [ - 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 210 - [ - 0, 1, 2, 3, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 211 - [ - 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 212 - [ - 0, 1, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 213 - [ - 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 214 - [ - 0, 1, 2, 3, 4, 5, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 215 - [ - 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 216 - [ - 0, 1, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 217 - [ - 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 218 - [ - 0, 1, 2, 3, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 219 - [ - 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 220 - [ - 0, 1, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 221 - [ - 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 222 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 0xff, 0xff], // 223 - [ - 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 224 - [ - 0, 1, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 225 - [ - 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 226 - [ - 0, 1, 2, 3, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 227 - [ - 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 228 - [ - 0, 1, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 229 - [ - 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 230 - [ - 0, 1, 2, 3, 4, 5, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 231 - [ - 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 232 - [ - 0, 1, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 233 - [ - 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 234 - [ - 0, 1, 2, 3, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 235 - [ - 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 236 - [ - 0, 1, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 237 - [ - 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 238 - [0, 1, 2, 3, 4, 5, 6, 7, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 239 - [ - 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 240 - [ - 0, 1, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 241 - [ - 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 242 - [ - 0, 1, 2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 243 - [ - 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 244 - [ - 0, 1, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 245 - [ - 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 246 - [0, 1, 2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 247 - [ - 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - ], // 248 - [ - 0, 1, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 249 - [ - 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 250 - [0, 1, 2, 3, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 251 - [ - 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff, 0xff, 0xff, - ], // 252 - [0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 253 - [2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 0xff, 0xff], // 254 - [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15], // 255 -]; - -#[inline(always)] -pub(crate) fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { - let neon_bits: [u16; 8] = [0x1, 0x2, 0x4, 0x8, 0x10, 0x20, 0x40, 0x80]; - let bits = _vld1q_u16(&neon_bits); - let fm = _vdupq_n_s16(3328); - - let input = super::simd128ops::deserialize_12(a); - let mask0 = _vcleq_s16(input.low, fm); - let mask1 = _vcleq_s16(input.high, fm); - let masked = _vandq_u16(mask0, bits); - let used0 = _vaddvq_u16(masked); - let masked = _vandq_u16(mask1, bits); - let used1 = _vaddvq_u16(masked); - let pick0 = used0.count_ones(); - let pick1 = used1.count_ones(); - - // XXX: the indices used0 and used1 must be < 256. - let index_vec0 = _vld1q_u8(&IDX_TABLE[(used0 as u8) as usize]); - let shifted0 = _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.low), index_vec0)); - let index_vec1 = _vld1q_u8(&IDX_TABLE[(used1 as u8) as usize]); - let shifted1 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(input.high), index_vec1)); - - let idx0 = usize::try_from(pick0).unwrap(); - _vst1q_s16(&mut out[0..8], shifted0); - _vst1q_s16(&mut out[idx0..idx0 + 8], shifted1); - (pick0 + pick1) as usize -} diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst deleted file mode 100644 index cd19825be..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Arithmetic.fst +++ /dev/null @@ -1,159 +0,0 @@ -module Libcrux_polynomials_avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_BARRETT_MULTIPLIER: i16 = 20159s - -let add (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let bitwise_and_with_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let multiply_by_constant (vector: u8) (constant: i16) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant <: u8) - -let shift_left (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi16 v_SHIFT_BY vector - -let shift_right (v_SHIFT_BY: i32) (vector: u8) : u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 v_SHIFT_BY vector - -/// See Section 3.2 of the implementation notes document for an explanation -/// of this code. -let barrett_reduce (vector: u8) : u8 = - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: u8) - in - let t:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 t - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 512s <: u8) - in - let quotient:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 10l t in - let quotient_times_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 quotient - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector quotient_times_field_modulus - -let cond_subtract_3329_ (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let vv_minus_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 vector field_modulus - in - let sign_mask:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi16 15l vv_minus_field_modulus - in - let conditional_add_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_and_si256 sign_mask field_modulus - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 vv_minus_field_modulus - conditional_add_field_modulus - -let montgomery_multiply_by_constant (vector: u8) (constant: i16) : u8 = - let constant:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 constant in - let value_low:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 vector constant - in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 vector constant - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_multiply_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - -let montgomery_reduce_i32s (v: u8) : u8 = - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 v - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i32) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srli_epi32 16l v in - let result:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 value_high k_times_modulus - in - let result:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l result in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_srai_epi32 16l result - -let sub (lhs rhs: u8) : u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_sub_epi16 lhs rhs - -let montgomery_multiply_m128i_by_constants (v c: u8) : u8 = - let value_low:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 v c in - let k:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mullo_epi16 value_low - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 (cast (Libcrux_traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R - <: - u32) - <: - i16) - <: - u8) - in - let k_times_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 k - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - <: - u8) - in - let value_high:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_mulhi_epi16 v c in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 value_high k_times_modulus diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst deleted file mode 100644 index 252e284a9..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Compress.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) : u8 = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (cast (Libcrux_traits.v_FIELD_MODULUS - <: - i16) - <: - i32) - in - let two_pow_coefficient_bits:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi32 (1l <=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi128_si256 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_castsi256_si128 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cmpgt_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_cvtepi16_epi32 (vector: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL =. 0l <: bool) || (v_CONTROL =. 1l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL == 0 || CONTROL == 1" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_loadu_si256 (input: t_Slice i16) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_madd_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mul_epu32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_mullo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_packs_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_permutevar8x32_epi32 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set1_epi32 (constant: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi16 - (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: - i16) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_setzero_si256 (_: Prims.unit) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_CONTROL >=. 0l <: bool) && (v_CONTROL <. 256l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: CONTROL >= 0 && CONTROL < 256" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_sllv_epi32 (vector counts: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 16l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 16" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 32l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 32" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - if ~.((v_SHIFT_BY >=. 0l <: bool) && (v_SHIFT_BY <. 64l <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: SHIFT_BY >= 0 && SHIFT_BY < 64" - - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_storeu_si256 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm256_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpackhi_epi64 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_unpacklo_epi32 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm256_xor_si256 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_add_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_loadu_si128 (input: t_Slice u8) : u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len input, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_movemask_epi8 (vector: u8) : i32 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mulhi_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_mullo_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_packs_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set1_epi16 (constant: i16) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_set_epi8 - (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - u8) - : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_shuffle_epi8 (vector control: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - -let mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : t_Slice u8 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 16 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_storeu_si128 (output: t_Slice i16) (vector: u8) : t_Slice i16 = - let _:Prims.unit = - if true - then - let _:Prims.unit = - match Core.Slice.impl__len output, sz 8 <: (usize & usize) with - | left_val, right_val -> - if ~.(left_val =. right_val <: bool) - then - let kind:Core.Panicking.t_AssertKind = - Core.Panicking.AssertKind_Eq <: Core.Panicking.t_AssertKind - in - Rust_primitives.Hax.never_to_any (Core.Panicking.assert_failed kind - left_val - right_val - (Core.Option.Option_None <: Core.Option.t_Option Core.Fmt.t_Arguments) - <: - Rust_primitives.Hax.t_Never) - in - () - in - let hax_temp_output:Prims.unit = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) - in - output - -let mm_sub_epi16 (lhs rhs: u8) : u8 = - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not implemented" - <: - Rust_primitives.Hax.t_Never) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst deleted file mode 100644 index 5b788b5ad..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Ntt.fst +++ /dev/null @@ -1,192 +0,0 @@ -module Libcrux_polynomials_avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let ntt_multiply__PERMUTE_WITH: i32 = 216l - -let inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) - 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 - 0s 0s zeta1 zeta1 0s 0s zeta0 zeta0 0s 0s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Arithmetic.barrett_reduce sum in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 204l sum sum_times_zetas - -let inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 160l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi16 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s - 1s 1s (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s - <: - u8) - in - let sum:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants sum - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s - 0s 0s zeta0 zeta0 zeta0 zeta0 0s 0s 0s 0s - <: - u8) - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 240l sum sum_times_zetas - -let inv_ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 - <: - i16) (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) - (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 160l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) : u8 = - let zetas:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 - <: - i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) - (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) - (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 - zeta0 - in - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 238l vector in - let rhs:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi32 68l vector in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi16 lhs rhs - -let ntt_layer_3_step (vector: u8) (zeta: i16) : u8 = - let rhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l vector in - let rhs:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_set1_epi16 zeta <: u8) - in - let lhs:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm_sub_epi16 lhs rhs in - let combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi128_si256 lower_coefficients - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_inserti128_si256 1l - combined - upper_coefficients - -let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) : u8 = - let shuffle_with:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y - 12y 9y 8y 5y 4y 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 lhs shuffle_with - in - let lhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 lhs_shuffled - in - let lhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_evens - in - let lhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l lhs_shuffled - in - let lhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 lhs_odds in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs shuffle_with - in - let rhs_shuffled:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_permute4x64_epi64 216l rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 rhs_shuffled - in - let rhs_evens:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_evens - in - let rhs_odds:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l rhs_shuffled - in - let rhs_odds:u8 = Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cvtepi16_epi32 rhs_odds in - let left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_evens rhs_evens - in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 lhs_odds rhs_odds - in - let right:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s right in - let right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_mullo_epi32 right - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast ( - zeta3 <: i16) - <: - i32) - <: - i32) - (cast (zeta3 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta2 <: i16) <: i32) <: i32) - (cast (zeta2 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta1 <: i16) <: i32) <: i32) - (cast (zeta1 <: i16) <: i32) - (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) - (cast (zeta0 <: i16) <: i32) - <: - u8) - in - let products_left:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_add_epi32 left right - in - let products_left:u8 = Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_left in - let rhs_adjacent_swapped:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_shuffle_epi8 rhs - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y - 5y 4y 7y 6y 1y 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y - <: - u8) - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 lhs rhs_adjacent_swapped - in - let products_right:u8 = - Libcrux_polynomials_avx2.Arithmetic.montgomery_reduce_i32s products_right - in - let products_right:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_slli_epi32 16l products_right - in - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_blend_epi16 170l products_left products_right diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst deleted file mode 100644 index 65ce23750..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Sampling.fst +++ /dev/null @@ -1,2111 +0,0 @@ -module Libcrux_polynomials_avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let v_REJECTION_SAMPLE_SHUFFLE_TABLE: t_Array (t_Array u8 (sz 16)) (sz 256) = - let list = - [ - (let list = - [ - 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 2uy; 3uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; 255uy; - 255uy; 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 0uy; 1uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 2uy; 3uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [ - 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy; 255uy; - 255uy - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [0uy; 1uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - (let list = - [2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy; 255uy; 255uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list); - let list = - [0uy; 1uy; 2uy; 3uy; 4uy; 5uy; 6uy; 7uy; 8uy; 9uy; 10uy; 11uy; 12uy; 13uy; 14uy; 15uy] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 256); - Rust_primitives.Hax.array_of_list 256 list - -let rejection_sample (input: t_Slice u8) (output: t_Slice i16) : (t_Slice i16 & usize) = - let field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set1_epi16 Libcrux_traits.v_FIELD_MODULUS - in - let potential_coefficients:u8 = Libcrux_polynomials_avx2.Serialize.deserialize_12_ input in - let compare_with_field_modulus:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_cmpgt_epi16 field_modulus - potential_coefficients - in - let good:t_Array u8 (sz 2) = - Libcrux_polynomials_avx2.Serialize.serialize_1_ compare_with_field_modulus - in - let lower_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] <: u8) <: usize ] - in - let lower_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - - <: - t_Slice u8) - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_castsi256_si128 potential_coefficients - in - let lower_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 lower_coefficients lower_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - lower_coefficients - <: - t_Slice i16) - in - let sampled_count:usize = - cast (Core.Num.impl__u8__count_ones (good.[ sz 0 ] <: u8) <: u32) <: usize - in - let upper_shuffles:t_Array u8 (sz 16) = - v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 1 ] <: u8) <: usize ] - in - let upper_shuffles:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - - <: - t_Slice u8) - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_extracti128_si256 1l potential_coefficients - in - let upper_coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm_shuffle_epi8 upper_coefficients upper_shuffles - in - let output:t_Slice i16 = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range output - ({ - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm_storeu_si128 (output.[ { - Core.Ops.Range.f_start = sampled_count; - Core.Ops.Range.f_end = sampled_count +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - upper_coefficients - <: - t_Slice i16) - in - let hax_temp_output:usize = - sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) - in - output, hax_temp_output <: (t_Slice i16 & usize) diff --git a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst b/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst deleted file mode 100644 index f951730a4..000000000 --- a/polynomials-avx2/proofs/fstar/extraction/Libcrux_polynomials_avx2.Serialize.fst +++ /dev/null @@ -1,557 +0,0 @@ -module Libcrux_polynomials_avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_1_ (bytes: t_Slice u8) : u8 = - let coefficients:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) - <: - i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) - in - let shift_lsb_to_msb:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s <>! 8l <: i32) <: u8) - in - serialized - -let serialize_10_ (vector: u8) : t_Array u8 (sz 20) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let adjacent_2_combined:u8 = - Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_madd_epi16 vector - (Libcrux_polynomials_avx2.Intrinsics_extraction.mm256_set_epi16 (1s < usize { - let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - - // The input bytes can be interpreted as a sequence of serialized - // 12-bit (i.e. uncompressed) coefficients. Not all coefficients may be - // less than FIELD_MODULUS though. - let potential_coefficients = deserialize_12(input); - - // Suppose we view |potential_coefficients| as follows (grouping 64-bit elements): - // - // A B C D | E F G H | .... - // - // and A < 3329, D < 3329 and H < 3329, |compare_with_field_modulus| will look like: - // - // 0xFF 0 0 0xFF | 0 0 0 0xFF | ... - let compare_with_field_modulus = mm256_cmpgt_epi16(field_modulus, potential_coefficients); - - // Since every bit in each lane is either 0 or 1, we only need one bit from - // each lane in the register to tell us what coefficients to keep and what - // to throw-away. Combine all the bits (there are 16) into two bytes. - let good = serialize_1(compare_with_field_modulus); - - // Each bit (and its corresponding position) represents an element we - // want to sample. We'd like all such elements to be next to each other starting - // at index 0, so that they can be read from the vector easily. - // |REJECTION_SAMPLE_SHUFFLE_TABLE| encodes the byte-level shuffling indices - // needed to make this happen. - // - // For e.g. if good[0] = 0b0_0_0_0_0_0_1_0, we need to move the element in - // the 2-nd 16-bit lane to the first. To do this, we need the byte-level - // shuffle indices to be 2 3 X X X X ... - let lower_shuffles = REJECTION_SAMPLE_SHUFFLE_TABLE[good[0] as usize]; - - // Shuffle the lower 8 16-bits accordingly ... - let lower_shuffles = mm_loadu_si128(&lower_shuffles); - let lower_coefficients = mm256_castsi256_si128(potential_coefficients); - let lower_coefficients = mm_shuffle_epi8(lower_coefficients, lower_shuffles); - - // ... then write them out ... - mm_storeu_si128(&mut output[0..8], lower_coefficients); - - // ... and finally count the number of bits of |good[0]| so we know how many - // were actually sampled - let sampled_count = good[0].count_ones() as usize; - - // Do the same for |goood[1]| - let upper_shuffles = REJECTION_SAMPLE_SHUFFLE_TABLE[good[1] as usize]; - let upper_shuffles = mm_loadu_si128(&upper_shuffles); - let upper_coefficients = mm256_extracti128_si256::<1>(potential_coefficients); - let upper_coefficients = mm_shuffle_epi8(upper_coefficients, upper_shuffles); - - mm_storeu_si128( - &mut output[sampled_count..sampled_count + 8], - upper_coefficients, - ); - - sampled_count + (good[1].count_ones() as usize) -} diff --git a/src/hacl.rs b/src/hacl.rs index c3f315684..e0091f25d 100644 --- a/src/hacl.rs +++ b/src/hacl.rs @@ -16,8 +16,6 @@ pub(crate) mod curve25519; #[cfg(not(target_arch = "wasm32"))] pub(crate) mod drbg; pub(crate) mod ed25519; -pub(crate) mod hkdf; -pub(crate) mod hmac; pub(crate) mod p256; pub(crate) mod sha2; pub(crate) mod sha3; @@ -29,7 +27,7 @@ pub enum Error { Curve25519(curve25519::Error), P256(p256::Error), Ed25519(ed25519::Error), - Hkdf(hkdf::Error), + Hkdf(libcrux_hkdf::Error), } impl From for Error { @@ -50,8 +48,8 @@ impl From for Error { } } -impl From for Error { - fn from(val: hkdf::Error) -> Self { +impl From for Error { + fn from(val: libcrux_hkdf::Error) -> Self { Error::Hkdf(val) } } diff --git a/src/hkdf.rs b/src/hkdf.rs index 7093bf19f..c23d89cd8 100644 --- a/src/hkdf.rs +++ b/src/hkdf.rs @@ -2,72 +2,8 @@ //! //! This module implements HKDF on SHA 1 and SHA 2 (except for SHA 224). -/// The HKDF algorithm defining the used hash function. -#[derive(Copy, Clone, Debug, PartialEq)] -pub enum Algorithm { - Sha256, - Sha384, - Sha512, -} - -/// HKDF Errors -#[derive(Debug, Clone, Copy, PartialEq, Eq)] -pub enum Error { - OkmLengthTooLarge, -} - -/// HKDF extract using hash function `mode`, `salt`, and the input key material `ikm`. -/// Returns the pre-key material in a vector of tag length. -pub fn extract(alg: Algorithm, salt: impl AsRef<[u8]>, ikm: impl AsRef<[u8]>) -> Vec { - match alg { - Algorithm::Sha256 => { - crate::hacl::hkdf::sha2_256::extract(salt.as_ref(), ikm.as_ref()).into() - } - Algorithm::Sha384 => { - crate::hacl::hkdf::sha2_384::extract(salt.as_ref(), ikm.as_ref()).into() - } - Algorithm::Sha512 => { - crate::hacl::hkdf::sha2_512::extract(salt.as_ref(), ikm.as_ref()).into() - } - } -} - -/// HKDF expand using hash function `mode`, pre-key material `prk`, `info`, and output length `okm_len`. -/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] -/// if the requested output length is too large. -pub fn expand( - alg: Algorithm, - prk: impl AsRef<[u8]>, - info: impl AsRef<[u8]>, - okm_len: usize, -) -> Result, Error> { - match alg { - Algorithm::Sha256 => { - crate::hacl::hkdf::sha2_256::vec::expand(prk.as_ref(), info.as_ref(), okm_len) - .map_err(|_| Error::OkmLengthTooLarge) - } - Algorithm::Sha384 => { - crate::hacl::hkdf::sha2_384::vec::expand(prk.as_ref(), info.as_ref(), okm_len) - .map_err(|_| Error::OkmLengthTooLarge) - } - Algorithm::Sha512 => { - crate::hacl::hkdf::sha2_512::vec::expand(prk.as_ref(), info.as_ref(), okm_len) - .map_err(|_| Error::OkmLengthTooLarge) - } - } -} - -/// HKDF using hash function `mode`, `salt`, input key material `ikm`, `info`, and output length `okm_len`. -/// Calls `extract` and `expand` with the given input. -/// Returns the key material in a vector of length `okm_len` or [`Error::OkmLengthTooLarge`] -/// if the requested output length is too large. -pub fn hkdf( - mode: Algorithm, - salt: &[u8], - ikm: &[u8], - info: &[u8], - okm_len: usize, -) -> Result, Error> { - let prk = extract(mode, salt, ikm); - expand(mode, prk, info, okm_len) -} +pub use libcrux_hkdf::expand; +pub use libcrux_hkdf::extract; +pub use libcrux_hkdf::hkdf; +pub use libcrux_hkdf::Algorithm; +pub use libcrux_hkdf::Error; diff --git a/src/hmac.rs b/src/hmac.rs index 8461f687a..5734662fe 100644 --- a/src/hmac.rs +++ b/src/hmac.rs @@ -2,54 +2,6 @@ //! //! This module implements HMAC on SHA 1 and SHA 2 (except for SHA 224). -use crate::hkdf; - -/// The HMAC algorithm defining the used hash function. -#[derive(Copy, Clone, Debug, PartialEq)] -pub enum Algorithm { - Sha1, - // Not implemented - // Sha224 - Sha256, - Sha384, - Sha512, -} - -impl From for Algorithm { - fn from(value: hkdf::Algorithm) -> Self { - match value { - hkdf::Algorithm::Sha256 => Self::Sha256, - hkdf::Algorithm::Sha384 => Self::Sha384, - hkdf::Algorithm::Sha512 => Self::Sha512, - } - } -} - -/// Get the tag size for a given algorithm. -pub const fn tag_size(alg: Algorithm) -> usize { - match alg { - Algorithm::Sha1 => 20, - Algorithm::Sha256 => 32, - Algorithm::Sha384 => 48, - Algorithm::Sha512 => 64, - } -} - -/// Compute the HMAC value with the given `alg` and `key` on `data` with an -/// output tag length of `tag_length`. -/// Returns a vector of length `tag_length`. -pub fn hmac(alg: Algorithm, key: &[u8], data: &[u8], tag_length: Option) -> Vec { - let native_tag_length = tag_size(alg); - let tag_length = match tag_length { - Some(v) => v, - None => native_tag_length, - }; - let mut dst: Vec<_> = match alg { - Algorithm::Sha1 => crate::hacl::hmac::sha1(key, data).into(), - Algorithm::Sha256 => crate::hacl::hmac::sha2_256(key, data).into(), - Algorithm::Sha384 => crate::hacl::hmac::sha2_384(key, data).into(), - Algorithm::Sha512 => crate::hacl::hmac::sha2_512(key, data).into(), - }; - dst.truncate(tag_length); - dst -} +pub use libcrux_hmac::hmac; +pub use libcrux_hmac::tag_size; +pub use libcrux_hmac::Algorithm; diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti new file mode 100644 index 000000000..35516c01f --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -0,0 +1,51 @@ +module Libcrux_platform.X86 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +type t_Feature = + | Feature_mmx : t_Feature + | Feature_sse : t_Feature + | Feature_sse2 : t_Feature + | Feature_sse3 : t_Feature + | Feature_pclmulqdq : t_Feature + | Feature_ssse3 : t_Feature + | Feature_fma : t_Feature + | Feature_movbe : t_Feature + | Feature_sse4_1_ : t_Feature + | Feature_sse4_2_ : t_Feature + | Feature_popcnt : t_Feature + | Feature_aes : t_Feature + | Feature_xsave : t_Feature + | Feature_osxsave : t_Feature + | Feature_avx : t_Feature + | Feature_rdrand : t_Feature + | Feature_sgx : t_Feature + | Feature_bmi1 : t_Feature + | Feature_avx2 : t_Feature + | Feature_bmi2 : t_Feature + | Feature_avx512f : t_Feature + | Feature_avx512dq : t_Feature + | Feature_rdseed : t_Feature + | Feature_adx : t_Feature + | Feature_avx512ifma : t_Feature + | Feature_avx512pf : t_Feature + | Feature_avx512er : t_Feature + | Feature_avx512cd : t_Feature + | Feature_sha : t_Feature + | Feature_avx512bw : t_Feature + | Feature_avx512vl : t_Feature + +val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ -> Prims.l_True) + +/// Initialize CPU detection. +val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) + +val init__cpuid (leaf: u32) + : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) + +val init__cpuid_count (leaf sub_leaf: u32) + : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) + +/// Check hardware [`Feature`] support. +val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)