diff --git a/.docker/c/ext-tools.sh b/.docker/c/ext-tools.sh index c6222c913..7ce0eebe3 100644 --- a/.docker/c/ext-tools.sh +++ b/.docker/c/ext-tools.sh @@ -4,23 +4,23 @@ set -v -e -x source $HOME/.profile -curl -L https://github.com/AeneasVerif/charon/archive/b351338f6a84c7a1afc27433eb0ffdc668b3581d.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/28d543bfacc902ba9cc2a734b76baae9583892a4.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-b351338f6a84c7a1afc27433eb0ffdc668b3581d/ charon +mv charon-28d543bfacc902ba9cc2a734b76baae9583892a4/ charon -curl -L https://github.com/FStarLang/karamel/archive/c96fb69d15693284644d6aecaa90afa37e4de8f0.zip \ +curl -L https://github.com/FStarLang/karamel/archive/15d4bce74a2d43e34a64f48f8311b7d9bcb0e152.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-c96fb69d15693284644d6aecaa90afa37e4de8f0/ karamel +mv karamel-15d4bce74a2d43e34a64f48f8311b7d9bcb0e152/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/7efec1624422fd5e94388ef06b9c76dfe7a48d46.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/1a65dbf3758fe310833718c645a64266294a29ac.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-7efec1624422fd5e94388ef06b9c76dfe7a48d46/ eurydice +mv eurydice-1a65dbf3758fe310833718c645a64266294a29ac/ eurydice echo "export KRML_HOME=$HOME/karamel" >>$HOME/.profile echo "export EURYDICE_HOME=$HOME/eurydice" >>$HOME/.profile diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 575339c5d..aa1767182 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -87,11 +87,6 @@ jobs: rustc --print=cfg cargo build --verbose $RUST_TARGET_FLAG --features pre-verification - - name: 🔨 Build unpacked - run: | - rustc --print=cfg - cargo build --verbose $RUST_TARGET_FLAG --features pre-verification,unpacked - - name: 🔨 Build Release run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification diff --git a/Cargo.lock b/Cargo.lock index aa70740ef..590a44b52 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -102,7 +102,7 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" [[package]] name = "benchmarks" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "chacha20poly1305", "criterion", @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.76", + "syn 2.0.77", "which", ] @@ -182,7 +182,7 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cavp" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "hex", "log", @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.15" +version = "1.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "07b1695e2c7e8fc85310cde85aeaab7e3097f593c91d209d3f9df76c928100f0" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b" dependencies = [ "anstream", "anstyle", @@ -312,14 +312,14 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" +checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab" dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -722,33 +722,33 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "proc-macro2", "quote", @@ -760,7 +760,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "proc-macro2", "quote", @@ -914,7 +914,7 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" [[package]] name = "lib25519" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "bindgen", "cc", @@ -930,7 +930,7 @@ checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "clap", "getrandom", @@ -959,7 +959,7 @@ dependencies = [ [[package]] name = "libcrux-ecdh" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "hex", "libcrux-hacl", @@ -981,7 +981,7 @@ dependencies = [ [[package]] name = "libcrux-hacl" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "bindgen", "cc", @@ -992,14 +992,14 @@ dependencies = [ [[package]] name = "libcrux-hkdf" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "libcrux-hacl", ] [[package]] name = "libcrux-hmac" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "libcrux-hacl", "libcrux-hkdf", @@ -1007,11 +1007,11 @@ dependencies = [ [[package]] name = "libcrux-intrinsics" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" [[package]] name = "libcrux-kem" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "hex", "libcrux-ecdh", @@ -1023,7 +1023,7 @@ dependencies = [ [[package]] name = "libcrux-ml-dsa" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "criterion", "hex", @@ -1038,7 +1038,7 @@ dependencies = [ [[package]] name = "libcrux-ml-kem" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "criterion", "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", @@ -1053,14 +1053,14 @@ dependencies = [ [[package]] name = "libcrux-platform" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "libc", ] [[package]] name = "libcrux-pqclean" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "bindgen", "cc", @@ -1069,7 +1069,7 @@ dependencies = [ [[package]] name = "libcrux-psq" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "classic-mceliece-rust", "criterion", @@ -1083,7 +1083,7 @@ dependencies = [ [[package]] name = "libcrux-sha3" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "cavp", "criterion", @@ -1108,7 +1108,7 @@ dependencies = [ [[package]] name = "libjade-sys" -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" dependencies = [ "bindgen", "cc", @@ -1239,7 +1239,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1293,15 +1293,15 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1312,15 +1312,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" dependencies = [ "plotters-backend", ] @@ -1406,7 +1406,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1603,9 +1603,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", @@ -1657,29 +1657,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "serde_json" -version = "1.0.127" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -1771,9 +1771,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.76" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -1807,9 +1807,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -1892,7 +1892,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-shared", ] @@ -1926,7 +1926,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1960,7 +1960,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2118,7 +2118,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2138,5 +2138,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] diff --git a/Cargo.toml b/Cargo.toml index 3bd1be7a9..22a1c40af 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -20,7 +20,7 @@ members = [ ] [workspace.package] -version = "0.0.2-alpha.3" +version = "0.0.2-beta.2" authors = ["Cryspen"] license = "Apache-2.0" homepage = "https://github.com/cryspen/libcrux" @@ -56,19 +56,19 @@ exclude = [ [lib] crate-type = ["staticlib", "cdylib", "lib"] -bench = false # so libtest doesn't eat the arguments for criterion +bench = false # so libtest doesn't eat the arguments for criterion [build-dependencies] -libcrux-platform = { version = "=0.0.2-alpha.3", path = "sys/platform" } +libcrux-platform = { version = "=0.0.2-beta.2", path = "sys/platform" } [dependencies] -libcrux-hacl = { version = "=0.0.2-alpha.3", path = "sys/hacl" } -libcrux-platform = { version = "=0.0.2-alpha.3", path = "sys/platform" } -libcrux-hkdf = { version = "=0.0.2-alpha.3", path = "libcrux-hkdf" } -libcrux-hmac = { version = "=0.0.2-alpha.3", path = "libcrux-hmac" } -libcrux-ecdh = { version = "=0.0.2-alpha.3", path = "libcrux-ecdh" } -libcrux-ml-kem = { version = "=0.0.2-alpha.3", path = "libcrux-ml-kem" } -libcrux-kem = { version = "=0.0.2-alpha.3", path = "libcrux-kem" } +libcrux-hacl = { version = "=0.0.2-beta.2", path = "sys/hacl" } +libcrux-platform = { version = "=0.0.2-beta.2", path = "sys/platform" } +libcrux-hkdf = { version = "=0.0.2-beta.2", path = "libcrux-hkdf" } +libcrux-hmac = { version = "=0.0.2-beta.2", path = "libcrux-hmac" } +libcrux-ecdh = { version = "=0.0.2-beta.2", path = "libcrux-ecdh" } +libcrux-ml-kem = { version = "=0.0.2-beta.2", path = "libcrux-ml-kem" } +libcrux-kem = { version = "=0.0.2-beta.2", path = "libcrux-kem" } rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API @@ -98,14 +98,25 @@ wasm-bindgen-test = "0.3" getrandom = { version = "0.2", features = ["js"] } [features] -hacspec = [] # TODO: #7 Use specs instead of efficient implementations +hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] wasm = ["wasm-bindgen", "getrandom"] log = ["dep:log"] -tests = [] # Expose functions for testing. -experimental = [] # Expose experimental APIs. +tests = [] # Expose functions for testing. +experimental = [] # Expose experimental APIs. [profile.release] lto = "fat" codegen-units = 1 panic = "abort" + +[lints.rust] +unexpected_cfgs = { level = "warn", check-cfg = [ + 'cfg(hax)', + 'cfg(eurydice)', + 'cfg(doc_cfg)', + 'cfg(libjade)', + 'cfg(simd128)', + 'cfg(simd256)', + 'cfg(aes_ni)', +] } diff --git a/benchmarks/Cargo.toml b/benchmarks/Cargo.toml index 3458bfeda..4928bd34d 100644 --- a/benchmarks/Cargo.toml +++ b/benchmarks/Cargo.toml @@ -50,7 +50,7 @@ pqcrypto-kyber = { version = "0.8.0" } openssl = "0.10" [target.'cfg(all(not(target_os = "windows"), target_arch = "x86_64"))'.dev-dependencies] -libjade-sys = { version = "=0.0.2-alpha.3", path = "../sys/libjade" } +libjade-sys = { version = "=0.0.2-beta.2", path = "../sys/libjade" } [[bench]] name = "sha2" diff --git a/libcrux-ecdh/Cargo.toml b/libcrux-ecdh/Cargo.toml index 9c9816686..eecc87753 100644 --- a/libcrux-ecdh/Cargo.toml +++ b/libcrux-ecdh/Cargo.toml @@ -14,7 +14,7 @@ path = "src/ecdh.rs" [dependencies] rand = { version = "0.8" } -libcrux-hacl = { version = "=0.0.2-alpha.3", path = "../sys/hacl" } +libcrux-hacl = { version = "=0.0.2-beta.2", path = "../sys/hacl" } [dev-dependencies] rand_core = { version = "0.6" } diff --git a/libcrux-hkdf/Cargo.toml b/libcrux-hkdf/Cargo.toml index 2695baedd..af1715038 100644 --- a/libcrux-hkdf/Cargo.toml +++ b/libcrux-hkdf/Cargo.toml @@ -13,5 +13,5 @@ description = "Libcrux HKDF implementation" path = "src/hkdf.rs" [dependencies] -libcrux-hacl = { version = "=0.0.2-alpha.3", path = "../sys/hacl" } +libcrux-hacl = { version = "=0.0.2-beta.2", path = "../sys/hacl" } diff --git a/libcrux-hmac/Cargo.toml b/libcrux-hmac/Cargo.toml index 5eb3cf340..a29de12d0 100644 --- a/libcrux-hmac/Cargo.toml +++ b/libcrux-hmac/Cargo.toml @@ -13,5 +13,5 @@ description = "Libcrux HMAC implementation" path = "src/hmac.rs" [dependencies] -libcrux-hkdf = { version = "=0.0.2-alpha.3", path = "../libcrux-hkdf" } -libcrux-hacl = { version = "=0.0.2-alpha.3", path = "../sys/hacl" } +libcrux-hkdf = { version = "=0.0.2-beta.2", path = "../libcrux-hkdf" } +libcrux-hacl = { version = "=0.0.2-beta.2", path = "../sys/hacl" } diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 7af7f302a..5ac496e48 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -3,10 +3,14 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul +val mm256_abs_epi32 (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_add_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_add_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi64 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_and_si256 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_andnot_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -14,12 +18,24 @@ val mm256_andnot_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_blend_epi32 (v_CONTROL: i32) (lhs rhs: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_bsrli_epi128 (v_SHIFT_BY: i32) (x: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_castsi128_si256 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_castsi256_ps (a: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_castsi256_si128 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpeq_epi32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cmpgt_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpgt_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cvtepi16_epi32 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) @@ -30,10 +46,16 @@ val mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) val mm256_loadu_si256_i16 (input: t_Slice i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_loadu_si256_i32 (input: t_Slice i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_madd_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_mul_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_mul_epu32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_mulhi_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -42,6 +64,8 @@ val mm256_mullo_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims val mm256_mullo_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_or_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_packs_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_permute2x128_si256 (v_IMM8: i32) (a b: u8) @@ -67,11 +91,16 @@ val mm256_set_epi16 val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set_epi64x (input3 input2 input1 input0: i64) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_set_epi8 (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: i8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set_m128i (hi lo: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_setzero_si256: Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) @@ -79,6 +108,8 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) val mm256_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sign_epi32 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -104,14 +135,25 @@ val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srlv_epi32 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srlv_epi64 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: u8) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) +val mm256_storeu_si256_i32 (output: t_Slice i32) (vector: u8) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val mm256_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_testz_si256 (lhs rhs: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + val mm256_unpackhi_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) val mm256_unpackhi_epi64 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) @@ -136,6 +178,9 @@ val mm_packs_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_ val mm_set1_epi16 (constant: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_set_epi32 (input3 input2 input1 input0: i32) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: u8) @@ -143,10 +188,20 @@ val mm_set_epi8 val mm_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_sllv_epi32 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) + : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val mm_storeu_si128 (output: t_Slice i16) (vector: u8) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) +val mm_storeu_si128_i32 (output: t_Slice i32) (vector: u8) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) + val mm_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val vec256_blendv_epi32 (a b mask: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-kem/Cargo.toml b/libcrux-kem/Cargo.toml index 506568358..1547958b1 100644 --- a/libcrux-kem/Cargo.toml +++ b/libcrux-kem/Cargo.toml @@ -14,9 +14,9 @@ exclude = ["/tests"] path = "src/kem.rs" [dependencies] -libcrux-ml-kem = { version = "0.0.2-alpha.3", path = "../libcrux-ml-kem" } -libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } -libcrux-ecdh = { version = "0.0.2-alpha.3", path = "../libcrux-ecdh" } +libcrux-ml-kem = { version = "0.0.2-beta.2", path = "../libcrux-ml-kem" } +libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } +libcrux-ecdh = { version = "0.0.2-beta.2", path = "../libcrux-ecdh" } rand = { version = "0.8" } [features] diff --git a/libcrux-ml-dsa/Cargo.toml b/libcrux-ml-dsa/Cargo.toml index 3f8c04df1..413aef998 100644 --- a/libcrux-ml-dsa/Cargo.toml +++ b/libcrux-ml-dsa/Cargo.toml @@ -16,9 +16,9 @@ bench = false # so libtest doesn't eat the arguments to criterion # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } -libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } +libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } +libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } +libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } [dev-dependencies] rand = { version = "0.8" } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index a0f82ec4e..3c230e0e8 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -23,9 +23,9 @@ bench = false # so libtest doesn't eat the arguments to criterion [dependencies] rand = { version = "0.8", optional = true } -libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } -libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } -libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } +libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } +libcrux-sha3 = { version = "0.0.2-beta.2", path = "../libcrux-sha3" } +libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } # This is only required for verification. # The hax config is set by the hax toolchain. @@ -47,9 +47,6 @@ mlkem512 = [] mlkem768 = [] mlkem1024 = [] -# Enable the unpacked API -unpacked = [] - # Enable Round 3 Kyber in addition to ML-KEM kyber = [] @@ -86,7 +83,7 @@ name = "keygen" required-features = ["mlkem768"] [package.metadata."docs.rs"] -features = ["pre-verification", "kyber", "unpacked"] +features = ["pre-verification", "kyber"] rustdoc-args = ["--cfg", "doc_cfg"] [lints.rust] diff --git a/libcrux-ml-kem/benches/ml-kem.rs b/libcrux-ml-kem/benches/ml-kem.rs index 5e004aaf1..ef048452d 100644 --- a/libcrux-ml-kem/benches/ml-kem.rs +++ b/libcrux-ml-kem/benches/ml-kem.rs @@ -13,11 +13,20 @@ macro_rules! init { use $version as version; #[cfg(feature = "pre-verification")] - fun!("portable", version::portable, group); + { + fun!("portable", version::portable, group); + fun_unpacked!("portable", version::portable::unpacked, group); + } #[cfg(all(feature = "simd128", feature = "pre-verification"))] - fun!("neon", version::neon, group); + { + fun!("neon", version::neon, group); + fun_unpacked!("neon", version::neon::unpacked, group); + } #[cfg(all(feature = "simd256", feature = "pre-verification"))] - fun!("neon", version::avx2, group); + { + fun!("avx2", version::avx2, group); + fun_unpacked!("avx2", version::avx2::unpacked, group); + } #[cfg(not(feature = "pre-verification"))] fun!("verified", version, group); }}; @@ -40,49 +49,27 @@ pub fn key_generation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function( + format!("libcrux unpacked {} (external random)", $name), + |b| { + use $p as p; + + let mut seed = [0; 64]; + rng.fill_bytes(&mut seed); + b.iter(|| { + let mut kp = p::init_key_pair(); + p::generate_key_pair(seed, &mut kp); + }) + }, + ); + }; + } + init!(mlkem512, "Key Generation", c); init!(mlkem768, "Key Generation", c); init!(mlkem1024, "Key Generation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux avx2 unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::avx2::generate_key_pair_unpacked(seed); - }) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux neon unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::neon::generate_key_pair_unpacked(seed); - }) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux portable unpacked (external random)", |b| { - let mut seed = [0; 64]; - rng.fill_bytes(&mut seed); - b.iter(|| { - let _kp = mlkem768::portable::generate_key_pair_unpacked(seed); - }) - }); } pub fn pk_validation(c: &mut Criterion) { @@ -109,6 +96,12 @@ pub fn pk_validation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + // We don't do anything here. + }; + } + init!(mlkem512, "PK Validation", c); init!(mlkem768, "PK Validation", c); init!(mlkem1024, "PK Validation", c); @@ -135,70 +128,36 @@ pub fn encapsulation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function( + format!("libcrux unpacked {} (external random)", $name), + |b| { + use $p as p; + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let mut kp = p::init_key_pair(); + p::generate_key_pair(seed1, &mut kp); + kp + }, + |keypair| { + let (_shared_secret, _ciphertext) = + black_box(p::encapsulate(&keypair.public_key, seed2)); + }, + BatchSize::SmallInput, + ) + }, + ); + }; + } + init!(mlkem512, "Encapsulation", c); init!(mlkem768, "Encapsulation", c); init!(mlkem1024, "Encapsulation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked portable (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::portable::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux unpacked neon (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::neon::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked avx2 (external random)", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || mlkem768::avx2::generate_key_pair_unpacked(seed1), - |keypair| { - let (_shared_secret, _ciphertext) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); - }, - BatchSize::SmallInput, - ) - }); } pub fn decapsulation(c: &mut Criterion) { @@ -227,83 +186,34 @@ pub fn decapsulation(c: &mut Criterion) { }; } + macro_rules! fun_unpacked { + ($name:expr, $p:path, $group:expr) => { + $group.bench_function(format!("libcrux unpacked {}", $name), |b| { + use $p as p; + let mut seed1 = [0; 64]; + OsRng.fill_bytes(&mut seed1); + let mut seed2 = [0; 32]; + OsRng.fill_bytes(&mut seed2); + b.iter_batched( + || { + let mut keypair = p::init_key_pair(); + p::generate_key_pair(seed1, &mut keypair); + let (ciphertext, _shared_secret) = + p::encapsulate(&keypair.public_key, seed2); + (keypair, ciphertext) + }, + |(keypair, ciphertext)| { + let _shared_secret = black_box(p::decapsulate(&keypair, &ciphertext)); + }, + BatchSize::SmallInput, + ) + }); + }; + } + init!(mlkem512, "Decapsulation", c); init!(mlkem768, "Decapsulation", c); init!(mlkem1024, "Decapsulation", c); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked portable", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::portable::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::portable::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = - mlkem768::portable::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd128" - ))] - c.bench_function("libcrux unpacked neon", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::neon::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::neon::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = mlkem768::neon::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); - - #[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "simd256", - feature = "unpacked" - ))] - c.bench_function("libcrux unpacked avx2", |b| { - let mut seed1 = [0; 64]; - OsRng.fill_bytes(&mut seed1); - let mut seed2 = [0; 32]; - OsRng.fill_bytes(&mut seed2); - b.iter_batched( - || { - let keypair = mlkem768::avx2::generate_key_pair_unpacked(seed1); - let (ciphertext, _shared_secret) = - mlkem768::avx2::encapsulate_unpacked(&keypair.public_key, seed2); - (keypair, ciphertext) - }, - |(keypair, ciphertext)| { - let _shared_secret = mlkem768::avx2::decapsulate_unpacked(&keypair, &ciphertext); - }, - BatchSize::SmallInput, - ) - }); } pub fn comparisons(c: &mut Criterion) { diff --git a/libcrux-ml-kem/boring.sh b/libcrux-ml-kem/boring.sh index 54c092332..43a9d499a 100755 --- a/libcrux-ml-kem/boring.sh +++ b/libcrux-ml-kem/boring.sh @@ -22,7 +22,7 @@ fi ./c.sh --config cg.yaml --out cg --mlkem768 --kyber768 \ --no-glue --no-unrolling --no-karamel_include --no-karamel_include -clang-format --style=Google -i cg/*.h +clang-format-18 --style=Google -i cg/*.h if [[ -n "$BORINGSSL_HOME" ]]; then echo "Copying the files into $BORINGSSL_HOME/third_party/libcrux/" diff --git a/libcrux-ml-kem/c.sh b/libcrux-ml-kem/c.sh index d6fc41bf8..142ece36a 100755 --- a/libcrux-ml-kem/c.sh +++ b/libcrux-ml-kem/c.sh @@ -41,7 +41,6 @@ while [ $# -gt 0 ]; do --glue) glue="$2"; shift ;; --mlkem768) features="${features} --cargo-arg=--no-default-features --cargo-arg=--features=mlkem768" ;; --kyber768) features="${features} --cargo-arg=--features=kyber" ;; - --unpacked) features="${features} --cargo-arg=--features=unpacked" ;; --no-glue) eurydice_glue=0 ;; --no-karamel_include) karamel_include=0 ;; --no-unrolling) unrolling=0 ;; diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index dde362958..1941d5aa3 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d +Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -188,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -210,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fac523ae0..d63ff8521 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_core_H @@ -62,14 +62,14 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( uint8_t value[1568U]); /** @@ -85,82 +85,74 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( + uint8_t value[1184U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1568 + Create a new [`MlKemKeyPair`] from the secret and public key. */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); - /** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +This function found in impl +{libcrux_ml_kem::types::MlKemKeyPair} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** - Pad the `slice` with `0`s at the end. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- LEN= 1600 +- SIZE= 2400 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[1600U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -172,61 +164,61 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( + uint8_t value[1632U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + A reference to the raw byte slice. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 -with const generics -- SIZE= 1088 +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( - uint8_t value[1088U]); - /** - A reference to the raw byte slice. +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1184 */ +uint8_t *libcrux_ml_kem_types_as_slice_ba_121( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); + /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 1184 +- SIZE= 1088 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( + uint8_t value[1088U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,49 +229,71 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( - uint8_t value[800U]); +uint8_t *libcrux_ml_kem_types_as_slice_ba_120( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** - Create a new [`MlKemKeyPair`] from the secret and public key. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +A monomorphic instance of libcrux_ml_kem.types.from_fc +with const generics +- SIZE= 768 */ +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( + uint8_t value[768U]); + /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +This function found in impl {(core::convert::AsRef<@Slice> for +libcrux_ml_kem::types::MlKemCiphertext)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- SIZE= 768 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 1632 +- LEN= 800 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( - uint8_t value[1632U]); +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, + uint8_t ret[800U]); + +/** + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1568 +*/ +uint8_t *libcrux_ml_kem_types_as_slice_ba_12( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** A monomorphic instance of core.result.Result @@ -295,40 +309,38 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 768 +- LEN= 34 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( - uint8_t value[768U]); +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, + uint8_t ret[34U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( + uint8_t value[1568U]); /** Pad the `slice` with `0`s at the end. @@ -338,31 +350,20 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, - uint8_t ret[33U]); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 34 -*/ void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[34U]); + uint8_t ret[33U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( + libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** Pad the `slice` with `0`s at the end. @@ -370,10 +371,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[800U]); + uint8_t ret[1600U]); /** Pad the `slice` with `0`s at the end. @@ -400,14 +401,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -423,14 +425,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -446,14 +449,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -469,14 +473,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 7b2cba596..76a437be1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -65,7 +65,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -91,7 +91,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -112,7 +112,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb1( +void libcrux_ml_kem_ind_cca_decapsulate_971( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -174,9 +174,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); /** Packed API @@ -200,7 +200,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -221,7 +221,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -247,9 +247,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb0( +void libcrux_ml_kem_ind_cca_decapsulate_970( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -266,7 +266,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -283,7 +283,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -308,7 +308,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( uint8_t randomness[64U]); /** @@ -330,7 +330,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -356,7 +356,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb( +void libcrux_ml_kem_ind_cca_decapsulate_97( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 0353b2721..dddacb13a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -70,9 +70,9 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_be( +bool libcrux_ml_kem_ind_cca_validate_private_key_0f( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); /** Packed API @@ -96,7 +96,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -117,7 +117,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -143,9 +143,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_641( +void libcrux_ml_kem_ind_cca_decapsulate_6a1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Validate an ML-KEM public key. @@ -162,7 +162,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -179,7 +179,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_db( +bool libcrux_ml_kem_ind_cca_validate_private_key_3d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -205,7 +205,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -226,7 +226,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -252,7 +252,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_640( +void libcrux_ml_kem_ind_cca_decapsulate_6a0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -271,7 +271,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); /** Validate an ML-KEM private key. @@ -288,7 +288,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c7( +bool libcrux_ml_kem_ind_cca_validate_private_key_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -314,7 +314,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -335,7 +335,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -361,7 +361,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_64( +void libcrux_ml_kem_ind_cca_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f39f4c3b2..a816870cb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index a71b1d5fe..2728474cc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4713a24f9..d9873deab 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_core.h" @@ -84,14 +84,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -114,7 +114,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -123,14 +123,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_f61( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -142,88 +142,78 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_9d1( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_131( - uint8_t value[1568U]) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( + uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1568 + Create a new [`MlKemKeyPair`] from the secret and public key. */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a91( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { - return self->value; -} - /** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +This function found in impl +{libcrux_ml_kem::types::MlKemKeyPair} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** - Pad the `slice` with `0`s at the end. +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- LEN= 1600 +- SIZE= 2400 */ -void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( + uint8_t value[2400U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + return lit; } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8c0( - uint8_t value[1184U]) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( + uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -237,45 +227,60 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_f60( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_9d0( - uint8_t value[2400U]) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( + uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +with const generics +- SIZE= 1184 +*/ +uint8_t *libcrux_ml_kem_types_as_slice_ba_121( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { + return self->value; +} + /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -285,32 +290,16 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_130( return lit; } -/** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a90( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { - return self->value; -} - /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df0( +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -323,7 +312,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -335,71 +324,99 @@ void libcrux_ml_kem_utils_into_padded_array_423(Eurydice_slice slice, } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8c( - uint8_t value[800U]) { +uint8_t *libcrux_ml_kem_types_as_slice_ba_120( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { + return self->value; +} + +/** +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.types.from_fc +with const generics +- SIZE= 768 +*/ +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( + uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } /** - Create a new [`MlKemKeyPair`] from the secret and public key. +This function found in impl {(core::convert::AsRef<@Slice> for +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +with const generics +- SIZE= 768 +*/ +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); +} + +/** + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- LEN= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_f6( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} + A reference to the raw byte slice. +*/ +/** +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics -- SIZE= 1632 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_9d( - uint8_t value[1632U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); - return lit; +uint8_t *libcrux_ml_kem_types_as_slice_ba_12( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { + return self->value; } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -412,38 +429,41 @@ void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- SIZE= 768 +- LEN= 34 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_13( - uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); - return lit; +void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, + uint8_t ret[34U]) { + uint8_t out[34U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_a9( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { - return self->value; +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( + uint8_t value[1568U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_1f lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + return lit; } /** @@ -454,7 +474,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -465,37 +485,18 @@ void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 34 -*/ -void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, - uint8_t ret[34U]) { - uint8_t out[34U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); -} - /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); +Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( + libcrux_ml_kem_types_MlKemCiphertext_1f *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } /** @@ -504,17 +505,17 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_df( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t), slice, uint8_t); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -537,14 +538,15 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -557,14 +559,15 @@ void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -577,14 +580,15 @@ void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -597,14 +601,15 @@ void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -617,14 +622,15 @@ void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e0a6152f9..b6fc94baa 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_core_H @@ -77,21 +77,6 @@ typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_1f pk; } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { - uint8_t value[1568U]; -} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_21_s { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; -} tuple_21; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -115,21 +100,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_3c_s { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; -} tuple_3c; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -159,6 +129,21 @@ typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { libcrux_ml_kem_types_MlKemPublicKey_be pk; } libcrux_ml_kem_types_MlKemKeyPair_cb; +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { + uint8_t value[1088U]; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_3c_s { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; +} tuple_3c; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext with const generics @@ -178,6 +163,26 @@ typedef struct tuple_ec_s { uint8_t snd[32U]; } tuple_ec; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $1568size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_1f_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemCiphertext_1f; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_21_s { + libcrux_ml_kem_types_MlKemCiphertext_1f fst; + uint8_t snd[32U]; +} tuple_21; + /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError @@ -192,14 +197,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 15fe78611..b3a6aef7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_H @@ -70,6 +70,9 @@ extern "C" { (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ LIBCRUX_ML_KEM_MLKEM1024_CPA_PKE_CIPHERTEXT_SIZE_1024) +typedef libcrux_ml_kem_types_MlKemCiphertext_1f + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + typedef libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_mlkem1024_MlKem1024PrivateKey; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index ec89cbbb1..ead7903df 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_470( +static void decapsulate_800( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb0(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_970(private_key, ciphertext, ret); } /** @@ -54,9 +53,8 @@ static void decapsulate_470( */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_470(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + decapsulate_800(private_key, ciphertext, ret); } /** @@ -76,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_030( +static tuple_21 encapsulate_4d0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c0(uu____0, copy_of_randomness); } /** @@ -100,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_030(uu____0, copy_of_randomness); + return encapsulate_4d0(uu____0, copy_of_randomness); } /** @@ -117,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_990( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_740( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); } /** @@ -133,7 +131,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_990(copy_of_randomness); + return generate_keypair_740(copy_of_randomness); } /** @@ -147,10 +145,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_900( +static KRML_MUSTINLINE bool validate_private_key_2d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd0(private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_4d0(private_key, ciphertext); } @@ -161,8 +159,8 @@ static KRML_MUSTINLINE bool validate_private_key_900( */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_900(private_key, ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return validate_private_key_2d0(private_key, ciphertext); } /** @@ -176,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_670(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e0(public_key); +static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_050(public_key); } /** @@ -187,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_670(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_670(public_key->value); + return validate_public_key_060(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 07c10744f..0137867e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -30,7 +30,7 @@ extern "C" { */ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -56,7 +56,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); */ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 54ba411c7..44f7cd132 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ce1( +static void decapsulate_c41( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_641(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_6a1(private_key, ciphertext, ret); } /** @@ -54,9 +53,8 @@ static void decapsulate_ce1( */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_ce1(private_key, ciphertext, ret); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + decapsulate_c41(private_key, ciphertext, ret); } /** @@ -76,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_371( +static tuple_21 encapsulate_591( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b11(uu____0, copy_of_randomness); } /** @@ -100,7 +98,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_371(uu____0, copy_of_randomness); + return encapsulate_591(uu____0, copy_of_randomness); } /** @@ -118,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_631( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6b1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d41(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_541(copy_of_randomness); } /** @@ -134,7 +132,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_631(copy_of_randomness); + return generate_keypair_6b1(copy_of_randomness); } /** @@ -148,10 +146,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_f21( +static KRML_MUSTINLINE bool validate_private_key_7c1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_be(private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return libcrux_ml_kem_ind_cca_validate_private_key_0f(private_key, ciphertext); } @@ -162,8 +160,8 @@ static KRML_MUSTINLINE bool validate_private_key_f21( */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext) { - return validate_private_key_f21(private_key, ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { + return validate_private_key_7c1(private_key, ciphertext); } /** @@ -177,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_d61(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b1(public_key); +static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); } /** @@ -188,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d61(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_d61(public_key->value); + return validate_public_key_981(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2207e0f1e..f90019244 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem1024_portable_H @@ -30,7 +30,7 @@ extern "C" { */ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); /** Encapsulate ML-KEM 1024 @@ -56,7 +56,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); */ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext); /** Validate a public key. diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e955cc307..c5a45c75e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 217a6dcf3..dbd91535d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_47(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_97(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_47(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_47(private_key, ciphertext, ret); + decapsulate_80(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_03( +static tuple_ec encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_03(uu____0, copy_of_randomness); + return encapsulate_4d(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_99( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_74( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_74(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_90( +static KRML_MUSTINLINE bool validate_private_key_2d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4d(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_90( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_90(private_key, ciphertext); + return validate_private_key_2d(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_67(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e(public_key); +static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_05(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_67(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_67(public_key->value); + return validate_public_key_06(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 1a7f83ca6..52b13f940 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index b77e15702..1ccf583ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_ce0( +static void decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_640(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6a0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ce0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_ce0(private_key, ciphertext, ret); + decapsulate_c40(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_370( +static tuple_ec encapsulate_590( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b10(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_370(uu____0, copy_of_randomness); + return encapsulate_590(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_630( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6b0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_630(copy_of_randomness); + return generate_keypair_6b0(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_f20( +static KRML_MUSTINLINE bool validate_private_key_7c0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_db(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_f20( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_f20(private_key, ciphertext); + return validate_private_key_7c0(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_d60(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b0(public_key); +static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d60(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_d60(public_key->value); + return validate_public_key_980(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index e0e40f336..1d12a463f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index c18af1445..8c310f854 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 0f50bb03b..40d410fc0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_471( +static void decapsulate_801( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_971(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_471( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_471(private_key, ciphertext, ret); + decapsulate_801(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_031( +static tuple_3c encapsulate_4d1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ae1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9c1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_031(uu____0, copy_of_randomness); + return encapsulate_4d1(uu____0, copy_of_randomness); } /** @@ -115,12 +115,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_991( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_741( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_611(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_511(copy_of_randomness); } /** @@ -131,7 +131,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_991(copy_of_randomness); + return generate_keypair_741(copy_of_randomness); } /** @@ -145,10 +145,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_901( +static KRML_MUSTINLINE bool validate_private_key_2d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_4d1(private_key, ciphertext); } @@ -160,7 +160,7 @@ static KRML_MUSTINLINE bool validate_private_key_901( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_901(private_key, ciphertext); + return validate_private_key_2d1(private_key, ciphertext); } /** @@ -174,8 +174,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_671(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6e1(public_key); +static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_051(public_key); } /** @@ -185,5 +185,5 @@ static KRML_MUSTINLINE bool validate_public_key_671(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_671(public_key->value); + return validate_public_key_061(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index aeb4d0450..a2ee6c8d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 4c862d52c..67296e121 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ce( +static void decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_64(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6a(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_ce( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ce(private_key, ciphertext, ret); + decapsulate_c4(private_key, ciphertext, ret); } /** @@ -74,14 +74,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_37( +static tuple_3c encapsulate_59( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b1(uu____0, copy_of_randomness); } /** @@ -98,7 +98,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_37(uu____0, copy_of_randomness); + return encapsulate_59(uu____0, copy_of_randomness); } /** @@ -116,12 +116,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_63( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); } /** @@ -132,7 +132,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_63(copy_of_randomness); + return generate_keypair_6b(copy_of_randomness); } /** @@ -146,10 +146,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_f2( +static KRML_MUSTINLINE bool validate_private_key_7c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c7(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, ciphertext); } @@ -161,7 +161,7 @@ static KRML_MUSTINLINE bool validate_private_key_f2( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_f2(private_key, ciphertext); + return validate_private_key_7c(private_key, ciphertext); } /** @@ -175,8 +175,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_d6(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7b(public_key); +static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); } /** @@ -186,5 +186,5 @@ static KRML_MUSTINLINE bool validate_public_key_d6(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_d6(public_key->value); + return validate_public_key_98(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 15f45f131..8ba4db78e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e7386e0d0..21d70b037 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_mlkem_avx2.h" @@ -599,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +793,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +920,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1027,15 +1027,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1069,8 +1070,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_d0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1084,10 +1085,7 @@ deserialize_to_reduced_ring_element_d0(Eurydice_slice serialized) { } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -1096,12 +1094,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b64( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1113,9 +1108,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b64( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_8c4(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1126,7 +1143,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_9a(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_84(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1156,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_07(__m256i vector) { - return shift_right_9a(vector); +static __m256i shift_right_ea_fc(__m256i vector) { + return shift_right_84(vector); } /** @@ -1149,8 +1166,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_38(__m256i a) { - __m256i t = shift_right_ea_07(a); +static __m256i to_unsigned_representative_c0(__m256i a) { + __m256i t = shift_right_ea_fc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1162,13 +1179,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_c0(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1189,7 +1206,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_fd1( +static KRML_MUSTINLINE void serialize_secret_key_5f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1207,7 +1224,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1218,27 +1235,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd1( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_771( +static KRML_MUSTINLINE void serialize_public_key_mut_c21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_fd1(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + serialize_secret_key_5f1(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_021( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + serialize_public_key_mut_c21(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1257,15 +1291,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_b64( + deserialize_ring_elements_reduced_out_661( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_771( + serialize_public_key_021( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1302,7 +1336,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1317,6 +1351,80 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd1( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_a0; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { + IndCpaPrivateKeyUnpacked_a0 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[2U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} IndCpaPublicKeyUnpacked_a0; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[0U][2U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[1U][2U] = ZERO_d6_7d(); + lit.A[2U][0U] = ZERO_d6_7d(); + lit.A[2U][1U] = ZERO_d6_7d(); + lit.A[2U][2U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -1340,7 +1448,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_511( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1355,18 +1463,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_511( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_641( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics @@ -1494,7 +1590,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1617,7 +1713,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1651,17 +1747,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); +from_i16_array_d6_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1678,9 +1775,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_861( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1690,7 +1787,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_6c1( +static KRML_MUSTINLINE void sample_from_xof_671( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1705,7 +1802,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b3( + bool done = sample_from_uniform_distribution_next_743( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1717,7 +1814,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b4( + done = sample_from_uniform_distribution_next_744( copy_of_randomness, sampled_coefficients, out); } } @@ -1726,7 +1823,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_861(copy_of_out[i]);); + ret0[i] = closure_e41(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1738,12 +1835,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_291( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_641(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_341( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1758,7 +1852,7 @@ static KRML_MUSTINLINE void sample_matrix_A_291( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_6c1(copy_of_seeds, sampled); + sample_from_xof_671(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1776,22 +1870,8 @@ static KRML_MUSTINLINE void sample_matrix_A_291( } ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics @@ -1897,7 +1977,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_f2(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1931,7 +2011,7 @@ sample_from_binomial_distribution_2_f2(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_82( + return from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1942,7 +2022,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_75(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1975,7 +2055,7 @@ sample_from_binomial_distribution_3_75(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_82( + return from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1986,8 +2066,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_910(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_f2(randomness); +sample_from_binomial_distribution_af(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_ea(randomness); } /** @@ -1996,7 +2076,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_2f( +static KRML_MUSTINLINE void ntt_at_layer_7_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2021,7 +2101,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_a6(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_aa(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2032,8 +2112,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_0d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_a6(b, zeta_r); +ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_aa(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2046,7 +2126,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_a5( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2059,7 +2139,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_a5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_0d( + ntt_layer_int_vec_step_c2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2076,7 +2156,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_46( +static KRML_MUSTINLINE void ntt_at_layer_3_5f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2092,7 +2172,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_53( +static KRML_MUSTINLINE void ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2111,7 +2191,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_f7( +static KRML_MUSTINLINE void ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2130,15 +2210,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_f7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_f5( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2154,17 +2235,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_e1( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_2f(re); + ntt_at_layer_7_ab(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -2179,11 +2260,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2198,15 +2277,47 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( + re_as_ntt[i0] = sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_7f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ee1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2243,18 +2354,19 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_6e1( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_04(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2281,15 +2393,16 @@ ntt_multiply_89_04(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_981( +static KRML_MUSTINLINE void add_to_ring_element_d6_b81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2309,29 +2422,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_8a(__m256i v) { +static __m256i to_standard_domain_bd(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_c1( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_8a(self->coefficients[j]); + to_standard_domain_bd(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); @@ -2347,101 +2461,158 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a1( +static KRML_MUSTINLINE void compute_As_plus_e_a21( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_981(&result[i1], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b81(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_511( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_811( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_a0 *private_key, + IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_511(key_generation_seed, hashed); + cpa_keygen_seed_d8_e11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_291(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_341(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ee1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_6a1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_a21(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_2f1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); + generate_keypair_unpacked_811(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_771( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_021( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_fd1(secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2468,7 +2639,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f51( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2532,7 +2703,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2541,13 +2712,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_511(ind_cpa_keypair_randomness); + generate_keypair_2f1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_f51( + serialize_kem_secret_key_0a1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2556,13 +2727,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_611(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f60( - uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b0( + uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); } /** @@ -2575,7 +2746,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e11(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2584,10 +2755,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e11(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2596,12 +2764,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b63( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2613,12 +2778,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b63( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -2632,11 +2794,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_b0 +sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2652,7 +2814,7 @@ sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2660,7 +2822,7 @@ sample_ring_element_cbd_851(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2701,7 +2863,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_a5( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2725,7 +2887,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2745,7 +2907,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2763,11 +2925,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_d6(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_63(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = montgomery_multiply_fe_aa(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2778,7 +2940,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +2955,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_d6( + inv_ntt_layer_int_vec_step_reduce_63( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2810,31 +2972,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e1( +static KRML_MUSTINLINE void invert_ntt_montgomery_191( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_69( +static KRML_MUSTINLINE void add_error_reduce_d6_89( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,14 +3021,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_731( +static KRML_MUSTINLINE void compute_vector_u_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2885,11 +3048,11 @@ static KRML_MUSTINLINE void compute_vector_u_731( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_981(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b81(&result[i1], &product); } - invert_ntt_montgomery_3e1(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_191(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2902,7 +3065,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_0b(__m256i v) { +static __m256i decompress_1_f2(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -2916,8 +3079,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_4d(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2925,22 +3088,23 @@ deserialize_then_decompress_message_4d(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_0b(coefficient_compressed);); + re.coefficients[i0] = decompress_1_f2(coefficient_compressed);); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_c3( +add_message_error_reduce_d6_df( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2970,18 +3134,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_881( +compute_ring_element_v_9f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_981(&result, &product);); - invert_ntt_montgomery_3e1(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b81(&result, &product);); + invert_ntt_montgomery_191(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -2992,7 +3156,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de(__m256i vector) { +compress_ciphertext_coefficient_43(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3039,8 +3203,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_39(__m256i vector) { - return compress_ciphertext_coefficient_de(vector); +static __m256i compress_ea_ab(__m256i vector) { + return compress_ciphertext_coefficient_43(vector); } /** @@ -3049,14 +3213,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3e( +static KRML_MUSTINLINE void compress_then_serialize_10_190( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_39(to_unsigned_representative_38(re->coefficients[i0])); + compress_ea_ab(to_unsigned_representative_c0(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3074,7 +3238,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de0(__m256i vector) { +compress_ciphertext_coefficient_430(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3121,8 +3285,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_390(__m256i vector) { - return compress_ciphertext_coefficient_de0(vector); +static __m256i compress_ea_ab0(__m256i vector) { + return compress_ciphertext_coefficient_430(vector); } /** @@ -3132,10 +3296,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_880( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3e(re, uu____0); + compress_then_serialize_10_190(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3151,7 +3315,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4b1( +static void compress_then_serialize_u_0b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3167,7 +3331,7 @@ static void compress_then_serialize_u_4b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_5b(&re, ret); + compress_then_serialize_ring_element_u_880(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3180,7 +3344,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de1(__m256i vector) { +compress_ciphertext_coefficient_431(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3227,8 +3391,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_391(__m256i vector) { - return compress_ciphertext_coefficient_de1(vector); +static __m256i compress_ea_ab1(__m256i vector) { + return compress_ciphertext_coefficient_431(vector); } /** @@ -3237,14 +3401,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_93( +static KRML_MUSTINLINE void compress_then_serialize_4_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_391(to_unsigned_representative_38(re.coefficients[i0])); + compress_ea_ab1(to_unsigned_representative_c0(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3425,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_de2(__m256i vector) { +compress_ciphertext_coefficient_432(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3472,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_392(__m256i vector) { - return compress_ciphertext_coefficient_de2(vector); +static __m256i compress_ea_ab2(__m256i vector) { + return compress_ciphertext_coefficient_432(vector); } /** @@ -3318,14 +3482,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8c( +static KRML_MUSTINLINE void compress_then_serialize_5_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_392(to_unsigned_representative_38(re.coefficients[i0])); + compress_ea_ab2(to_unsigned_representative_c0(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3342,13 +3506,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e4( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_93(re, out); + compress_then_serialize_4_f5(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3364,24 +3569,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_b63( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_291(ret0, false, A); +static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_6e1(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3390,8 +3587,8 @@ static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_851(copy_of_prf_input, domain_separator0); + tuple_b0 uu____3 = + sample_ring_element_cbd_c61(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3402,33 +3599,72 @@ static void encrypt_041(Eurydice_slice public_key, uint8_t message[32U], PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_731(A, r_as_ntt, error_1, u); + compute_vector_u_ba1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_881(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b1( + compress_then_serialize_u_0b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e4( + compress_then_serialize_ring_element_v_f30( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_a41(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); + deserialize_ring_elements_reduced_8c1( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_341(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_be1(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -3440,7 +3676,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_d21(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e91(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3467,11 +3703,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e11( + entropy_preprocess_d8_961( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3481,7 +3717,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( size_t); uint8_t ret[32U]; H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3495,19 +3731,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ae1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_041(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d21(shared_secret, shared_secret_array); + kdf_d8_e91(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3526,8 +3762,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_4f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_to_uncompressed_ring_element_71(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3547,12 +3783,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_f11( +static KRML_MUSTINLINE void deserialize_secret_key_c51( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3564,7 +3800,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f11( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -3572,16 +3808,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f11( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const @@ -3589,7 +3815,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_45(__m256i vector) { +decompress_ciphertext_coefficient_87(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3633,8 +3859,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_5b(__m256i vector) { - return decompress_ciphertext_coefficient_45(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e(__m256i vector) { + return decompress_ciphertext_coefficient_87(vector); } /** @@ -3644,15 +3870,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_58(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_10_5f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e(coefficient); } return re; } @@ -3664,7 +3890,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_450(__m256i vector) { +decompress_ciphertext_coefficient_870(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3708,8 +3934,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_5b0(__m256i vector) { - return decompress_ciphertext_coefficient_450(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e0(__m256i vector) { + return decompress_ciphertext_coefficient_870(vector); } /** @@ -3719,15 +3945,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_99(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_11_9a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e0(coefficient); } return re; } @@ -3739,8 +3965,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_69(Eurydice_slice serialized) { - return deserialize_then_decompress_10_58(serialized); +deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { + return deserialize_then_decompress_10_5f(serialized); } /** @@ -3749,17 +3975,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_26( +static KRML_MUSTINLINE void ntt_vector_u_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -3774,12 +4000,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_831( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3797,8 +4023,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_831( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); - ntt_vector_u_26(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); + ntt_vector_u_9b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3812,7 +4038,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_451(__m256i vector) { +decompress_ciphertext_coefficient_871(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3856,8 +4082,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_5b1(__m256i vector) { - return decompress_ciphertext_coefficient_451(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e1(__m256i vector) { + return decompress_ciphertext_coefficient_871(vector); } /** @@ -3867,15 +4093,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_37(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_4_8d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5b1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e1(coefficient); } return re; } @@ -3887,7 +4113,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_452(__m256i vector) { +decompress_ciphertext_coefficient_872(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3931,8 +4157,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_5b2(__m256i vector) { - return decompress_ciphertext_coefficient_452(vector); +static __m256i decompress_ciphertext_coefficient_ea_2e2(__m256i vector) { + return decompress_ciphertext_coefficient_872(vector); } /** @@ -3942,8 +4168,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_a1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_7d(); +deserialize_then_decompress_5_c1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3951,7 +4177,7 @@ deserialize_then_decompress_5_a1(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_5b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_2e2(re.coefficients[i0]); } return re; } @@ -3963,22 +4189,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) { - return deserialize_then_decompress_4_37(serialized); +deserialize_then_decompress_ring_element_v_590(Eurydice_slice serialized) { + return deserialize_then_decompress_4_8d(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_ed(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4006,17 +4233,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d1( +compute_message_6a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_981(&result, &product);); - invert_ntt_montgomery_3e1(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b81(&result, &product);); + invert_ntt_montgomery_191(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -4026,12 +4253,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_70( +static KRML_MUSTINLINE void compress_then_serialize_message_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_c0(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4078,18 +4305,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c31(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_671(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_831(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_86( + deserialize_then_decompress_ring_element_v_590( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4103,10 +4330,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fd1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_f11(secret_key, secret_as_ntt); + deserialize_secret_key_c51(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4117,7 +4344,7 @@ static void decrypt_fd1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c31(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_671(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4169,7 +4396,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb1( +void libcrux_ml_kem_ind_cca_decapsulate_971( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4187,7 +4414,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4205,11 +4432,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4219,17 +4446,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_041(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d21(Eurydice_array_to_slice( + kdf_d8_e91(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d21(shared_secret0, shared_secret); + kdf_d8_e91(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4239,10 +4466,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb1( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -4251,12 +4475,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b62( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4268,9 +4489,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b62( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_8c3(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4286,7 +4529,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_fd0( +static KRML_MUSTINLINE void serialize_secret_key_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4304,7 +4547,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4315,27 +4558,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd0( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_770( +static KRML_MUSTINLINE void serialize_public_key_mut_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_fd0(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1536U, uint8_t); + uint8_t ret[1536U]; + serialize_secret_key_5f(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1568U, serialized, (size_t)1536U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_02( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4354,15 +4614,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_b62( + deserialize_ring_elements_reduced_out_660( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_770( + serialize_public_key_02( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4380,7 +4640,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4399,14 +4659,14 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_a9_160(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), - t); + H_a9_16(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); @@ -4414,6 +4674,88 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd0( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_01; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { + IndCpaPrivateKeyUnpacked_01 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[2U] = ZERO_d6_7d(); + lit.secret_as_ntt[3U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} IndCpaPublicKeyUnpacked_01; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_01 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[0U][2U] = ZERO_d6_7d(); + lit.A[0U][3U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[1U][2U] = ZERO_d6_7d(); + lit.A[1U][3U] = ZERO_d6_7d(); + lit.A[2U][0U] = ZERO_d6_7d(); + lit.A[2U][1U] = ZERO_d6_7d(); + lit.A[2U][2U] = ZERO_d6_7d(); + lit.A[2U][3U] = ZERO_d6_7d(); + lit.A[3U][0U] = ZERO_d6_7d(); + lit.A[3U][1U] = ZERO_d6_7d(); + lit.A[3U][2U] = ZERO_d6_7d(); + lit.A[3U][3U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -4423,7 +4765,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4437,7 +4779,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_510( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4448,29 +4790,17 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_510( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_640( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a0(uint8_t input[4U][34U]) { +shake128_init_absorb_2a(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4491,11 +4821,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c0(uint8_t input[4U][34U]) { +shake128_init_absorb_a9_1c(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a0(copy_of_input); + return shake128_init_absorb_2a(copy_of_input); } /** @@ -4504,7 +4834,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4541,9 +4871,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_0c0(self, ret); + shake128_squeeze_three_blocks_0c(self, ret); } /** @@ -4594,7 +4924,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4631,7 +4961,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a0( +static KRML_MUSTINLINE void shake128_squeeze_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4667,9 +4997,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_4a0(self, ret); + shake128_squeeze_block_4a(self, ret); } /** @@ -4720,7 +5050,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4758,9 +5088,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_860( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4770,7 +5100,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_6c0( +static KRML_MUSTINLINE void sample_from_xof_67( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4779,25 +5109,25 @@ static KRML_MUSTINLINE void sample_from_xof_6c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c0(copy_of_seeds); + shake128_init_absorb_a9_1c(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b1( + bool done = sample_from_uniform_distribution_next_74( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_1d0(&xof_state, randomness); + shake128_squeeze_block_a9_1d(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b2( + done = sample_from_uniform_distribution_next_740( copy_of_randomness, sampled_coefficients, out); } } @@ -4806,7 +5136,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_860(copy_of_out[i]);); + ret0[i] = closure_e4(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4818,12 +5148,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_290( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_640(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_34( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4838,7 +5165,7 @@ static KRML_MUSTINLINE void sample_matrix_A_290( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_6c0(copy_of_seeds, sampled); + sample_from_xof_67(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4856,30 +5183,16 @@ static KRML_MUSTINLINE void sample_matrix_A_290( } ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { +static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; uint8_t out1[128U] = {0U}; @@ -4919,9 +5232,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_081(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_08(input, ret); } /** @@ -4936,11 +5249,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4952,12 +5263,44 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( + re_as_ntt[i0] = sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ee(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -4977,15 +5320,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_6e0( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_980( +static KRML_MUSTINLINE void add_to_ring_element_d6_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5008,101 +5352,158 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a0( +static KRML_MUSTINLINE void compute_As_plus_e_a2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_980(&result[i1], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_510( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_81( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_01 *private_key, + IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_510(key_generation_seed, hashed); + cpa_keygen_seed_d8_e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_290(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ee(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_6a0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_a2(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); + generate_keypair_unpacked_81(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_770( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_02( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_fd0(secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5129,7 +5530,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f50( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5155,7 +5556,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f50( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_160(public_key, ret0); + H_a9_16(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5193,7 +5594,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5202,13 +5603,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_510(ind_cpa_keypair_randomness); + generate_keypair_2f0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f50( + serialize_kem_secret_key_0a0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5217,13 +5618,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f61( - uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b1( + uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); } /** @@ -5236,7 +5637,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e10(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5245,10 +5646,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e10(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5257,12 +5655,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b61( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5274,12 +5669,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b61( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -5294,10 +5686,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_850(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5309,11 +5701,11 @@ sample_ring_element_cbd_850(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5339,7 +5731,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); } @@ -5350,18 +5742,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e0( +static KRML_MUSTINLINE void invert_ntt_montgomery_19( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** @@ -5373,14 +5765,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_730( +static KRML_MUSTINLINE void compute_vector_u_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5400,11 +5792,11 @@ static KRML_MUSTINLINE void compute_vector_u_730( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_980(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b8(&result[i1], &product); } - invert_ntt_montgomery_3e0(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_19(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -5421,18 +5813,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_880( +compute_ring_element_v_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_980(&result, &product);); - invert_ntt_montgomery_3e0(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b8(&result, &product);); + invert_ntt_montgomery_19(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -5442,14 +5834,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_c70( +static KRML_MUSTINLINE void compress_then_serialize_11_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_390(to_unsigned_representative_38(re->coefficients[i0])); + compress_ea_ab0(to_unsigned_representative_c0(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5467,10 +5859,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_5b0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_c70(re, uu____0); + compress_then_serialize_11_88(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5486,7 +5878,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_4b0( +static void compress_then_serialize_u_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5502,7 +5894,7 @@ static void compress_then_serialize_u_4b0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_5b0(&re, ret); + compress_then_serialize_ring_element_u_88(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5515,13 +5907,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_e40( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8c(re, out); + compress_then_serialize_5_a4(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -5537,24 +5970,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_b61( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_290(ret0, false, A); +static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_6e0(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5564,7 +5988,7 @@ static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_850(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c6(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5572,36 +5996,75 @@ static void encrypt_040(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_730(A, r_as_ntt, error_1, u); + compute_vector_u_ba(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_880(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_9f(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b0( + compress_then_serialize_u_0b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e40( + compress_then_serialize_ring_element_v_f3( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_a40(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); + deserialize_ring_elements_reduced_8c( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_34(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_be(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -5613,7 +6076,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_d20(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e90(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5640,11 +6103,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e10( + entropy_preprocess_d8_960( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5653,14 +6116,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_160(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), - uint8_t), - ret); + H_a9_16(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5668,20 +6131,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ae0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_040(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d20(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + kdf_d8_e90(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5701,12 +6164,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_f10( +static KRML_MUSTINLINE void deserialize_secret_key_c50( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5718,7 +6181,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f10( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5726,16 +6189,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f10( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_01; - /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types @@ -5743,8 +6196,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_690(Eurydice_slice serialized) { - return deserialize_then_decompress_11_99(serialized); +deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { + return deserialize_then_decompress_11_9a(serialized); } /** @@ -5753,17 +6206,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_260( +static KRML_MUSTINLINE void ntt_vector_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_46(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_f7(&zeta_i, re); - poly_barrett_reduce_89_f5(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_5f(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_60(&zeta_i, re); + poly_barrett_reduce_d6_2b(re); } /** @@ -5778,12 +6231,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_830( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5801,8 +6254,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_830( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_690(u_bytes); - ntt_vector_u_260(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f9(u_bytes); + ntt_vector_u_9b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5816,8 +6269,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a1(serialized); +deserialize_then_decompress_ring_element_v_59(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c1(serialized); } /** @@ -5833,17 +6286,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d0( +compute_message_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_980(&result, &product);); - invert_ntt_montgomery_3e0(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b8(&result, &product);); + invert_ntt_montgomery_19(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -5881,18 +6334,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c30(IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_67(IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_830(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_860( + deserialize_then_decompress_ring_element_v_59( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5906,10 +6359,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_fd0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_f10(secret_key, secret_as_ntt); + deserialize_secret_key_c50(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5920,7 +6373,7 @@ static void decrypt_fd0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c30(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_67(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5934,7 +6387,7 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); } @@ -5960,10 +6413,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb0( +void libcrux_ml_kem_ind_cca_decapsulate_970( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5979,7 +6431,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5989,7 +6441,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5997,31 +6449,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_421(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_040(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d20(Eurydice_array_to_slice( + kdf_d8_e90(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d20(shared_secret0, shared_secret); + kdf_d8_e90(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6031,10 +6483,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb0( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6043,12 +6492,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b60( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6060,9 +6506,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_7d();); + deserialize_ring_elements_reduced_8c2(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6078,7 +6546,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_fd( +static KRML_MUSTINLINE void serialize_secret_key_5f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6096,7 +6564,7 @@ static KRML_MUSTINLINE void serialize_secret_key_fd( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_16(&re, ret0); + serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6107,27 +6575,44 @@ static KRML_MUSTINLINE void serialize_secret_key_fd( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_77( +static KRML_MUSTINLINE void serialize_public_key_mut_c20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_fd(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)768U, uint8_t); + uint8_t ret[768U]; + serialize_secret_key_5f0(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)800U, serialized, (size_t)768U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_020( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + serialize_public_key_mut_c20(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6146,15 +6631,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6e(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_b60( + deserialize_ring_elements_reduced_out_66( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_77( + serialize_public_key_020( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6172,7 +6657,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6191,14 +6676,14 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +bool libcrux_ml_kem_ind_cca_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_a9_16(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)2U, - (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), - t); + H_a9_160(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)2U, + (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)2U + (size_t)32U, (size_t)768U * (size_t)2U + (size_t)64U, uint8_t); @@ -6206,6 +6691,74 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_fd( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_d6; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { + IndCpaPrivateKeyUnpacked_d6 lit; + lit.secret_as_ntt[0U] = ZERO_d6_7d(); + lit.secret_as_ntt[1U] = ZERO_d6_7d(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} IndCpaPublicKeyUnpacked_d6; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + uu____0[i] = ZERO_d6_7d();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_d6 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_7d(); + lit.A[0U][1U] = ZERO_d6_7d(); + lit.A[1U][0U] = ZERO_d6_7d(); + lit.A[1U][1U] = ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} @@ -6215,7 +6768,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6229,7 +6782,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_51( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6240,29 +6793,17 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_51( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_64( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_7d();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_2a(uint8_t input[2U][34U]) { +shake128_init_absorb_2a0(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6283,11 +6824,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_1c(uint8_t input[2U][34U]) { +shake128_init_absorb_a9_1c0(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a(copy_of_input); + return shake128_init_absorb_2a0(copy_of_input); } /** @@ -6296,7 +6837,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6327,9 +6868,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_0c(self, ret); + shake128_squeeze_three_blocks_0c0(self, ret); } /** @@ -6380,7 +6921,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6417,7 +6958,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_4a( +static KRML_MUSTINLINE void shake128_squeeze_block_4a0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6447,9 +6988,9 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_4a(self, ret); + shake128_squeeze_block_4a0(self, ret); } /** @@ -6500,7 +7041,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6b0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6538,9 +7079,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_86( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_89_82( + return from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6550,7 +7091,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_6c( +static KRML_MUSTINLINE void sample_from_xof_670( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6559,25 +7100,25 @@ static KRML_MUSTINLINE void sample_from_xof_6c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_1c(copy_of_seeds); + shake128_init_absorb_a9_1c0(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6b( + bool done = sample_from_uniform_distribution_next_741( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_1d(&xof_state, randomness); + shake128_squeeze_block_a9_1d0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6b0( + done = sample_from_uniform_distribution_next_742( copy_of_randomness, sampled_coefficients, out); } } @@ -6586,7 +7127,7 @@ static KRML_MUSTINLINE void sample_from_xof_6c( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_86(copy_of_out[i]);); + ret0[i] = closure_e40(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6598,12 +7139,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_29( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_64(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_340( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6618,7 +7156,7 @@ static KRML_MUSTINLINE void sample_matrix_A_29( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_6c(copy_of_seeds, sampled); + sample_from_xof_670(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6636,30 +7174,16 @@ static KRML_MUSTINLINE void sample_matrix_A_29( } ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { +static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; uint8_t out1[192U] = {0U}; @@ -6693,9 +7217,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_08(input, ret); +static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_080(input, ret); } /** @@ -6705,8 +7229,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_91(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_75(randomness); +sample_from_binomial_distribution_af0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_3c(randomness); } /** @@ -6721,11 +7245,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6737,12 +7259,44 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( + re_as_ntt[i0] = sample_from_binomial_distribution_af0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_ee0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6762,15 +7316,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_6e( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_98( +static KRML_MUSTINLINE void add_to_ring_element_d6_b80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6793,101 +7348,158 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_6a( +static KRML_MUSTINLINE void compute_As_plus_e_a20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_7d();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_98(&result[i1], &product); + ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_b80(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_c1(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics - K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_51( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_810( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_d6 *private_key, + IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_51(key_generation_seed, hashed); + cpa_keygen_seed_d8_e10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_29(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_340(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_ee0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_6e(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input, domain_separator) + .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_6a(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_a20(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); + generate_keypair_unpacked_810(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_77( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_020( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_fd(secret_as_ntt, secret_key_serialized); + serialize_secret_key_5f0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6914,7 +7526,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f5( +static KRML_MUSTINLINE void serialize_kem_secret_key_0a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6940,7 +7552,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f5( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_16(public_key, ret0); + H_a9_160(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6977,7 +7589,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6987,13 +7599,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_51(ind_cpa_keypair_randomness); + generate_keypair_2f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f5( + serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7002,13 +7614,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_61( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -7021,7 +7633,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_e1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7030,10 +7642,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_e1(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -7042,12 +7651,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b6( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_7d();); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7059,12 +7665,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_b6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_d0(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } /** @@ -7073,7 +7676,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7108,9 +7711,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_080(input, ret); + PRFxN_081(input, ret); } /** @@ -7125,10 +7728,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_85(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_7d();); + error_1[i] = ZERO_d6_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7140,11 +7743,11 @@ sample_ring_element_cbd_85(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_160(prf_inputs, prf_outputs); + PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7170,7 +7773,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); } @@ -7181,18 +7784,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_3e( +static KRML_MUSTINLINE void invert_ntt_montgomery_190( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a5(&zeta_i, re); - invert_ntt_at_layer_2_0a(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_f5(re); + invert_ntt_at_layer_1_2b(&zeta_i, re); + invert_ntt_at_layer_2_6a(&zeta_i, re); + invert_ntt_at_layer_3_ad(&zeta_i, re); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_2b(re); } /** @@ -7204,14 +7807,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_73( +static KRML_MUSTINLINE void compute_vector_u_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_7d();); + result[i] = ZERO_d6_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7231,11 +7834,11 @@ static KRML_MUSTINLINE void compute_vector_u_73( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(a_element, &r_as_ntt[j]); - add_to_ring_element_89_98(&result[i1], &product); + ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_b80(&result[i1], &product); } - invert_ntt_montgomery_3e(&result[i1]); - add_error_reduce_89_69(&result[i1], &error_1[i1]); + invert_ntt_montgomery_190(&result[i1]); + add_error_reduce_d6_89(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7252,18 +7855,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_88( +compute_ring_element_v_9f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_98(&result, &product);); - invert_ntt_montgomery_3e(&result); - result = add_message_error_reduce_89_c3(error_2, message, result); + ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_b80(&result, &product);); + invert_ntt_montgomery_190(&result); + result = add_message_error_reduce_d6_df(error_2, message, result); return result; } @@ -7279,7 +7882,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4b( +static void compress_then_serialize_u_0b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7295,14 +7898,55 @@ static void compress_then_serialize_u_4b( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_5b(&re, ret); + compress_then_serialize_ring_element_u_880(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -7318,24 +7962,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_b6( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_29(ret0, false, A); +static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_6e(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7345,7 +7980,7 @@ static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_85(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_c60(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7353,36 +7988,75 @@ static void encrypt_04(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_910( + sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_73(A, r_as_ntt, error_1, u); + compute_vector_u_ba0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4d(copy_of_message); + deserialize_then_decompress_message_ef(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_88(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_9f0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4b( + compress_then_serialize_u_0b0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_e4( + compress_then_serialize_ring_element_v_f30( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); + deserialize_ring_elements_reduced_8c0( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[2U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_340(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_be0(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -7394,7 +8068,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_d2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_e9(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7421,11 +8095,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_e1( + entropy_preprocess_d8_96( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7434,14 +8108,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_16(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), - uint8_t), - ret); + H_a9_160(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7449,19 +8123,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ae( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_04(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d2(shared_secret, shared_secret_array); + kdf_d8_e9(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7482,12 +8156,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_f1( +static KRML_MUSTINLINE void deserialize_secret_key_c5( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_7d();); + secret_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7499,7 +8173,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_4f(secret_bytes); + deserialize_to_uncompressed_ring_element_71(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7507,16 +8181,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_f1( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_d6; - /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -7529,12 +8193,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_83( +static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_7d();); + u_as_ntt[i] = ZERO_d6_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7552,8 +8216,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_83( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_69(u_bytes); - ntt_vector_u_26(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); + ntt_vector_u_9b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7573,17 +8237,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d( +compute_message_6a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_04(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_98(&result, &product);); - invert_ntt_montgomery_3e(&result); - result = subtract_reduce_89_ed(v, result); + ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_b80(&result, &product);); + invert_ntt_montgomery_190(&result); + result = subtract_reduce_d6_4a(v, result); return result; } @@ -7621,18 +8285,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c3(IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_670(IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_83(ciphertext, u_as_ntt); + deserialize_then_decompress_u_9d0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_86( + deserialize_then_decompress_ring_element_v_590( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_6a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_70(message, ret0); + compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7646,10 +8310,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fd(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_f1(secret_key, secret_as_ntt); + deserialize_secret_key_c5(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7660,7 +8324,7 @@ static void decrypt_fd(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c3(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_670(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7674,7 +8338,7 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); } @@ -7700,7 +8364,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_bb( +void libcrux_ml_kem_ind_cca_decapsulate_97( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7718,7 +8382,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fd(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_3d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7728,7 +8392,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7736,30 +8400,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_42(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_04(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_e9(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d2(shared_secret0, shared_secret); + kdf_d8_e9(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ff2b51df5..a8c841e7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 3cb9f2f65..479c57de3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -973,17 +973,17 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { + if (uu____0.tag == core_option_None) { + return v; + } else { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; } - continue; } - return v; } } @@ -2233,15 +2233,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2275,8 +2276,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2292,10 +2293,7 @@ deserialize_to_reduced_ring_element_3f(Eurydice_slice serialized) { } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2304,12 +2302,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,9 +2316,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_1b4(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2335,7 +2352,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_7d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2371,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_1e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_0f(v); +shift_right_0d_46(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_7d(v); } /** @@ -2365,10 +2382,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_5d( +to_unsigned_representative_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_1e(a); + shift_right_0d_46(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,14 +2398,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_47( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_5d(re->coefficients[i0]); + to_unsigned_representative_08(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2409,7 +2426,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_6c1( +static KRML_MUSTINLINE void serialize_secret_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2427,7 +2444,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6c1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2438,27 +2455,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c1( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_5d1( +static KRML_MUSTINLINE void serialize_public_key_mut_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_6c1(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1536U, uint8_t); + uint8_t ret[1536U]; + serialize_secret_key_8c(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1568U, serialized, (size_t)1536U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_eb( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2477,15 +2511,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_7e4( + deserialize_ring_elements_reduced_out_6b1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_5d1( + serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2503,7 +2537,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2522,14 +2556,14 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_be( +bool libcrux_ml_kem_ind_cca_validate_private_key_0f( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *_ciphertext) { + libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_f1_c61(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)4U, - (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), - t); + H_f1_c6(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)4U, + (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)4U + (size_t)32U, (size_t)768U * (size_t)4U + (size_t)64U, uint8_t); @@ -2537,6 +2571,88 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_be( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $4size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_42_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; +} IndCpaPrivateKeyUnpacked_42; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +*/ +static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { + IndCpaPrivateKeyUnpacked_42 lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[2U] = ZERO_d6_19(); + lit.secret_as_ntt[3U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $4size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_42_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; +} IndCpaPublicKeyUnpacked_42; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 4 +*/ +static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_42 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[0U][2U] = ZERO_d6_19(); + lit.A[0U][3U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + lit.A[1U][2U] = ZERO_d6_19(); + lit.A[1U][3U] = ZERO_d6_19(); + lit.A[2U][0U] = ZERO_d6_19(); + lit.A[2U][1U] = ZERO_d6_19(); + lit.A[2U][2U] = ZERO_d6_19(); + lit.A[2U][3U] = ZERO_d6_19(); + lit.A[3U][0U] = ZERO_d6_19(); + lit.A[3U][1U] = ZERO_d6_19(); + lit.A[3U][2U] = ZERO_d6_19(); + lit.A[3U][3U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -2546,7 +2662,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2560,7 +2676,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2571,23 +2687,10 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -*/ -static void closure_8e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -2603,7 +2706,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_371(uint8_t input[4U][34U]) { +shake128_init_absorb_37(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2634,11 +2737,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_171(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_17(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_371(copy_of_input); + return shake128_init_absorb_37(copy_of_input); } /** @@ -2647,7 +2750,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2668,9 +2771,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_721(self, ret); + shake128_squeeze_three_blocks_72(self, ret); } /** @@ -2721,7 +2824,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2759,8 +2862,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_d1 *st, - uint8_t ret[4U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_d1 *st, + uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2780,9 +2883,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_e61(self, ret); + shake128_squeeze_block_e6(self, ret); } /** @@ -2833,7 +2936,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2867,17 +2970,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_4e(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); +from_i16_array_d6_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2897,9 +3001,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_971( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2910,7 +3014,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2f1( +static KRML_MUSTINLINE void sample_from_xof_49( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2918,25 +3022,25 @@ static KRML_MUSTINLINE void sample_from_xof_2f1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b3( + bool done = sample_from_uniform_distribution_next_fb( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_481(&xof_state, randomness); + shake128_squeeze_block_f1_48(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b4( + done = sample_from_uniform_distribution_next_fb0( copy_of_randomness, sampled_coefficients, out); } } @@ -2945,7 +3049,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f1( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_971(copy_of_out[i]);); + ret0[i] = closure_ba(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2958,12 +3062,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_3c1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_8e1(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2978,7 +3079,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c1( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2f1(copy_of_seeds, sampled); + sample_from_xof_49(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2996,30 +3097,16 @@ static KRML_MUSTINLINE void sample_matrix_A_3c1( } ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t - -*/ -typedef struct tuple_710_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U]; - uint8_t snd; -} tuple_710; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { +static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3039,9 +3126,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_d52(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_d5(input, ret); } /** @@ -3100,7 +3187,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_f0(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3134,7 +3221,7 @@ sample_from_binomial_distribution_2_f0(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_4e( + return from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3145,7 +3232,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_77(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3178,7 +3265,7 @@ sample_from_binomial_distribution_3_77(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_4e( + return from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,8 +3276,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_63(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_f0(randomness); +sample_from_binomial_distribution_dd(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_d1(randomness); } /** @@ -3199,7 +3286,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_ca( +static KRML_MUSTINLINE void ntt_at_layer_7_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3227,7 +3314,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_b1( +montgomery_multiply_fe_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3241,12 +3328,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_96( + ntt_layer_int_vec_step_02( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_b1(b, zeta_r); + montgomery_multiply_fe_2c(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3260,7 +3347,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_05( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3273,7 +3360,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_05( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_96( + ntt_layer_int_vec_step_02( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3290,7 +3377,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_38( +static KRML_MUSTINLINE void ntt_at_layer_3_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3308,7 +3395,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6d( +static KRML_MUSTINLINE void ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3328,7 +3415,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_0b( +static KRML_MUSTINLINE void ntt_at_layer_1_bd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3348,15 +3435,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_0b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_62( +static KRML_MUSTINLINE void poly_barrett_reduce_d6_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3374,17 +3462,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c4( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_ca(re); + ntt_at_layer_7_98(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -3400,11 +3488,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3416,12 +3502,45 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_63( + re_as_ntt[i0] = sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[4size_t], uint8_t + +*/ +typedef struct tuple_710_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[4U]; + uint8_t snd; +} tuple_710; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_83(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3464,18 +3583,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ce1( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_58(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3504,15 +3624,16 @@ ntt_multiply_89_58(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_881( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3537,7 +3658,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_97( +to_standard_domain_bd0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3545,22 +3666,23 @@ to_standard_domain_97( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_82( +static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_97(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_bd0(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3578,101 +3700,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_c81( +static KRML_MUSTINLINE void compute_As_plus_e_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_881(&result[i1], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_021( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_74( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_42 *private_key, + IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e0(key_generation_seed, hashed); + cpa_keygen_seed_d8_b7(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c1(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_83(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_86(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_c81(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_00(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_521( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); + generate_keypair_unpacked_74(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_5d1( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_eb( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_6c1(secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3699,7 +3878,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b2( +static KRML_MUSTINLINE void serialize_kem_secret_key_82( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3725,7 +3904,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b2( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c61(public_key, ret0); + H_f1_c6(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3763,7 +3942,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3772,13 +3951,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_021(ind_cpa_keypair_randomness); + generate_keypair_521(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_b2( + serialize_kem_secret_key_82( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3787,13 +3966,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d41(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_9d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f61( - uu____2, libcrux_ml_kem_types_from_b6_8c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b1( + uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); } /** @@ -3806,7 +3985,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_1b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3815,10 +3994,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_1b(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -3827,12 +4003,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3844,12 +4017,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -3865,10 +4035,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_3a1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3880,11 +4050,11 @@ sample_ring_element_cbd_3a1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3922,7 +4092,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); } @@ -3933,7 +4103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_ca( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3957,7 +4127,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_06( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3977,7 +4147,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_0d( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_a9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3997,7 +4167,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4005,7 +4175,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_b1(a_minus_b, zeta_r); + b = montgomery_multiply_fe_2c(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4017,7 +4187,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_07( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4032,7 +4202,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_07( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4049,31 +4219,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_471( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_20( +static KRML_MUSTINLINE void add_error_reduce_d6_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4100,14 +4271,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_771( +static KRML_MUSTINLINE void compute_vector_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4127,11 +4298,11 @@ static KRML_MUSTINLINE void compute_vector_u_771( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_881(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d(&result[i1], &product); } - invert_ntt_montgomery_471(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4145,7 +4316,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_75(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_7e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4159,8 +4330,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_94(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_message_40(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4170,23 +4341,24 @@ deserialize_then_decompress_message_94(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_75(coefficient_compressed); + decompress_1_7e(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_57( +add_message_error_reduce_d6_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4219,18 +4391,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe1( +compute_ring_element_v_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_881(&result, &product);); - invert_ntt_montgomery_471(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d(&result, &product);); + invert_ntt_montgomery_5f(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -4240,7 +4412,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_20(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4261,9 +4433,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fd( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_53(v); + return compress_20(v); } /** @@ -4272,7 +4444,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_530(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4294,8 +4466,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_530(v); +compress_0d_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_200(v); } /** @@ -4304,14 +4476,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_6f0( +static KRML_MUSTINLINE void compress_then_serialize_11_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd0(to_unsigned_representative_5d(re->coefficients[i0])); + compress_0d_0c0(to_unsigned_representative_08(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4329,10 +4501,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_6f0(re, uu____0); + compress_then_serialize_11_9b(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4348,7 +4520,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_861( +static void compress_then_serialize_u_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4364,7 +4536,7 @@ static void compress_then_serialize_u_861( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4e0(&re, ret); + compress_then_serialize_ring_element_u_08(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4376,7 +4548,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_531(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4398,8 +4570,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_531(v); +compress_0d_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_201(v); } /** @@ -4408,14 +4580,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_97( +static KRML_MUSTINLINE void compress_then_serialize_4_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd1(to_unsigned_representative_5d(re.coefficients[i0])); + compress_0d_0c1(to_unsigned_representative_08(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4431,7 +4603,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_532(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4453,8 +4625,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fd2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_532(v); +compress_0d_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_202(v); } /** @@ -4463,14 +4635,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0a( +static KRML_MUSTINLINE void compress_then_serialize_5_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_fd2(to_unsigned_representative_5d(re.coefficients[i0])); + compress_0d_0c2(to_unsigned_representative_08(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,17 +4659,58 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_800( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0a(re, out); + compress_then_serialize_5_61(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 - CIPHERTEXT_SIZE= 1568 - T_AS_NTT_ENCODED_SIZE= 1536 - C1_LEN= 1408 @@ -4510,24 +4723,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_7e3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c1(ret0, false, A); +static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, + uint8_t message[32U], Eurydice_slice randomness, + uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_ce1(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_86(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4537,7 +4741,7 @@ static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_3a1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_af(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4545,36 +4749,76 @@ static void encrypt_8c1(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_771(A, r_as_ntt, error_1, u); + compute_vector_u_51(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe1(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_16(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_861( + compress_then_serialize_u_2b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_800( + compress_then_serialize_ring_element_v_b9( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const +generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_ec1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); + deserialize_ring_elements_reduced_1b( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_ae(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_e7(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -4586,7 +4830,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_d9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_89(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4613,11 +4857,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_1b( + entropy_preprocess_d8_cd( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4626,14 +4870,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c61(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), - uint8_t), - ret); + H_f1_c6(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4641,20 +4885,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f41( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_a91(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_8c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_131(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_d9(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + kdf_d8_89(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4672,8 +4916,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_79(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4695,12 +4939,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_301( +static KRML_MUSTINLINE void deserialize_secret_key_a21( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4712,7 +4956,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_301( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4720,16 +4964,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_301( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $4size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_42_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; -} IndCpaPrivateKeyUnpacked_42; - /** A monomorphic instance of libcrux_ml_kem.vector.portable.compress.decompress_ciphertext_coefficient with @@ -4737,7 +4971,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_86( +decompress_ciphertext_coefficient_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4762,9 +4996,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c( +decompress_ciphertext_coefficient_0d_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_86(v); + return decompress_ciphertext_coefficient_1b(v); } /** @@ -4774,8 +5008,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_4c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_10_cb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4784,7 +5018,7 @@ deserialize_then_decompress_10_4c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c(coefficient); + decompress_ciphertext_coefficient_0d_7e(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4797,7 +5031,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_860( +decompress_ciphertext_coefficient_1b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4822,9 +5056,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c0( +decompress_ciphertext_coefficient_0d_7e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_860(v); + return decompress_ciphertext_coefficient_1b0(v); } /** @@ -4834,8 +5068,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_c3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_11_b0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4844,7 +5078,7 @@ deserialize_then_decompress_11_c3(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c0(coefficient); + decompress_ciphertext_coefficient_0d_7e0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4857,8 +5091,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_770(Eurydice_slice serialized) { - return deserialize_then_decompress_11_c3(serialized); +deserialize_then_decompress_ring_element_u_05(Eurydice_slice serialized) { + return deserialize_then_decompress_11_b0(serialized); } /** @@ -4867,17 +5101,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_340( +static KRML_MUSTINLINE void ntt_vector_u_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -4892,12 +5126,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_321( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4915,8 +5149,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_321( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_770(u_bytes); - ntt_vector_u_340(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_05(u_bytes); + ntt_vector_u_58(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4930,7 +5164,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_861( +decompress_ciphertext_coefficient_1b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4955,9 +5189,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c1( +decompress_ciphertext_coefficient_0d_7e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_861(v); + return decompress_ciphertext_coefficient_1b1(v); } /** @@ -4968,7 +5202,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4977,7 +5211,7 @@ deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c1(coefficient); + decompress_ciphertext_coefficient_0d_7e1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4990,7 +5224,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_862( +decompress_ciphertext_coefficient_1b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5015,9 +5249,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c2( +decompress_ciphertext_coefficient_0d_7e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_862(v); + return decompress_ciphertext_coefficient_1b2(v); } /** @@ -5027,8 +5261,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_19(); +deserialize_then_decompress_5_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5037,7 +5271,7 @@ deserialize_then_decompress_5_3f(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_4c2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_7e2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5050,22 +5284,23 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0d0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_3f(serialized); +deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { + return deserialize_then_decompress_5_60(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_ee(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5096,17 +5331,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_291( +compute_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_881(&result, &product);); - invert_ntt_montgomery_471(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d(&result, &product);); + invert_ntt_montgomery_5f(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -5116,13 +5351,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_62( +static KRML_MUSTINLINE void compress_then_serialize_message_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_5d(re.coefficients[i0]); + to_unsigned_representative_08(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5170,18 +5405,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_3c1(IndCpaPrivateKeyUnpacked_42 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_76(IndCpaPrivateKeyUnpacked_42 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_321(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d0( + deserialize_then_decompress_ring_element_v_03( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_291(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5195,10 +5430,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_d31(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_301(secret_key, secret_as_ntt); + deserialize_secret_key_a21(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5209,7 +5444,7 @@ static void decrypt_d31(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_76(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5235,7 +5470,7 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); } @@ -5261,10 +5496,9 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_641( +void libcrux_ml_kem_ind_cca_decapsulate_6a1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5280,7 +5514,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d31(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_031(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5290,7 +5524,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5298,31 +5532,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_8c1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_ec1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_d9(Eurydice_array_to_slice((size_t)32U, + kdf_d8_89(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_d9(shared_secret0, shared_secret); + kdf_d8_89(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df1(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5332,10 +5566,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_641( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5344,12 +5575,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5361,9 +5589,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_1b3(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5379,7 +5629,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_6c0( +static KRML_MUSTINLINE void serialize_secret_key_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5397,7 +5647,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6c0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5408,27 +5658,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c0( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_5d0( +static KRML_MUSTINLINE void serialize_public_key_mut_460( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_6c0(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)768U, uint8_t); + uint8_t ret[768U]; + serialize_secret_key_8c0(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)800U, serialized, (size_t)768U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_eb0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + serialize_public_key_mut_460(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5447,15 +5714,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_7e2( + deserialize_ring_elements_reduced_out_6b0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_5d0( + serialize_public_key_eb0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5492,7 +5759,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_db( +bool libcrux_ml_kem_ind_cca_validate_private_key_3d( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5507,6 +5774,74 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_db( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $2size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_ae_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; +} IndCpaPrivateKeyUnpacked_ae; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +*/ +static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { + IndCpaPrivateKeyUnpacked_ae lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $2size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_ae_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; +} IndCpaPublicKeyUnpacked_ae; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 2 +*/ +static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_ae lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -5530,7 +5865,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e8( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5545,19 +5880,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e8( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -*/ -static void closure_8e0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -5691,7 +6013,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5803,7 +6125,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5842,9 +6164,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_970( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5855,7 +6177,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2f0( +static KRML_MUSTINLINE void sample_from_xof_490( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5869,7 +6191,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b1( + bool done = sample_from_uniform_distribution_next_fb1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5881,7 +6203,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b2( + done = sample_from_uniform_distribution_next_fb2( copy_of_randomness, sampled_coefficients, out); } } @@ -5890,7 +6212,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f0( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_970(copy_of_out[i]);); + ret0[i] = closure_ba0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5903,12 +6225,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_3c0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_8e0(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5923,7 +6242,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c0( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2f0(copy_of_seeds, sampled); + sample_from_xof_490(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5941,22 +6260,8 @@ static KRML_MUSTINLINE void sample_matrix_A_3c0( } ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; - uint8_t snd; -} tuple_740; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics @@ -5996,8 +6301,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_630(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_77(randomness); +sample_from_binomial_distribution_dd0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_a6(randomness); } /** @@ -6013,11 +6318,9 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6032,9 +6335,42 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_630( + re_as_ntt[i0] = sample_from_binomial_distribution_dd0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_830(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6054,15 +6390,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ce0( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_880( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6089,101 +6426,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_c80( +static KRML_MUSTINLINE void compute_As_plus_e_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_880(&result[i1], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_020( - Eurydice_slice key_generation_seed) { + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void generate_keypair_unpacked_740( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_ae *private_key, + IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e8(key_generation_seed, hashed); + cpa_keygen_seed_d8_07(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c0(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_ae0(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_830(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_860(copy_of_prf_input, domain_separator) + .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_c80(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_000(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); + generate_keypair_unpacked_740(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_5d0( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_eb0( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_6c0(secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6210,7 +6604,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_83( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6274,7 +6668,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6283,13 +6677,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_020(ind_cpa_keypair_randomness); + generate_keypair_520(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_83( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6298,13 +6692,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -6317,7 +6711,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6326,10 +6720,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_3c(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6338,12 +6729,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6355,12 +6743,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -6408,10 +6793,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_3a0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6427,7 +6812,7 @@ sample_ring_element_cbd_3a0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6464,18 +6849,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_470( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** @@ -6487,14 +6872,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_770( +static KRML_MUSTINLINE void compute_vector_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6514,11 +6899,11 @@ static KRML_MUSTINLINE void compute_vector_u_770( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_880(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d0(&result[i1], &product); } - invert_ntt_montgomery_470(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f0(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6535,18 +6920,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe0( +compute_ring_element_v_160( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_880(&result, &product);); - invert_ntt_montgomery_470(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d0(&result, &product);); + invert_ntt_montgomery_5f0(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -6556,14 +6941,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_f3( +static KRML_MUSTINLINE void compress_then_serialize_10_470( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fd(to_unsigned_representative_5d(re->coefficients[i0])); + compress_0d_0c(to_unsigned_representative_08(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6581,10 +6966,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_f3(re, uu____0); + compress_then_serialize_10_470(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6600,7 +6985,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_860( +static void compress_then_serialize_u_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6616,7 +7001,7 @@ static void compress_then_serialize_u_860( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4e(&re, ret); + compress_then_serialize_ring_element_u_080(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6629,13 +7014,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_97(re, out); + compress_then_serialize_4_d4(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6652,24 +7078,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_7e1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c0(ret0, false, A); +static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, + uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_ce0(copy_of_prf_input0, 0U); + tuple_740 uu____1 = + sample_vector_cbd_then_ntt_out_860(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6679,7 +7097,7 @@ static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_3a0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_af0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6690,33 +7108,73 @@ static void encrypt_8c0(Eurydice_slice public_key, uint8_t message[32U], PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_770(A, r_as_ntt, error_1, u); + compute_vector_u_510(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe0(t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_160(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_860( + compress_then_serialize_u_2b0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_80( + compress_then_serialize_ring_element_v_b90( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const +generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); + deserialize_ring_elements_reduced_1b0( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[2U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_ae0(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_e70(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -6728,7 +7186,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_44(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6755,11 +7213,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3c( + entropy_preprocess_d8_3b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6769,7 +7227,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( size_t); uint8_t ret[32U]; H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6783,19 +7241,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f40( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_a9(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_8c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_13(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_44(shared_secret, shared_secret_array); + kdf_d8_4d(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6816,12 +7274,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_300( +static KRML_MUSTINLINE void deserialize_secret_key_a20( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6833,7 +7291,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_300( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6841,16 +7299,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_300( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $2size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_ae_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; -} IndCpaPrivateKeyUnpacked_ae; - /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types @@ -6858,8 +7306,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_77(Eurydice_slice serialized) { - return deserialize_then_decompress_10_4c(serialized); +deserialize_then_decompress_ring_element_u_050(Eurydice_slice serialized) { + return deserialize_then_decompress_10_cb(serialized); } /** @@ -6868,17 +7316,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_34( +static KRML_MUSTINLINE void ntt_vector_u_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_38(&zeta_i, re); - ntt_at_layer_2_6d(&zeta_i, re); - ntt_at_layer_1_0b(&zeta_i, re); - poly_barrett_reduce_89_62(re); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_e9(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_bd(&zeta_i, re); + poly_barrett_reduce_d6_a9(re); } /** @@ -6893,12 +7341,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_320( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6916,8 +7364,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_320( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); - ntt_vector_u_34(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); + ntt_vector_u_580(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6931,7 +7379,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0d(Eurydice_slice serialized) { +deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { return deserialize_then_decompress_4_ad(serialized); } @@ -6948,17 +7396,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_290( +compute_message_150( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_880(&result, &product);); - invert_ntt_montgomery_470(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d0(&result, &product);); + invert_ntt_montgomery_5f0(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -6996,18 +7444,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_3c0(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_760(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_320(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d( + deserialize_then_decompress_ring_element_v_030( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_290(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_150(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7021,10 +7469,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d30(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_300(secret_key, secret_as_ntt); + deserialize_secret_key_a20(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7035,7 +7483,7 @@ static void decrypt_d30(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_760(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7075,7 +7523,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_640( +void libcrux_ml_kem_ind_cca_decapsulate_6a0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7093,7 +7541,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d30(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_030(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7111,11 +7559,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7125,17 +7573,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_8c0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_ec0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_44(Eurydice_array_to_slice((size_t)32U, + kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_44(shared_secret0, shared_secret); + kdf_d8_4d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7145,10 +7593,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_640( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -7157,12 +7602,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7174,9 +7616,31 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_d6_19();); + deserialize_ring_elements_reduced_1b2(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7192,7 +7656,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_6c( +static KRML_MUSTINLINE void serialize_secret_key_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7210,7 +7674,7 @@ static KRML_MUSTINLINE void serialize_secret_key_6c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_47(&re, ret0); + serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7221,27 +7685,44 @@ static KRML_MUSTINLINE void serialize_secret_key_6c( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_5d( +static KRML_MUSTINLINE void serialize_public_key_mut_461( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_6c(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + serialize_secret_key_8c1(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_eb1( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + serialize_public_key_mut_461(t_as_ntt, seed_for_a, public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7260,15 +7741,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7b(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_7e0( + deserialize_ring_elements_reduced_out_6b( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_5d( + serialize_public_key_eb1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7286,7 +7767,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7305,14 +7786,14 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c7( +bool libcrux_ml_kem_ind_cca_validate_private_key_46( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_c6(Eurydice_array_to_subslice2( - private_key->value, (size_t)384U * (size_t)3U, - (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), - t); + H_f1_c61(Eurydice_array_to_subslice2( + private_key->value, (size_t)384U * (size_t)3U, + (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), + t); Eurydice_slice expected = Eurydice_array_to_subslice2( private_key->value, (size_t)768U * (size_t)3U + (size_t)32U, (size_t)768U * (size_t)3U + (size_t)64U, uint8_t); @@ -7320,6 +7801,80 @@ bool libcrux_ml_kem_ind_cca_validate_private_key_c7( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} IndCpaPrivateKeyUnpacked_f8; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { + IndCpaPrivateKeyUnpacked_f8 lit; + lit.secret_as_ntt[0U] = ZERO_d6_19(); + lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[2U] = ZERO_d6_19(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} IndCpaPublicKeyUnpacked_f8; + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + uu____0[i] = ZERO_d6_19();); + uint8_t uu____1[32U] = {0U}; + IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = ZERO_d6_19(); + lit.A[0U][1U] = ZERO_d6_19(); + lit.A[0U][2U] = ZERO_d6_19(); + lit.A[1U][0U] = ZERO_d6_19(); + lit.A[1U][1U] = ZERO_d6_19(); + lit.A[1U][2U] = ZERO_d6_19(); + lit.A[2U][0U] = ZERO_d6_19(); + lit.A[2U][1U] = ZERO_d6_19(); + lit.A[2U][2U] = ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for libcrux_ml_kem::hash_functions::portable::PortableHash)} @@ -7329,7 +7884,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7343,7 +7898,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0a( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7354,23 +7909,10 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0a( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static void closure_8e( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_19();); -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PortableHash with const generics @@ -7386,7 +7928,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_37(uint8_t input[3U][34U]) { +shake128_init_absorb_371(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7417,11 +7959,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_17(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_171(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_37(copy_of_input); + return shake128_init_absorb_371(copy_of_input); } /** @@ -7430,7 +7972,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7451,9 +7993,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_72(self, ret); + shake128_squeeze_three_blocks_721(self, ret); } /** @@ -7504,7 +8046,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7542,8 +8084,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_58 *st, - uint8_t ret[3U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_58 *st, + uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7563,9 +8105,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_e6(self, ret); + shake128_squeeze_block_e61(self, ret); } /** @@ -7616,7 +8158,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_9b0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7655,9 +8197,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_97( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_89_4e( + return from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7668,7 +8210,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2f( +static KRML_MUSTINLINE void sample_from_xof_491( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7676,25 +8218,25 @@ static KRML_MUSTINLINE void sample_from_xof_2f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_9b( + bool done = sample_from_uniform_distribution_next_fb3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_48(&xof_state, randomness); + shake128_squeeze_block_f1_481(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_9b0( + done = sample_from_uniform_distribution_next_fb4( copy_of_randomness, sampled_coefficients, out); } } @@ -7703,7 +8245,7 @@ static KRML_MUSTINLINE void sample_from_xof_2f( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_97(copy_of_out[i]);); + ret0[i] = closure_ba1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7716,12 +8258,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_3c( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_8e(A_transpose[i]);); +static KRML_MUSTINLINE void sample_matrix_A_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7736,7 +8275,7 @@ static KRML_MUSTINLINE void sample_matrix_A_3c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2f(copy_of_seeds, sampled); + sample_from_xof_491(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7754,30 +8293,16 @@ static KRML_MUSTINLINE void sample_matrix_A_3c( } ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; - uint8_t snd; -} tuple_b0; - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { +static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7797,9 +8322,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_d5(input, ret); +static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_d52(input, ret); } /** @@ -7815,11 +8340,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7831,18 +8354,51 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_63( + re_as_ntt[i0] = sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + return domain_separator; +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_861( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_d6_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_831(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7856,15 +8412,16 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ce( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_88( +static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7891,101 +8448,158 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_c8( +static KRML_MUSTINLINE void compute_As_plus_e_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_19();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_88(&result[i1], &product); + ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); + add_to_ring_element_d6_5d1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_89_82(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_MlKem with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_02( - Eurydice_slice key_generation_seed) { +static void generate_keypair_unpacked_741( + Eurydice_slice key_generation_seed, + IndCpaPrivateKeyUnpacked_f8 *private_key, + IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0a(key_generation_seed, hashed); + cpa_keygen_seed_d8_3b(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - sample_matrix_A_3c(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); + sample_matrix_A_ae1(uu____1, ret, true); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + sample_vector_cbd_then_ntt_831(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ce(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_861(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_c8(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_001(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); + generate_keypair_unpacked_741(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_5d( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + serialize_public_key_eb1( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_6c(secret_as_ntt, secret_key_serialized); + serialize_secret_key_8c1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8012,7 +8626,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void serialize_kem_secret_key_61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8038,7 +8652,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c6(public_key, ret0); + H_f1_c61(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8076,7 +8690,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8085,13 +8699,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_02(ind_cpa_keypair_randomness); + generate_keypair_52(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5a( + serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8100,13 +8714,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f60( - uu____2, libcrux_ml_kem_types_from_b6_8c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b0( + uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); } /** @@ -8119,7 +8733,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_2b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8128,10 +8742,7 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_2b(Eurydice_slice randomness, } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -8140,12 +8751,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8157,12 +8765,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_7e( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_3f(ring_element); + deserialize_to_reduced_ring_element_f6(ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } /** @@ -8177,11 +8782,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_19();); + error_1[i] = ZERO_d6_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8193,11 +8798,11 @@ sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8205,7 +8810,7 @@ sample_ring_element_cbd_3a(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8223,7 +8828,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); } @@ -8234,18 +8839,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_47( +static KRML_MUSTINLINE void invert_ntt_montgomery_5f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ca(&zeta_i, re); - invert_ntt_at_layer_2_06(&zeta_i, re); - invert_ntt_at_layer_3_0d(&zeta_i, re); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_62(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_4a(&zeta_i, re); + invert_ntt_at_layer_3_a9(&zeta_i, re); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_d6_a9(re); } /** @@ -8257,14 +8862,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_77( +static KRML_MUSTINLINE void compute_vector_u_511( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_19();); + result[i] = ZERO_d6_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8284,11 +8889,11 @@ static KRML_MUSTINLINE void compute_vector_u_77( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(a_element, &r_as_ntt[j]); - add_to_ring_element_89_88(&result[i1], &product); + ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + add_to_ring_element_d6_5d1(&result[i1], &product); } - invert_ntt_montgomery_47(&result[i1]); - add_error_reduce_89_20(&result[i1], &error_1[i1]); + invert_ntt_montgomery_5f1(&result[i1]); + add_error_reduce_d6_a3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8305,18 +8910,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_fe( +compute_ring_element_v_161( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_88(&result, &product);); - invert_ntt_montgomery_47(&result); - result = add_message_error_reduce_89_57(error_2, message, result); + ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_d6_5d1(&result, &product);); + invert_ntt_montgomery_5f1(&result); + result = add_message_error_reduce_d6_4d(error_2, message, result); return result; } @@ -8332,7 +8937,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_86( +static void compress_then_serialize_u_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8348,14 +8953,55 @@ static void compress_then_serialize_u_86( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4e(&re, ret); + compress_then_serialize_ring_element_u_080(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8372,24 +9018,17 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_7e( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - sample_matrix_A_3c(ret0, false, A); +static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_421(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_ce(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = + sample_vector_cbd_then_ntt_out_861(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8398,8 +9037,8 @@ static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_3a(copy_of_prf_input, domain_separator0); + tuple_b00 uu____3 = + sample_ring_element_cbd_af1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8407,36 +9046,76 @@ static void encrypt_8c(Eurydice_slice public_key, uint8_t message[32U], uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_63( + sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_77(A, r_as_ntt, error_1, u); + compute_vector_u_511(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_94(copy_of_message); + deserialize_then_decompress_message_40(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_fe(t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); + compute_ring_element_v_161(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_86( + compress_then_serialize_u_2b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_80( + compress_then_serialize_ring_element_v_b90( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); + deserialize_ring_elements_reduced_1b1( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_ae1(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_e71(uu____1, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)} @@ -8448,7 +9127,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_97(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_a7(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8475,11 +9154,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_2b( + entropy_preprocess_d8_b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8488,14 +9167,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c6(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), - uint8_t), - ret); + H_f1_c61(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), + uint8_t), + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8503,19 +9182,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f4( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_a90(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_8c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_ec(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_130(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_97(shared_secret, shared_secret_array); + kdf_d8_a7(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8536,12 +9215,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_30( +static KRML_MUSTINLINE void deserialize_secret_key_a2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_19();); + secret_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8553,7 +9232,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_30( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_79(secret_bytes); + deserialize_to_uncompressed_ring_element_7f(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8561,16 +9240,6 @@ static KRML_MUSTINLINE void deserialize_secret_key_30( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} IndCpaPrivateKeyUnpacked_f8; - /** Call [`deserialize_then_decompress_ring_element_u`] on each ring element in the `ciphertext`. @@ -8583,12 +9252,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_32( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_19();); + u_as_ntt[i] = ZERO_d6_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8606,8 +9275,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_32( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_77(u_bytes); - ntt_vector_u_34(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); + ntt_vector_u_580(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8627,17 +9296,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_29( +compute_message_151( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_58(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_88(&result, &product);); - invert_ntt_montgomery_47(&result); - result = subtract_reduce_89_ee(v, result); + ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_d6_5d1(&result, &product);); + invert_ntt_montgomery_5f1(&result); + result = subtract_reduce_d6_81(v, result); return result; } @@ -8675,18 +9344,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_3c(IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { +static void decrypt_unpacked_761(IndCpaPrivateKeyUnpacked_f8 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_32(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4d1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0d( + deserialize_then_decompress_ring_element_v_030( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_29(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_151(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_62(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8700,10 +9369,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d3(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_30(secret_key, secret_as_ntt); + deserialize_secret_key_a2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8714,7 +9383,7 @@ static void decrypt_d3(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_3c(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_761(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8728,7 +9397,7 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); } @@ -8754,7 +9423,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_64( +void libcrux_ml_kem_ind_cca_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8772,7 +9441,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d3(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8782,7 +9451,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8790,30 +9459,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_64( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_423(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_8c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_ec(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_97(Eurydice_array_to_slice((size_t)32U, + kdf_d8_a7(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_d8_97(shared_secret0, shared_secret); + kdf_d8_a7(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_df0(ciphertext), + libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 4d36ef4e3..6355ccd91 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index cf6b129b4..1977dc044 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index dcdb81b02..e8b21a2b6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_71(void) { +new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_71(); + return new_89_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index d028ae5d8..667db43e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 49a02e9f6..bfee55ebe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2d2e97511..8cafd81d2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index b5d8fcc13..cfd01b11c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 58908b2b7..08e55ac47 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -51,6 +51,34 @@ files: monomorphizations_using: - [libcrux_sha3, "*"] + # Header with types only + + - name: libcrux_mlkem768_avx2_types + inline_static: true + api: + monomorphizations_exact: + - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, mlkem768, avx2, unpacked, MlKem768PublicKeyUnpacked ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_a0 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_a0 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_d2 ] + - [ libcrux_ml_kem, vector, avx2, SIMD256Vector ] + + - name: libcrux_mlkem768_portable_types + inline_static: true + api: + monomorphizations_exact: + - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768KeyPairUnpacked ] + - [ libcrux_ml_kem, mlkem768, portable, unpacked, MlKem768PublicKeyUnpacked ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPrivateKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cca, unpacked, MlKemPublicKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPrivateKeyUnpacked_f8 ] + - [ libcrux_ml_kem, ind_cpa, unpacked, IndCpaPublicKeyUnpacked_f8 ] + - [ libcrux_ml_kem, polynomial, PolynomialRingElement_f0 ] + - [ libcrux_ml_kem, vector, portable, vector_type, PortableVector ] + # MLKEM: MISC NON-ARCHITECTURE SPECIFIC HEADERS - name: libcrux_core inline_static: true @@ -77,17 +105,19 @@ files: - name: libcrux_mlkem768_avx2 inline_static: true target: "avx2" + include_in_h: + - '"intrinsics/libcrux_intrinsics_avx2.h"' api: patterns: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_ml_kem, mlkem768, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - [libcrux_ml_kem, mlkem768, avx2, "*"] + - [libcrux_ml_kem, ind_cca, instantiations, avx2, "*"] monomorphizations_of: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] - - [libcrux_ml_kem, mlkem768, avx2] - - [libcrux_ml_kem, ind_cca, instantiations, avx2] + - [libcrux_ml_kem, mlkem768, avx2, "*"] + - [libcrux_ml_kem, ind_cca, instantiations, avx2, "*"] monomorphizations_using: - [libcrux_ml_kem, vector, avx2, "*"] - [libcrux_ml_kem, hash_functions, avx2, "*"] diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt index 4d33faa9a..ce8ed53c2 100644 --- a/libcrux-ml-kem/cg/CMakeLists.txt +++ b/libcrux-ml-kem/cg/CMakeLists.txt @@ -17,6 +17,7 @@ if(NOT MSVC) add_compile_options( -Wall -fstack-usage + -Wunused-function $<$:-g> $<$:-Og> $<$:-g> @@ -32,6 +33,7 @@ if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND endif() set(CMAKE_COLOR_DIAGNOSTICS "ON") +set(CMAKE_EXPORT_COMPILE_COMMANDS 1) include_directories( ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/internal diff --git a/libcrux-ml-kem/cg/benches/mlkem768.cc b/libcrux-ml-kem/cg/benches/mlkem768.cc index 4a9bea540..7ce70a7e1 100644 --- a/libcrux-ml-kem/cg/benches/mlkem768.cc +++ b/libcrux-ml-kem/cg/benches/mlkem768.cc @@ -29,6 +29,20 @@ kyber768_key_generation(benchmark::State &state) } } +static void +kyber768_key_generation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + } +} + static void kyber768_encapsulation(benchmark::State &state) { @@ -45,6 +59,24 @@ kyber768_encapsulation(benchmark::State &state) } } +static void +kyber768_encapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + } +} + static void kyber768_decapsulation(benchmark::State &state) { @@ -63,9 +95,33 @@ kyber768_decapsulation(benchmark::State &state) } } +static void +kyber768_decapsulation_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + } +} + BENCHMARK(kyber768_key_generation); +BENCHMARK(kyber768_key_generation_unpacked); BENCHMARK(kyber768_encapsulation); +BENCHMARK(kyber768_encapsulation_unpacked); BENCHMARK(kyber768_decapsulation); +BENCHMARK(kyber768_decapsulation_unpacked); #ifdef LIBCRUX_AARCH64 #include "libcrux_mlkem768_neon.h" @@ -138,6 +194,22 @@ kyber768_key_generation_avx2(benchmark::State &state) } } +static void +kyber768_key_generation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + } +} + static void kyber768_encapsulation_avx2(benchmark::State &state) { @@ -154,6 +226,24 @@ kyber768_encapsulation_avx2(benchmark::State &state) } } +static void +kyber768_encapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + + for (auto _ : state) + { + ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + } +} + static void kyber768_decapsulation_avx2(benchmark::State &state) { @@ -172,9 +262,32 @@ kyber768_decapsulation_avx2(benchmark::State &state) } } +static void +kyber768_decapsulation_avx2_unpacked(benchmark::State &state) +{ + uint8_t randomness[64]; + generate_random(randomness, 64); + + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(randomness, &key_pair); + + generate_random(randomness, 32); + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + + for (auto _ : state) + { + libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + } +} + BENCHMARK(kyber768_key_generation_avx2); +BENCHMARK(kyber768_key_generation_avx2_unpacked); BENCHMARK(kyber768_encapsulation_avx2); +BENCHMARK(kyber768_encapsulation_avx2_unpacked); BENCHMARK(kyber768_decapsulation_avx2); +BENCHMARK(kyber768_decapsulation_avx2_unpacked); #endif #ifdef LIBCRUX_SYMCRYPT diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dde362958..464822a07 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d +Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 8ead868e5..cdd27af77 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -164,10 +164,10 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ + ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ Eurydice_range_iter_next // See note in karamel/lib/Inlining.ml if you change this diff --git a/libcrux-ml-kem/cg/fuzz/.gitignore b/libcrux-ml-kem/cg/fuzz/.gitignore new file mode 100644 index 000000000..d28f1baa8 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/.gitignore @@ -0,0 +1,5 @@ +dec_fuzz +enc_fuzz +mkcorpus +valid_fuzz +*.o diff --git a/libcrux-ml-kem/cg/fuzz/Makefile b/libcrux-ml-kem/cg/fuzz/Makefile new file mode 100644 index 000000000..bf98a1b02 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/Makefile @@ -0,0 +1,35 @@ +CC=clang-18 +CXX=clang++-18 +FUZZ_FLAGS=-fsanitize=address,undefined,fuzzer -fno-omit-frame-pointer +FUZZ_LIBS=-L/usr/lib/llvm-18/lib -lFuzzer + +CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -Wno-exceptions -I.. +CFLAGS=$(CXXFLAGS) +LDFLAGS=-g +LIBS= +COMMON_DEPS= + +TARGETS=enc_fuzz valid_fuzz dec_fuzz mkcorpus + +all: $(TARGETS) + +.cc.o: + $(CXX) $(CXXFLAGS) $(FUZZ_FLAGS) -c $< -o $@ + +.c.o: + $(CC) $(CFLAGS) -c $< -o $@ + +enc_fuzz: enc_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ enc_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +dec_fuzz: dec_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ dec_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +valid_fuzz: valid_fuzz.o $(COMMON_DEPS) + $(CXX) -o $@ valid_fuzz.o $(LDFLAGS) $(LIBS) $(FUZZ_FLAGS) $(FUZZ_LIBS) + +mkcorpus: mkcorpus.o + $(CC) -o $@ mkcorpus.o + +clean: + -rm -f *.o $(TARGETS) diff --git a/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc new file mode 100644 index 000000000..8367f779e --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/dec_fuzz.cc @@ -0,0 +1,52 @@ +// Basic fuzz test for depcapsulate operation, + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" +{ + + void privkeys(libcrux_ml_kem_types_MlKemPrivateKey_55 *zero_sk, + libcrux_ml_kem_types_MlKemPrivateKey_55 *rnd_sk) + { + uint8_t rnd[64]; + memset(rnd, 0, sizeof(rnd)); + auto kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *zero_sk = kp.sk; + (void)getentropy(rnd, sizeof(rnd)); + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + *rnd_sk = kp.sk; + } + + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + static bool once; + uint8_t ret[32]; + static libcrux_ml_kem_types_MlKemPrivateKey_55 zero_sk, rnd_sk; + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ct; + + if (!once) + { + privkeys(&zero_sk, &rnd_sk); + once = true; + } + + memset(&ct, 0, sizeof(ct)); + if (len > sizeof(ct.value)) + { + len = sizeof(ct.value); + } + memcpy(ct.value, input, len); + + libcrux_ml_kem_mlkem768_portable_decapsulate(&zero_sk, &ct, ret); + libcrux_ml_kem_mlkem768_portable_decapsulate(&rnd_sk, &ct, ret); + return 0; + } + +} // extern diff --git a/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc new file mode 100644 index 000000000..1cf5f9d2c --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/enc_fuzz.cc @@ -0,0 +1,34 @@ +// Basic fuzz test for encapsulate operation. + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" +{ + + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; + + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) + { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + (void)getentropy(rnd, sizeof(rnd)); + (void)libcrux_ml_kem_mlkem768_portable_encapsulate(&pk, rnd); + return 0; + } + +} // extern diff --git a/libcrux-ml-kem/cg/fuzz/mkcorpus.c b/libcrux-ml-kem/cg/fuzz/mkcorpus.c new file mode 100644 index 000000000..b681e2fb3 --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/mkcorpus.c @@ -0,0 +1,65 @@ +// Makes basic seed corpora for other fuzzers +// +// Will write to ./pubkey_corpus (for valid_fuzz and enc_fuzz) and +// to ./ciphertext_corpus (for dec_fuzz) + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +#define NSEEDS 1000 + +void write_blob(const char *path, int n, const char *suffix, const void *p, + size_t l) { + char name[256]; + FILE *f; + + snprintf(name, sizeof(name), "%s/%06d.%s", path, n, suffix); + if ((f = fopen(name, "wb+")) == NULL) { + err(1, "fopen %s", name); + } + if (fwrite(p, l, 1, f) != 1) { + err(1, "write %s", name); + } + fclose(f); +} + +int main(void) { + int i; + uint8_t rnd[64]; + libcrux_ml_kem_mlkem768_MlKem768KeyPair kp; + tuple_3c enc; + + if (mkdir("pubkey_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir pubkey_corpus"); + if (mkdir("ciphertext_corpus", 0777) != 0 && errno != EEXIST) + err(1, "mkdir ciphertext_corpus"); + + for (i = 0; i < NSEEDS; i++) { + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + kp = libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(rnd); + write_blob("pubkey_corpus", i, "pk", kp.pk.value, sizeof(kp.pk.value)); + + if (i == 0) { + memset(rnd, 0, sizeof(rnd)); + } else { + (void)getentropy(rnd, sizeof(rnd)); + } + enc = libcrux_ml_kem_mlkem768_portable_encapsulate(&kp.pk, rnd); + write_blob("ciphertext_corpus", i, "ct", enc.fst.value, + sizeof(enc.fst.value)); + } + return 0; +} diff --git a/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc new file mode 100644 index 000000000..44c34945b --- /dev/null +++ b/libcrux-ml-kem/cg/fuzz/valid_fuzz.cc @@ -0,0 +1,32 @@ +// Basic fuzz test for pubkey validation. + +#include +#include +#include +#include +#include +#include + +#include "libcrux_mlkem768_portable.h" + +extern "C" +{ + + int LLVMFuzzerTestOneInput(const uint8_t *input, size_t len) + { + uint8_t rnd[32]; + libcrux_ml_kem_mlkem768_MlKem768PublicKey pk; + + memset(rnd, 0, sizeof(rnd)); + memset(&pk, 0, sizeof(pk)); + if (len > sizeof(pk.value)) + { + len = sizeof(pk.value); + } + memcpy(pk.value, input, len); + + (void)libcrux_ml_kem_mlkem768_portable_validate_public_key(&pk); + return 0; + } + +} // extern diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index be9bbe04a..7acff76f1 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_core_H @@ -97,14 +97,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -130,14 +131,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -163,14 +165,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -187,6 +190,25 @@ typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice snd[4U]; } Eurydice_slice_uint8_t_4size_t__x2; +/** + Pad the `slice` with `0`s at the end. +*/ +/** +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_slice slice, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + uint8_t *uu____0 = out; + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; @@ -195,14 +217,14 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { A reference to the raw byte slice. */ /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 +A monomorphic instance of libcrux_ml_kem.types.as_slice_07 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_aa( +static inline uint8_t *libcrux_ml_kem_types_as_slice_07_4f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -218,15 +240,15 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_40 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_8c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_40_60(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -263,7 +285,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -271,15 +293,15 @@ libcrux_ml_kem_types_from_17_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#10} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_88 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_9d(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_88_2d(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -302,14 +324,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -334,15 +357,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#3} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_fc with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_e5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -355,14 +378,14 @@ libcrux_ml_kem_types_from_01_e5(uint8_t value[1088U]) { A reference to the raw byte slice. */ /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_ba with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_00( +static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_91( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -407,14 +430,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_fd with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_cf( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_7b( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -471,14 +494,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -504,14 +528,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index be005d67c..19ba7d8bc 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 9935422a8..f31221544 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_avx2_H @@ -19,9 +19,12 @@ extern "C" { #endif #include "eurydice_glue.h" +#include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_avx2_types.h" #include "libcrux_mlkem768_portable.h" +#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -43,8 +46,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); @@ -719,7 +720,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +820,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_07(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +933,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_ea(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1078,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_76(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1190,28 +1191,20 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_7d(void) { +libcrux_ml_kem_polynomial_ZERO_d6_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1240,8 +1233,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_03(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -1252,10 +1245,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1276,12 +1269,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1294,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_13( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1303,16 +1296,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_71( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -1323,8 +1306,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_85(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -1335,7 +1318,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1370,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( vector); } @@ -1401,10 +1384,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_39( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_08( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1412,7 +1395,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_39( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_94( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( coefficient); } return re; @@ -1426,7 +1409,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1461,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( vector); } @@ -1492,10 +1475,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_0e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1503,7 +1486,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_940( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( coefficient); } return re; @@ -1517,9 +1500,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_39(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_08(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1534,7 +1517,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1547,9 +1530,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1563,7 +1546,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1576,7 +1559,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0d( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1594,7 +1577,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_5f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1613,7 +1596,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1635,7 +1618,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1656,16 +1639,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_f7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1666,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** @@ -1713,12 +1697,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1738,9 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_72(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( vector); } @@ -1821,10 +1805,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1832,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_37( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_941( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( coefficient); } return re; @@ -1846,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fa2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( vector); } @@ -1912,10 +1896,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_9f( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1923,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_9f( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_942( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( re.coefficients[i0]); } return re; @@ -1937,9 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_37(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1(serialized); } /** @@ -1971,21 +1955,22 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_04( +libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2012,16 +1997,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_04( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_98( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2042,7 +2028,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2069,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2092,7 +2078,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2113,13 +2099,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2132,7 +2118,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2147,7 +2133,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_05( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2165,37 +2151,38 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_bc(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_b2(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f2(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_b7( +libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,21 +2212,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d3( +libcrux_ml_kem_matrix_compute_message_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_b7(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_c9(v, result); return result; } @@ -2250,7 +2237,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2251,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_02( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_cf( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_6a(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(vector); } /** @@ -2277,8 +2264,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_38(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_02(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_c0(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_cf(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,13 +2279,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d7( +libcrux_ml_kem_serialize_compress_then_serialize_message_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2347,20 +2334,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_31( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e1(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d3(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_4a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d7(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_a4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2362,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_95(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_71(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_14(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2378,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_95(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_31(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_40(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2442,17 +2429,39 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d4( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + return lit; } /** @@ -2469,10 +2478,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2486,10 +2495,7 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -2500,13 +2506,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2518,39 +2520,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_3d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_64( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } } typedef libcrux_sha3_avx2_x4_incremental_KeccakState @@ -2695,7 +2668,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2827,7 +2800,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2864,19 +2837,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_82(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2895,8 +2869,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_86(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_82( +libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2907,7 +2881,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2924,7 +2898,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2937,7 +2911,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6b0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( copy_of_randomness, sampled_coefficients, out); } } @@ -2947,7 +2921,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_86(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); } memcpy( ret, ret0, @@ -2961,13 +2935,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_64(i, A_transpose[i]); - } +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2986,7 +2956,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_6c(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_67(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3003,9 +2973,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_29( } } } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } /** @@ -3021,7 +2988,7 @@ typedef struct tuple_b00_s { /** A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3030,8 +2997,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_1f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_61(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -3142,7 +3109,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3177,7 +3144,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3189,7 +3156,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_75( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3223,7 +3190,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_75( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_82( + return libcrux_ml_kem_polynomial_from_i16_array_d6_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3235,9 +3202,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f2( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( randomness); } @@ -3248,7 +3215,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ab( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3270,20 +3237,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_2f(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ab(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_a5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_46(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_f7(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_f5(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); } /** @@ -3299,13 +3266,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, + uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3323,10 +3287,34 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_e1(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + } + return domain_separator; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -3350,8 +3338,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_c4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_a1(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** @@ -3367,11 +3355,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3390,7 +3378,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3445,22 +3433,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_60(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); +libcrux_ml_kem_matrix_compute_vector_u_closure_02(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3485,14 +3474,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); + result[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3513,12 +3502,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_9c( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_5d(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_b5(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3532,7 +3521,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_a5(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_17(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3547,10 +3536,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3558,24 +3547,25 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_a5(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_17(coefficient_compressed); } return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3606,22 +3596,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_b7( +libcrux_ml_kem_matrix_compute_ring_element_v_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_7d(); + libcrux_ml_kem_polynomial_ZERO_d6_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3a(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_d3( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( error_2, message, result); return result; } @@ -3634,7 +3624,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3689,9 +3679,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_31( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_66( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d8( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( vector); } @@ -3703,14 +3693,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_8b( +libcrux_ml_kem_serialize_compress_then_serialize_10_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_66( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3730,7 +3720,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3785,9 +3775,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_310( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_660( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d80( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( vector); } @@ -3799,14 +3789,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_0c( +libcrux_ml_kem_serialize_compress_then_serialize_11_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_660( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -3827,10 +3817,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_8b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_ba(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3847,7 +3837,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3863,7 +3853,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_23(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3878,7 +3868,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3933,9 +3923,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_311( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_661( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d81( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( vector); } @@ -3947,14 +3937,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_38( +libcrux_ml_kem_serialize_compress_then_serialize_4_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_661( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3973,7 +3963,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4028,9 +4018,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_312( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_662( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d82( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( vector); } @@ -4042,14 +4032,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_64( +libcrux_ml_kem_serialize_compress_then_serialize_5_65( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_662( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4069,13 +4059,54 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_38(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_1e(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4092,26 +4123,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret0, false, A); +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4121,7 +4141,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4133,34 +4153,80 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a6(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_9c(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_fe(public_key->A, r_as_ntt, error_1, + u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c3( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_b7( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + libcrux_ml_kem_matrix_compute_ring_element_v_c1( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_f2( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4a( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____0, ret0, false); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 = + &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____1, copy_of_message, + randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -4173,7 +4239,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_e9( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4205,7 +4271,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4223,7 +4289,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4247,7 +4313,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4258,18 +4324,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d2( + libcrux_ml_kem_variant_kdf_d8_e9( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_d2(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_e9(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4302,10 +4368,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_3c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); } /** @@ -4319,7 +4385,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ea(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99(private_key, ciphertext, ret); } @@ -4334,7 +4400,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_96( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4377,11 +4443,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_e1( + libcrux_ml_kem_variant_entropy_preprocess_d8_96( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4392,7 +4458,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4407,20 +4473,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_d2(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_e9(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4452,14 +4518,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, copy_of_randomness); } /** @@ -4477,10 +4543,31 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_a4( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( uu____0, copy_of_randomness); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -4492,7 +4579,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_51( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4508,18 +4595,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_51( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_99(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); -} - /** A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4527,7 +4602,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_8a( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bd0( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4535,24 +4610,25 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_8a( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_8a( + libcrux_ml_kem_vector_traits_to_standard_domain_bd0( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -4570,46 +4646,140 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_6a( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_polynomial_ZERO_d6_7d(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_04(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_98(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_c1( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( + &t_as_ntt[i0], &error_as_ntt[i0]); } +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( - ret, result, + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_matrix_compute_As_plus_e_a2( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** @@ -4620,14 +4790,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -4650,7 +4820,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4668,7 +4838,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4679,7 +4849,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_fd( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -4687,20 +4857,39 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2(t_as_ntt, seed_for_a, + public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -4718,54 +4907,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_51(Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_51(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); +libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_02( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4794,7 +4949,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4859,7 +5014,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4868,13 +5023,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_51(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_2f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4883,13 +5038,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_61(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -4908,12 +5063,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_61(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); } /** @@ -4925,7 +5080,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_6c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( copy_of_randomness); } @@ -4941,7 +5096,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_72( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_1d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4952,7 +5107,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), + libcrux_ml_kem_types_as_slice_07_4f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -4986,7 +5141,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5004,7 +5159,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_95(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5028,7 +5183,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5039,18 +5194,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_3c0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_72( + libcrux_ml_kem_variant_kdf_33_1d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_1d(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5084,10 +5239,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_3c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); } /** @@ -5101,7 +5256,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ed( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( private_key, ciphertext, ret); } @@ -5116,7 +5271,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_7a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_52( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5141,11 +5296,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_7a( + libcrux_ml_kem_variant_entropy_preprocess_33_52( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5156,7 +5311,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5171,20 +5326,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_72(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_1d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5219,14 +5374,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, copy_of_randomness); } /** @@ -5244,7 +5399,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_63( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( uu____0, copy_of_randomness); } @@ -5259,74 +5414,138 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_47( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_510( - Eurydice_slice key_generation_seed) { +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_2c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_47(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_29(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_6e(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_6a(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + libcrux_ml_kem_matrix_compute_As_plus_e_a2( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_Kyber +with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_2f0( + Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_02( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_fd(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5367,7 +5586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5376,13 +5595,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_510(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_2f0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f5( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5391,13 +5610,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_610(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -5414,12 +5633,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_610(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); } /** @@ -5431,7 +5650,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_35( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( copy_of_randomness); } @@ -5451,7 +5670,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_8e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5480,10 +5699,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_8e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ea(private_key, ciphertext); } @@ -5496,29 +5715,26 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_09( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( private_key, ciphertext); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_d40( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ea( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_7d(); + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -5529,13 +5745,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_7d(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5547,10 +5759,36 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_bc( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( + public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5572,16 +5810,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_8e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_2d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( + libcrux_ml_kem_ind_cpa_serialize_public_key_02( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5603,9 +5841,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8e(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); } /** @@ -5616,10 +5854,817 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_87( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( public_key->value); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_67( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_420( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Unpacked decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.decapsulate with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c(key_pair, ciphertext, ret); +} + +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( + private_key, ciphertext, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_67( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.encapsulate with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6(uu____0, + copy_of_randomness); +} + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( + uu____0, copy_of_randomness); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_58(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_17_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + __m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + return lit; +} + +/** + Generate Unpacked Keys +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, + &out->public_key.ind_cpa_public_key); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_polynomial_clone_17_8c( + &out->public_key.ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____0; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(out->public_key.ind_cpa_public_key.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_02( + out->public_key.ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), + pk_serialized); + uint8_t uu____2[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_16( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); + memcpy(out->public_key.public_key_hash, uu____2, + (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U]); + unwrap_26_33(dst, uu____3); + memcpy(out->private_key.implicit_rejection_value, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Generate a key pair +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.generate_keypair with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05(copy_of_randomness, out); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( + copy_of_randomness, key_pair); +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.public_key_hash[0U] = 0U; + lit.public_key_hash[1U] = 0U; + lit.public_key_hash[2U] = 0U; + lit.public_key_hash[3U] = 0U; + lit.public_key_hash[4U] = 0U; + lit.public_key_hash[5U] = 0U; + lit.public_key_hash[6U] = 0U; + lit.public_key_hash[7U] = 0U; + lit.public_key_hash[8U] = 0U; + lit.public_key_hash[9U] = 0U; + lit.public_key_hash[10U] = 0U; + lit.public_key_hash[11U] = 0U; + lit.public_key_hash[12U] = 0U; + lit.public_key_hash[13U] = 0U; + lit.public_key_hash[14U] = 0U; + lit.public_key_hash[15U] = 0U; + lit.public_key_hash[16U] = 0U; + lit.public_key_hash[17U] = 0U; + lit.public_key_hash[18U] = 0U; + lit.public_key_hash[19U] = 0U; + lit.public_key_hash[20U] = 0U; + lit.public_key_hash[21U] = 0U; + lit.public_key_hash[22U] = 0U; + lit.public_key_hash[23U] = 0U; + lit.public_key_hash[24U] = 0U; + lit.public_key_hash[25U] = 0U; + lit.public_key_hash[26U] = 0U; + lit.public_key_hash[27U] = 0U; + lit.public_key_hash[28U] = 0U; + lit.public_key_hash[29U] = 0U; + lit.public_key_hash[30U] = 0U; + lit.public_key_hash[31U] = 0U; + return lit; +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked + libcrux_ml_kem_ind_cca_unpacked_default_07_c1(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.implicit_rejection_value[0U] = 0U; + uu____0.implicit_rejection_value[1U] = 0U; + uu____0.implicit_rejection_value[2U] = 0U; + uu____0.implicit_rejection_value[3U] = 0U; + uu____0.implicit_rejection_value[4U] = 0U; + uu____0.implicit_rejection_value[5U] = 0U; + uu____0.implicit_rejection_value[6U] = 0U; + uu____0.implicit_rejection_value[7U] = 0U; + uu____0.implicit_rejection_value[8U] = 0U; + uu____0.implicit_rejection_value[9U] = 0U; + uu____0.implicit_rejection_value[10U] = 0U; + uu____0.implicit_rejection_value[11U] = 0U; + uu____0.implicit_rejection_value[12U] = 0U; + uu____0.implicit_rejection_value[13U] = 0U; + uu____0.implicit_rejection_value[14U] = 0U; + uu____0.implicit_rejection_value[15U] = 0U; + uu____0.implicit_rejection_value[16U] = 0U; + uu____0.implicit_rejection_value[17U] = 0U; + uu____0.implicit_rejection_value[18U] = 0U; + uu____0.implicit_rejection_value[19U] = 0U; + uu____0.implicit_rejection_value[20U] = 0U; + uu____0.implicit_rejection_value[21U] = 0U; + uu____0.implicit_rejection_value[22U] = 0U; + uu____0.implicit_rejection_value[23U] = 0U; + uu____0.implicit_rejection_value[24U] = 0U; + uu____0.implicit_rejection_value[25U] = 0U; + uu____0.implicit_rejection_value[26U] = 0U; + uu____0.implicit_rejection_value[27U] = 0U; + uu____0.implicit_rejection_value[28U] = 0U; + uu____0.implicit_rejection_value[29U] = 0U; + uu____0.implicit_rejection_value[30U] = 0U; + uu____0.implicit_rejection_value[31U] = 0U; + return ( + CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ + .private_key = uu____0, + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_5d()}); +} + +/** + Create a new, empty unpacked key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_07_c1(); +} + +/** + Create a new, empty unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + serialized->value); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( + &self->public_key, serialized); +} + +/** + Get the serialized public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0(key_pair, + serialized); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; + lit.ind_cpa_public_key = + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f(&self->ind_cpa_public_key); + uint8_t ret[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->public_key_hash, ret, uint8_t, void *); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * +libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { + return &self->public_key; +} + +/** + Get the unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = + libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_42(key_pair)); + pk[0U] = uu____0; +} + +/** + Get the serialized public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68(public_key, + serialized); +} + +/** + Generate an unpacked key from a serialized key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash, +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( + (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); + uint8_t uu____1[32U]; + libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + uu____1); + memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____2)[3U] = + unpacked_public_key->ind_cpa_public_key.A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + ret); + libcrux_ml_kem_matrix_sample_matrix_A_34(uu____2, ret, false); + uint8_t uu____3[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_16( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_ba_91(public_key), + uint8_t), + uu____3); + memcpy(unpacked_public_key->public_key_hash, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Get the unpacked public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.unpacked.unpack_public_key with const +generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c(public_key, + unpacked_public_key); +} + +/** + Get the unpacked public key. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( + public_key, unpacked_public_key); +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h new file mode 100644 index 000000000..d612a20b5 --- /dev/null +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -0,0 +1,92 @@ +/* + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: MIT or Apache-2.0 + * + * This code was generated with the following revisions: + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + */ + +#ifndef __libcrux_mlkem768_avx2_types_H +#define __libcrux_mlkem768_avx2_types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_avx2_types_H_DEFINED +#endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 034a42c5a..5cef8c3ea 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable_types.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -101,10 +102,6 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -114,7 +111,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_30(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1039,17 +1036,17 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3); - if (!(uu____0.tag == None)) { + if (uu____0.tag == None) { + return v; + } else { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; } - continue; } - return v; } } @@ -2406,27 +2403,19 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; - /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_19(void) { +libcrux_ml_kem_polynomial_ZERO_d6_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2454,8 +2443,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fe(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_12(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -2465,10 +2454,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2490,12 +2479,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2508,7 +2497,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8d( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2517,16 +2506,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_34( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types @@ -2536,8 +2515,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bb(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -2547,7 +2526,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2572,9 +2551,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_86( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( v); } @@ -2585,10 +2564,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_59( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2597,7 +2576,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( coefficient); re.coefficients[i0] = uu____0; } @@ -2611,7 +2590,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2636,9 +2615,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_860( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( v); } @@ -2649,10 +2628,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_f3( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2661,7 +2640,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_f3( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( coefficient); re.coefficients[i0] = uu____0; } @@ -2675,9 +2654,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_59(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2692,7 +2671,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2706,12 +2685,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2725,7 +2704,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2738,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_96( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2755,7 +2734,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_38( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2775,7 +2754,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2797,7 +2776,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_0b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2819,15 +2798,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_0b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2845,21 +2825,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_22( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** @@ -2875,12 +2855,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2900,9 +2880,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ca( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_22(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2916,7 +2896,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2941,9 +2921,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_861( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( v); } @@ -2954,10 +2934,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2966,7 +2946,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_30( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( coefficient); re.coefficients[i0] = uu____0; } @@ -2980,7 +2960,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3005,9 +2985,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_862( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( v); } @@ -3018,10 +2998,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3030,7 +3010,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d9( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3044,9 +3024,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_30(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef(serialized); } /** @@ -3078,20 +3058,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_58( +libcrux_ml_kem_polynomial_ntt_multiply_d6_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3120,15 +3101,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_58( */ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_88( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3152,7 +3134,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,7 +3160,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3222,7 +3204,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3230,7 +3212,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_b1(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3243,7 +3225,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3258,7 +3240,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_da( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3275,36 +3257,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ed(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_8b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_e0(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e3(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_ea( +libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3336,21 +3319,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_72( +libcrux_ml_kem_matrix_compute_message_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_ea(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_d6_5f(v, result); return result; } @@ -3360,7 +3343,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3380,9 +3363,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_1e( +libcrux_ml_kem_vector_portable_shift_right_0d_46( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_0f(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d(v); } /** @@ -3392,10 +3375,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( +libcrux_ml_kem_vector_traits_to_unsigned_representative_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_1e(a); + libcrux_ml_kem_vector_portable_shift_right_0d_46(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3409,13 +3392,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d8( +libcrux_ml_kem_serialize_compress_then_serialize_message_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3465,20 +3448,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_83( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_5b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d8(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3492,11 +3475,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_34(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3508,7 +3491,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3556,16 +3539,38 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics - K= 3 */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + uint8_t uu____1[32U] = {0U}; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + return lit; } /** @@ -3581,10 +3586,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3600,10 +3605,7 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -3613,13 +3615,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3631,39 +3629,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( ring_element); deserialized_pk[i0] = uu____0; } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_8e( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } } /** @@ -3810,7 +3779,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3931,7 +3900,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3968,18 +3937,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_4e(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_d6_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4000,8 +3970,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_97(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( +libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4012,7 +3982,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4029,7 +3999,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4042,7 +4012,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_9b0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( copy_of_randomness, sampled_coefficients, out); } } @@ -4052,7 +4022,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_97(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_ba(copy_of_out[i]); } memcpy( ret, ret0, @@ -4066,13 +4036,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_8e(i, A_transpose[i]); - } +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], + uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4091,7 +4057,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2f(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_49(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4108,9 +4074,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_3c( } } } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } /** @@ -4126,7 +4089,7 @@ typedef struct tuple_b0_s { /** A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -4135,8 +4098,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_0a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_52(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -4228,7 +4191,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4263,7 +4226,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4274,7 +4237,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_77( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4308,7 +4271,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_77( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_4e( + return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4319,9 +4282,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_f0( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( randomness); } @@ -4331,7 +4294,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4354,20 +4317,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ca(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_98(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_05(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_38(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6d(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_0b(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_62(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); } /** @@ -4383,13 +4346,10 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } +static KRML_MUSTINLINE uint8_t +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, + uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4407,10 +4367,34 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c4(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]); + } + return domain_separator; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -4434,8 +4418,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_97(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** @@ -4451,11 +4435,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4474,7 +4458,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4526,21 +4510,22 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_f1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); +libcrux_ml_kem_matrix_compute_vector_u_closure_e7(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_aa( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4567,14 +4552,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_62( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); + result[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4595,12 +4580,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_62( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_aa(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_d6_0d(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4614,7 +4599,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_97( +libcrux_ml_kem_vector_traits_decompress_1_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4629,10 +4614,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4642,7 +4627,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_97(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_94(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4650,16 +4635,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( +libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4692,22 +4678,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_2f( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_19(); + libcrux_ml_kem_polynomial_ZERO_d6_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d1(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_7e( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( error_2, message, result); return result; } @@ -4718,7 +4704,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_53( +libcrux_ml_kem_vector_portable_compress_compress_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4741,9 +4727,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd( +libcrux_ml_kem_vector_portable_compress_0d_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_53(v); + return libcrux_ml_kem_vector_portable_compress_compress_20(v); } /** @@ -4753,15 +4739,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_43( +libcrux_ml_kem_serialize_compress_then_serialize_10_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_0c( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4779,7 +4765,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_530( +libcrux_ml_kem_vector_portable_compress_compress_200( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4802,9 +4788,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd0( +libcrux_ml_kem_vector_portable_compress_0d_0c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_530(v); + return libcrux_ml_kem_vector_portable_compress_compress_200(v); } /** @@ -4814,15 +4800,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_f7( +libcrux_ml_kem_serialize_compress_then_serialize_11_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_0c0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4845,7 +4831,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_43(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_95(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4861,7 +4847,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4890,7 +4876,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_531( +libcrux_ml_kem_vector_portable_compress_compress_201( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4913,9 +4899,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd1( +libcrux_ml_kem_vector_portable_compress_0d_0c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_531(v); + return libcrux_ml_kem_vector_portable_compress_compress_201(v); } /** @@ -4925,15 +4911,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_12( +libcrux_ml_kem_serialize_compress_then_serialize_4_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fd1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_0c1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4950,7 +4936,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_532( +libcrux_ml_kem_vector_portable_compress_compress_202( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4973,9 +4959,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fd2( +libcrux_ml_kem_vector_portable_compress_0d_0c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_532(v); + return libcrux_ml_kem_vector_portable_compress_compress_202(v); } /** @@ -4985,15 +4971,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_cb( +libcrux_ml_kem_serialize_compress_then_serialize_5_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_fd2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_portable_compress_0d_0c2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5012,13 +4998,54 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_12(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c5(re, out); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5035,26 +5062,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_60( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret0, false, A); +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5064,7 +5080,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_54( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5076,34 +5092,80 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d8(Eurydice_slice public_key, libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_63( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_62(A, r_as_ntt, error_1, u); + libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, + u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_57( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_2f( - t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + libcrux_ml_kem_matrix_compute_ring_element_v_04( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_bb( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____0, ret0, false); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____1 = + &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____1, copy_of_message, + randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -5115,7 +5177,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_97( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_a7( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5146,7 +5208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5164,7 +5226,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5188,7 +5250,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5199,18 +5261,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_97( + libcrux_ml_kem_variant_kdf_d8_a7( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_97(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_d8_a7(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5243,10 +5305,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); } /** @@ -5259,7 +5321,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b0( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( private_key, ciphertext, ret); } @@ -5273,7 +5335,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b0( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5314,11 +5376,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_2b( + libcrux_ml_kem_variant_entropy_preprocess_d8_b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5329,7 +5391,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5344,20 +5406,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_97(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_a7(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5388,14 +5450,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); } /** @@ -5412,10 +5474,30 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_80( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( uu____0, copy_of_randomness); } +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + return lit; +} + /** This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} @@ -5426,7 +5508,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5442,17 +5524,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a( memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); -} - /** A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5460,7 +5531,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_97( +libcrux_ml_kem_vector_traits_to_standard_domain_bd( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5468,16 +5539,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_97( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( +libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5485,7 +5557,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_97( + libcrux_ml_kem_vector_traits_to_standard_domain_bd( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5504,46 +5576,139 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + libcrux_ml_kem_polynomial_ZERO_d6_19(); + t_as_ntt[i0] = uu____0; + for (size_t i1 = (size_t)0U; + i1 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + i1++) { + size_t j = i1; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_58(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_88(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_82( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( + &t_as_ntt[i0], &error_as_ntt[i0]); } +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { + uint8_t hashed[64U]; + libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, + prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + uu____2, copy_of_prf_input0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( - ret, result, + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_matrix_compute_As_plus_e_00( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** @@ -5553,14 +5718,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_5d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_08( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5582,7 +5747,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5600,7 +5765,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_47(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5611,27 +5776,45 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_6c( Concatenate `t` and `ρ` into the public key. */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(t_as_ntt, ret0); + Eurydice_slice seed_for_a, uint8_t *serialized) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, + (size_t)1152U, uint8_t); + uint8_t ret[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(t_as_ntt, ret); Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), + Eurydice_array_to_subslice_from((size_t)1184U, serialized, (size_t)1152U, + uint8_t, size_t), seed_for_a, uint8_t); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46(t_as_ntt, seed_for_a, + public_key_serialized); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5648,55 +5831,21 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_02(Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0a(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, - secret_key_serialized); +libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + key_generation_seed, &private_key, &public_key); + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, + secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5723,7 +5872,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5787,7 +5936,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5796,13 +5945,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_02(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_52(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5811,13 +5960,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d4(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -5836,12 +5985,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d4(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); } /** @@ -5852,7 +6001,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_63( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( copy_of_randomness); } @@ -5867,7 +6016,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e0( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5878,7 +6027,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_bc( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_aa(ciphertext), + libcrux_ml_kem_types_as_slice_07_4f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5911,7 +6060,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5929,7 +6078,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5953,7 +6102,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5964,18 +6113,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_bc( + libcrux_ml_kem_variant_kdf_33_e0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_bc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_variant_kdf_33_e0(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_cf(ciphertext), + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6009,10 +6158,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); } /** @@ -6025,7 +6174,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_46( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( private_key, ciphertext, ret); } @@ -6039,7 +6188,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_38( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c0( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6063,11 +6212,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_38( + libcrux_ml_kem_variant_entropy_preprocess_33_c0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6078,7 +6227,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_00(public_key), + libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6093,20 +6242,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_00(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d8(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_e5(copy_of_ciphertext); + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_bc(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_e0(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6141,14 +6290,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); } /** @@ -6165,7 +6314,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f5( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( uu____0, copy_of_randomness); } @@ -6179,73 +6328,136 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c8( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], libcrux_ml_kem_variant_Kyber with const generics - K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_020( - Eurydice_slice key_generation_seed) { +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( + Eurydice_slice key_generation_seed, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_9c(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_c8(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_A = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = + public_key->A; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_421(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_3c(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____2 = + private_key->secret_as_ntt; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; + uint8_t domain_separator = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ce(copy_of_prf_input, - domain_separator) + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_c8(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + libcrux_ml_kem_matrix_compute_As_plus_e_00( + public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, + error_as_ntt); + uint8_t uu____5[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + unwrap_26_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_Kyber with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_520( + Eurydice_slice key_generation_seed) { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( + key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( - t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_6c(secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6285,7 +6497,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6294,13 +6506,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_020(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_520(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_5a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6309,13 +6521,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_d40(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_9d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_f6( - uu____2, libcrux_ml_kem_types_from_b6_8c(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_8b( + uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); } /** @@ -6331,12 +6543,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d40(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); } /** @@ -6348,7 +6560,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_8d( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( copy_of_randomness); } @@ -6367,7 +6579,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6395,10 +6607,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_2f(private_key, ciphertext); } @@ -6410,28 +6622,26 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_58( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( private_key, ciphertext); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with +types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const +generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_fc0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_5a( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_19(); + return libcrux_ml_kem_polynomial_ZERO_d6_19(); } /** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. + See [deserialize_ring_elements_reduced_out]. */ /** A monomorphic instance of @@ -6441,13 +6651,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_19(); - } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6459,10 +6665,35 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5e( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( ring_element); deserialized_pk[i0] = uu____0; } +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( + public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6483,16 +6714,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_45( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_600( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5d( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6513,9 +6744,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_45(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_e3(public_key); } /** @@ -6525,10 +6756,799 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_ec( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( public_key->value); } +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_07( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_420( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Unpacked decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.decapsulate with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a(key_pair, ciphertext, ret); +} + +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( + private_key, ciphertext, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_07( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.encapsulate with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_28(uu____0, + copy_of_randomness); +} + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = + public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( + uu____0, copy_of_randomness); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure.closure with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_12(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_d6_19(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair.closure with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 +libcrux_ml_kem_polynomial_clone_17_19( + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; + libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); + return lit; +} + +/** + Generate Unpacked Keys +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, + &out->public_key.ind_cpa_public_key); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + libcrux_ml_kem_polynomial_clone_17_19( + &out->public_key.ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____0; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + memcpy(out->public_key.ind_cpa_public_key.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + out->public_key.ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice( + (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), + pk_serialized); + uint8_t uu____2[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_c6( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); + memcpy(out->public_key.public_key_hash, uu____2, + (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, + uint8_t[32U]); + unwrap_26_33(dst, uu____3); + memcpy(out->private_key.implicit_rejection_value, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Generate a key pair +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.generate_keypair with +const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39(copy_of_randomness, out); +} + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( + uint8_t randomness[64U], + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + *key_pair) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( + copy_of_randomness, key_pair); +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.public_key_hash[0U] = 0U; + lit.public_key_hash[1U] = 0U; + lit.public_key_hash[2U] = 0U; + lit.public_key_hash[3U] = 0U; + lit.public_key_hash[4U] = 0U; + lit.public_key_hash[5U] = 0U; + lit.public_key_hash[6U] = 0U; + lit.public_key_hash[7U] = 0U; + lit.public_key_hash[8U] = 0U; + lit.public_key_hash[9U] = 0U; + lit.public_key_hash[10U] = 0U; + lit.public_key_hash[11U] = 0U; + lit.public_key_hash[12U] = 0U; + lit.public_key_hash[13U] = 0U; + lit.public_key_hash[14U] = 0U; + lit.public_key_hash[15U] = 0U; + lit.public_key_hash[16U] = 0U; + lit.public_key_hash[17U] = 0U; + lit.public_key_hash[18U] = 0U; + lit.public_key_hash[19U] = 0U; + lit.public_key_hash[20U] = 0U; + lit.public_key_hash[21U] = 0U; + lit.public_key_hash[22U] = 0U; + lit.public_key_hash[23U] = 0U; + lit.public_key_hash[24U] = 0U; + lit.public_key_hash[25U] = 0U; + lit.public_key_hash[26U] = 0U; + lit.public_key_hash[27U] = 0U; + lit.public_key_hash[28U] = 0U; + lit.public_key_hash[29U] = 0U; + lit.public_key_hash[30U] = 0U; + lit.public_key_hash[31U] = 0U; + return lit; +} + +/** +This function found in impl {(core::default::Default for +libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked + libcrux_ml_kem_ind_cca_unpacked_default_07_3d(void) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.implicit_rejection_value[0U] = 0U; + uu____0.implicit_rejection_value[1U] = 0U; + uu____0.implicit_rejection_value[2U] = 0U; + uu____0.implicit_rejection_value[3U] = 0U; + uu____0.implicit_rejection_value[4U] = 0U; + uu____0.implicit_rejection_value[5U] = 0U; + uu____0.implicit_rejection_value[6U] = 0U; + uu____0.implicit_rejection_value[7U] = 0U; + uu____0.implicit_rejection_value[8U] = 0U; + uu____0.implicit_rejection_value[9U] = 0U; + uu____0.implicit_rejection_value[10U] = 0U; + uu____0.implicit_rejection_value[11U] = 0U; + uu____0.implicit_rejection_value[12U] = 0U; + uu____0.implicit_rejection_value[13U] = 0U; + uu____0.implicit_rejection_value[14U] = 0U; + uu____0.implicit_rejection_value[15U] = 0U; + uu____0.implicit_rejection_value[16U] = 0U; + uu____0.implicit_rejection_value[17U] = 0U; + uu____0.implicit_rejection_value[18U] = 0U; + uu____0.implicit_rejection_value[19U] = 0U; + uu____0.implicit_rejection_value[20U] = 0U; + uu____0.implicit_rejection_value[21U] = 0U; + uu____0.implicit_rejection_value[22U] = 0U; + uu____0.implicit_rejection_value[23U] = 0U; + uu____0.implicit_rejection_value[24U] = 0U; + uu____0.implicit_rejection_value[25U] = 0U; + uu____0.implicit_rejection_value[26U] = 0U; + uu____0.implicit_rejection_value[27U] = 0U; + uu____0.implicit_rejection_value[28U] = 0U; + uu____0.implicit_rejection_value[29U] = 0U; + uu____0.implicit_rejection_value[30U] = 0U; + uu____0.implicit_rejection_value[31U] = 0U; + return (CLITERAL( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ + .private_key = uu____0, + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_4f()}); +} + +/** + Create a new, empty unpacked key. +*/ +static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked +libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_07_3d(); +} + +/** + Create a new, empty unpacked public key. +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { + return libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( + self->ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, + uint8_t), + serialized->value); +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( + &self->public_key, serialized); +} + +/** + Get the serialized public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, + serialized); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->t_as_ntt, uu____0, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, void *); + uint8_t uu____1[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->seed_for_A, uu____1, uint8_t, void *); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; + memcpy( + lit.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3U, self->A, ret, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], void *); + memcpy(lit.A, ret, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + return lit; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 +libcrux_ml_kem_ind_cca_unpacked_clone_28_23( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; + lit.ind_cpa_public_key = + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78(&self->ind_cpa_public_key); + uint8_t ret[32U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)32U, self->public_key_hash, ret, uint8_t, void *); + memcpy(lit.public_key_hash, ret, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Get the serialized public key. +*/ +/** +This function found in impl +{libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * +libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { + return &self->public_key; +} + +/** + Get the unpacked public key. +*/ +static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = + libcrux_ml_kem_ind_cca_unpacked_clone_28_23( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a(key_pair)); + pk[0U] = uu____0; +} + +/** + Get the serialized public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, + libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5(public_key, + serialized); +} + +/** + Generate an unpacked key from a serialized key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.unpack_public_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( + (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); + uint8_t uu____1[32U]; + libcrux_ml_kem_utils_into_padded_array_423( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + uu____1); + memcpy(unpacked_public_key->ind_cpa_public_key.seed_for_A, uu____1, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____2)[3U] = + unpacked_public_key->ind_cpa_public_key.A; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_421( + Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, + (size_t)1152U, uint8_t, size_t), + ret); + libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____2, ret, false); + uint8_t uu____3[32U]; + libcrux_ml_kem_hash_functions_portable_H_f1_c6( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_ba_91(public_key), + uint8_t), + uu____3); + memcpy(unpacked_public_key->public_key_hash, uu____3, + (size_t)32U * sizeof(uint8_t)); +} + +/** + Get the unpacked public key. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.portable.unpacked.unpack_public_key with +const generics +- K= 3 +- T_AS_NTT_ENCODED_SIZE= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static inline void +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(public_key, + unpacked_public_key); +} + +/** + Get the unpacked public key. +*/ +static inline void +libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + *unpacked_public_key) { + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( + public_key, unpacked_public_key); +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h new file mode 100644 index 000000000..d70f1bc80 --- /dev/null +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -0,0 +1,95 @@ +/* + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: MIT or Apache-2.0 + * + * This code was generated with the following revisions: + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + */ + +#ifndef __libcrux_mlkem768_portable_types_H +#define __libcrux_mlkem768_portable_types_H + +#if defined(__cplusplus) +extern "C" { +#endif + +#include "eurydice_glue.h" + +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; + +#if defined(__cplusplus) +} +#endif + +#define __libcrux_mlkem768_portable_types_H_DEFINED +#endif diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 24805a174..a65942828 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_71(void) { +libcrux_sha3_generic_keccak_new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_71(); + libcrux_sha3_generic_keccak_new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_71(); + return libcrux_sha3_generic_keccak_new_89_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 564fcb92e..fa18dd7da 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 99498eed461fa03566e0382b445c77bd2af5b59d + * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/cg/tests/mlkem768.cc b/libcrux-ml-kem/cg/tests/mlkem768.cc index e8a333d6c..947171f58 100644 --- a/libcrux-ml-kem/cg/tests/mlkem768.cc +++ b/libcrux-ml-kem/cg/tests/mlkem768.cc @@ -98,6 +98,32 @@ TEST(MlKem768TestPortable, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +TEST(MlKem768TestPortableUnpacked, ConsistencyTest) +{ + uint8_t keygen_randomness[64]; + for (int i = 0; i < 64; i++) + { + keygen_randomness[i] = 13; + } + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(keygen_randomness, &key_pair); + + uint8_t encap_randomness[32]; + for (int i = 0; i < 32; i++) + { + encap_randomness[i] = 15; + } + auto ctxt = libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(&key_pair.public_key, encap_randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + TEST(Kyber768TestPortable, ModifiedCiphertextTest) { uint8_t randomness[64]; @@ -232,6 +258,32 @@ TEST(MlKem768TestAvx2, ConsistencyTest) LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); } +TEST(MlKem768TestAvx2Unpacked, ConsistencyTest) +{ + uint8_t keygen_randomness[64]; + for (int i = 0; i < 64; i++) + { + keygen_randomness[i] = 13; + } + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked key_pair = libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair() ; + libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(keygen_randomness, &key_pair); + + uint8_t encap_randomness[32]; + for (int i = 0; i < 32; i++) + { + encap_randomness[i] = 15; + } + auto ctxt = libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(&key_pair.public_key, encap_randomness); + + uint8_t sharedSecret2[LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE]; + libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(&key_pair, &ctxt.fst, sharedSecret2); + + EXPECT_EQ(0, + memcmp(ctxt.snd, + sharedSecret2, + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE)); +} + TEST(Kyber768TestAvx2, ModifiedCiphertextTest) { uint8_t randomness[64]; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst new file mode 100644 index 000000000..cecdf9ad1 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti new file mode 100644 index 000000000..609428969 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -0,0 +1,56 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Avx2 in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 12985ff96..9f5044e59 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -11,17 +11,17 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Variant.t_MlKem public_key randomness + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key + ciphertext let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -46,6 +46,18 @@ let decapsulate #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + #Libcrux_ml_kem.Variant.t_MlKem public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index cdab1e25f..c87425a91 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -11,14 +11,12 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Portable public key validation val validate_public_key @@ -34,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst new file mode 100644 index 000000000..91614ab24 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti new file mode 100644 index 000000000..e602961e3 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -0,0 +1,60 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Neon in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 30dbbeab8..b9ce4c8b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -11,18 +11,17 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key - randomness + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + private_key + ciphertext let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -48,6 +47,19 @@ let decapsulate #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key + randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index a1f27b1ab..566639b4a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -11,14 +11,12 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Portable public key validation val validate_public_key @@ -34,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst new file mode 100644 index 000000000..3d5ed41ba --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -0,0 +1,89 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K + v_T_AS_NTT_ENCODED_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) key_pair ciphertext + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, out:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE + v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness out + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti new file mode 100644 index 000000000..ef16fb9d1 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -0,0 +1,60 @@ +module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions.Portable in + let open Libcrux_ml_kem.Vector.Portable in + () + +/// Unpacked encapsulate +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Unpacked decapsulate +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate a key pair +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (randomness: t_Array u8 (sz 64)) + (out: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 1c7e37cca..3ec3de8dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -11,18 +11,17 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem - public_key randomness + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + private_key + ciphertext let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -48,6 +47,19 @@ let decapsulate #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR + v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 1ea820a62..5b75149d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -11,14 +11,12 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Portable public key validation val validate_public_key @@ -34,6 +32,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Portable generate key pair. val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 1f6aadbe3..f945524c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -3,53 +3,25 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE - v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + private_key + ciphertext let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -79,6 +51,31 @@ let decapsulate v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE private_key ciphertext +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE + v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE public_key randomness + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 32b735bc8..8323134a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -3,14 +3,11 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -24,6 +21,15 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst new file mode 100644 index 000000000..d06fe9daa --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -0,0 +1,626 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +let impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) + #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + <: + t_Array u8 v_PUBLIC_KEY_SIZE) + +let impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = + { + serialized with + Libcrux_ml_kem.Types.f_value + = + Libcrux_ml_kem.Ind_cpa.serialize_public_key_mut v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + serialized.Libcrux_ml_kem.Types.f_value + } + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE + in + serialized + +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + public_key.f_ind_cpa_public_key randomness pseudorandomness + in + let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let shared_secret_array:t_Array u8 (sz 32) = + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret + in + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext, + shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Libcrux_ml_kem.Utils.into_padded_array (sz 32) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + unpacked_public_key + +let impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_private_key + +let impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_public_key + +let impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented" + <: + Rust_primitives.Hax.t_Never) + +let impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + impl__serialized_public_key v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + +let impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let hax_temp_output, serialized:(Prims.unit & + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = + (), + impl__serialized_public_key_mut v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + in + serialized + +let impl_2__new + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (_: Prims.unit) + = + Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve () + +let decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let decrypted:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector + key_pair.f_private_key.f_ind_cpa_private_key + ciphertext.Libcrux_ml_kem.Types.f_value + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + in + let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + <: + t_Slice u8) + in + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (sz 32) + (to_hash <: t_Slice u8) + in + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness + in + let selector:u8 = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext + v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + in + Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (implicit_rejection_shared_secret <: t_Slice u8) + selector + +let generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + ind_cpa_keypair_randomness + out.f_private_key.f_ind_cpa_private_key + out.f_public_key.f_ind_cpa_public_key + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { out.f_private_key with f_ind_cpa_private_key = tmp0 } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { out.f_public_key with f_ind_cpa_public_key = tmp1 } <: t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let _:Prims.unit = () in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A i -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let i:usize = i in + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) + v_A + (fun v_A j -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let j:usize = j in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + j + (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + #FStar.Tactics.Typeclasses.solve + ((out.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K).[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_ind_cpa_public_key + = + { out.f_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + <: + t_Slice u8) + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (pk_serialized <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { + out.f_private_key with + f_implicit_rejection_value + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti new file mode 100644 index 000000000..fbd5de788 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -0,0 +1,224 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPrivateKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector; + f_implicit_rejection_value:t_Array u8 (sz 32) +} + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector; + f_public_key_hash:t_Array u8 (sz 32) +} + +/// Get the serialized public key. +val impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_ind_cpa_public_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + +val encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate an unpacked key from a serialized key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + {| i2: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// An unpacked ML-KEM KeyPair +type t_MlKemKeyPairUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector +} + +/// Get the serialized public key. +val impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPrivateKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemKeyPairUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_private_key + = + { + f_ind_cpa_private_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key + = + Core.Default.f_default #(t_MlKemPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + } + +/// Create a new empty unpacked key pair. +val impl_2__new: + v_K: usize -> + #v_Vector: Type0 -> + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> + Prims.unit + -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate Unpacked Keys +val generate_keypair + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 29d2222df..b8a238385 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -133,7 +133,7 @@ let validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced_out v_PUBLIC_KEY_SIZE v_K #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -156,86 +156,37 @@ let validate_public_key in public_key =. public_key_serialized -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: + i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (randomness: t_Array u8 (sz 32)) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let randomness:t_Array u8 (sz 32) = - Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme + let t:t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K #FStar.Tactics.Typeclasses.solve - v_K - #v_Hasher - (randomness <: t_Slice u8) - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) - <: - t_Slice u8) + (private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = sz 384 *! v_K <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 32 <: usize + } + <: + Core.Ops.Range.t_Range usize ] <: t_Slice u8) in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness - pseudorandomness - in - let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = - Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Array u8 v_CIPHERTEXT_SIZE) - #FStar.Tactics.Typeclasses.solve - ciphertext - in - let shared_secret_array:t_Array u8 (sz 32) = - Libcrux_ml_kem.Variant.f_kdf #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - v_CIPHERTEXT_SIZE - #v_Hasher - shared_secret - ciphertext + let expected:t_Slice u8 = + private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = (sz 768 *! v_K <: usize) +! sz 32 <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 64 <: usize + } + <: + Core.Ops.Range.t_Range usize ] in - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + t =. expected let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -368,6 +319,87 @@ let decapsulate (shared_secret <: t_Slice u8) (implicit_rejection_shared_secret <: t_Slice u8) +let encapsulate + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (randomness: t_Array u8 (sz 32)) + = + let randomness:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher + (randomness <: t_Slice u8) + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + <: + t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + (Libcrux_ml_kem.Types.impl_21__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness + in + let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext + in + let shared_secret_array:t_Array u8 (sz 32) = + Libcrux_ml_kem.Variant.f_kdf #v_Scheme + #FStar.Tactics.Typeclasses.solve + v_K + v_CIPHERTEXT_SIZE + #v_Hasher + shared_secret + ciphertext + in + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 5815d4a85..5d53cee40 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -28,6 +28,10 @@ val serialize_kem_secret_key (private_key public_key implicit_rejection_value: t_Slice u8) : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) +/// Validate an ML-KEM public key. +/// This implements the Modulus check in 7.2 2. +/// Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the +/// `public_key` type. val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) @@ -35,6 +39,29 @@ val validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// Validate an ML-KEM private key. +/// This implements the Hash check in 7.3 3. +/// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` +/// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -48,17 +75,6 @@ val encapsulate Prims.l_True (fun _ -> Prims.l_True) -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - /// Packed API /// Generate a key pair. /// Depending on the `Vector` and `Hasher` used, this requires different hardware diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 0211568dc..11603e5ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -13,3 +13,76 @@ let _ = type t_IndCpaPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPrivateKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_secret_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + } + <: + t_IndCpaPrivateKeyUnpacked v_K v_Vector + } + +/// An unpacked ML-KEM IND-CPA Private Key +type t_IndCpaPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; + f_seed_for_A:t_Array u8 (sz 32); + f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_t_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K; + f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32); + f_A + = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl__ZERO + #v_Vector + () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + } + <: + t_IndCpaPublicKeyUnpacked v_K v_Vector + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index f9cd4aa5c..e905c5190 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -34,14 +35,12 @@ let sample_ring_element_cbd in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -69,14 +68,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -106,28 +105,18 @@ let sample_vector_cbd_then_ntt (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) = - let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -155,14 +144,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -188,6 +177,44 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in + let hax_temp_output:u8 = domain_separator in + re_as_ntt, hax_temp_output + <: + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + +let sample_vector_cbd_then_ntt_out + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + = + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA + v_ETA_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + re_as_ntt + prf_input + domain_separator + in + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = tmp0 in + let domain_separator:u8 = out in re_as_ntt, domain_separator <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -202,28 +229,11 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Rust_primitives.Hax.Folds.fold_enumerated_slice input + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -280,26 +290,20 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (ciphertext <: t_Slice u8) - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + usize) + (ciphertext <: t_Slice u8) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -328,125 +332,6 @@ let deserialize_then_decompress_u in u_as_ntt -let encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - = - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE - v_K - #v_Vector - (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeTo usize ] - <: - t_Slice u8) - in - let seed:t_Slice u8 = - public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) - false - in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness - in - let r_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy - in - let error_1_, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_ring_element_cbd v_K - v_ETA2_RANDOMNESS_SIZE - v_ETA2 - #v_Vector - #v_Hasher - prf_input - domain_separator - in - let prf_input:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator - in - let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - v_ETA2_RANDOMNESS_SIZE - (prf_input <: t_Slice u8) - in - let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 - #v_Vector - (prf_output <: t_Slice u8) - in - let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_vector_u v_K #v_Vector v_A r_as_ntt error_1_ - in - let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message - in - let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Matrix.compute_ring_element_v v_K - #v_Vector - tt_as_ntt - r_as_ntt - error_2_ - message_as_ring_element - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize) - (compress_then_serialize_u v_K - v_C1_LEN - v_U_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - u - (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext - ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) - (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR - v_C2_LEN - #v_Vector - v - (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - <: - t_Slice u8) - in - ciphertext - let deserialize_secret_key (v_K: usize) (#v_Vector: Type0) @@ -465,20 +350,15 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -507,24 +387,11 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice key + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in @@ -567,7 +434,7 @@ let serialize_secret_key in out -let serialize_public_key +let serialize_public_key_mut (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -575,17 +442,15 @@ let serialize_public_key Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) = - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE - in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -599,13 +464,13 @@ let serialize_public_key <: t_Slice u8) in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from serialized ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } + (serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -614,84 +479,30 @@ let serialize_public_key <: t_Slice u8) in - public_key_serialized + serialized -let generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) +let serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) - (key_generation_seed: t_Slice u8) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) = - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme - #FStar.Tactics.Typeclasses.solve - v_K - #v_Hasher - key_generation_seed - in - let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) - in - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) - true - in - let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = - Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error - in - let secret_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy - in - let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 - ) = - sample_vector_cbd_then_ntt v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - prf_input - domain_separator - in - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector v_A_transpose secret_as_ntt error_as_ntt - in - let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_A - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - serialize_public_key v_K + serialize_public_key_mut v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector tt_as_ntt - (seed_for_A <: t_Slice u8) + seed_for_a + public_key_serialized in - let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = - serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector secret_as_ntt - in - secret_key_serialized, public_key_serialized - <: - (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + public_key_serialized let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: @@ -750,3 +561,331 @@ let decrypt #v_Vector secret_key_unpacked ciphertext + +let encrypt_unpacked + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + = + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) randomness + in + let r_as_ntt, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + 0uy + in + let error_1_, domain_separator:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + sample_ring_element_cbd v_K + v_ETA2_RANDOMNESS_SIZE + v_ETA2 + #v_Vector + #v_Hasher + prf_input + domain_separator + in + let prf_input:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_input (sz 32) domain_separator + in + let (prf_output: t_Array u8 v_ETA2_RANDOMNESS_SIZE):t_Array u8 v_ETA2_RANDOMNESS_SIZE = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + v_ETA2_RANDOMNESS_SIZE + (prf_input <: t_Slice u8) + in + let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 + #v_Vector + (prf_output <: t_Slice u8) + in + let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Libcrux_ml_kem.Matrix.compute_vector_u v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + r_as_ntt + error_1_ + in + let message_as_ring_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Serialize.deserialize_then_decompress_message #v_Vector message + in + let v:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + Libcrux_ml_kem.Matrix.compute_ring_element_v v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + r_as_ntt + error_2_ + message_as_ring_element + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Rust_primitives.Hax.repeat 0uy v_CIPHERTEXT_SIZE in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range ciphertext + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize) + (compress_then_serialize_u v_K + v_C1_LEN + v_U_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + u + (ciphertext.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_C1_LEN } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from ciphertext + ({ Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_v v_V_COMPRESSION_FACTOR + v_C2_LEN + #v_Vector + v + (ciphertext.[ { Core.Ops.Range.f_start = v_C1_LEN } <: Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Slice u8) + in + ciphertext + +let encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + = + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE + v_K + #v_Vector + (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let seed:t_Slice u8 = + public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN + v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness + +let generate_keypair_unpacked + (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + = + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Variant.f_cpa_keygen_seed #Libcrux_ml_kem.Variant.t_MlKem + #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher + key_generation_seed + in + let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + true + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = + Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error + in + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + prf_input + 0uy + in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + in + let domain_separator:u8 = out in + let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 + ) = + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + domain_separator + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + error_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_A + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + private_key, public_key + <: + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + +let generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) + (key_generation_seed: t_Slice u8) + = + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + ) + #FStar.Tactics.Typeclasses.solve + () + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + key_generation_seed + private_key + public_key + in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = tmp0 in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = tmp1 in + let _:Prims.unit = () in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + in + let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = + serialize_secret_key v_K + v_PRIVATE_KEY_SIZE + #v_Vector + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + in + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 6aa9de813..90653fb7b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -26,6 +27,18 @@ val sample_ring_element_cbd /// Sample a vector of ring elements from a centered binomial distribution and /// convert them into their NTT representations. val sample_vector_cbd_then_ntt + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +val sample_vector_cbd_then_ntt_out (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -56,17 +69,6 @@ val deserialize_then_decompress_u Prims.l_True (fun _ -> Prims.l_True) -val encrypt - (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: t_Slice u8) - (message: t_Array u8 (sz 32)) - (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) - /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. val deserialize_secret_key (v_K: usize) @@ -86,25 +88,23 @@ val serialize_secret_key : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) /// Concatenate `t` and `ρ` into the public key. -val serialize_public_key +val serialize_public_key_mut (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) -val generate_keypair - (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher #v_Scheme: Type0) - {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} - (key_generation_seed: t_Slice u8) - : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) +/// Concatenate `t` and `ρ` into the public key. +val serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. @@ -141,3 +141,119 @@ val decrypt (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// This function implements Algorithm 13 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. +/// Algorithm 13 is reproduced below: +/// ```plaintext +/// Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. +/// Input: message m ∈ 𝔹^{32}. +/// Input: encryption randomness r ∈ 𝔹^{32}. +/// Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. +/// N ← 0 +/// t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) +/// ρ ← ekₚₖₑ[384k: 384k + 32] +/// for (i ← 0; i < k; i++) +/// for(j ← 0; j < k; j++) +/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) +/// end for +/// end for +/// for(i ← 0; i < k; i++) +/// r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) +/// N ← N + 1 +/// end for +/// for(i ← 0; i < k; i++) +/// e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) +/// N ← N + 1 +/// end for +/// e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) +/// r̂ ← NTT(r) +/// u ← NTT-¹(Âᵀ ◦ r̂) + e₁ +/// μ ← Decompress₁(ByteDecode₁(m))) +/// v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ +/// c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) +/// c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) +/// return c ← (c₁ ‖ c₂) +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val encrypt_unpacked + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +val encrypt + (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_Slice u8) + (message: t_Array u8 (sz 32)) + (randomness: t_Slice u8) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + +/// This function implements most of Algorithm 12 of the +/// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. +/// We say "most of" since Algorithm 12 samples the required randomness within +/// the function itself, whereas this implementation expects it to be provided +/// through the `key_generation_seed` parameter. +/// Algorithm 12 is reproduced below: +/// ```plaintext +/// Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. +/// Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. +/// d ←$ B +/// (ρ,σ) ← G(d) +/// N ← 0 +/// for (i ← 0; i < k; i++) +/// for(j ← 0; j < k; j++) +/// Â[i,j] ← SampleNTT(XOF(ρ, i, j)) +/// end for +/// end for +/// for(i ← 0; i < k; i++) +/// s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) +/// N ← N + 1 +/// end for +/// for(i ← 0; i < k; i++) +/// e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) +/// N ← N + 1 +/// end for +/// ŝ ← NTT(s) +/// ê ← NTT(e) +/// t̂ ← Â◦ŝ + ê +/// ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ +/// dkₚₖₑ ← ByteEncode₁₂(ŝ) +/// ``` +/// The NIST FIPS 203 standard can be found at +/// . +val generate_keypair_unpacked + (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +val generate_keypair + (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} + (key_generation_seed: t_Slice u8) + : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..c8c456676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 0dc329562..1c0bd1278 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -16,83 +16,54 @@ let compute_As_plus_e (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt + in + let _:usize = temp_1_ in + true) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt in let i, row:(usize & t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = temp_1_ in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Folds.fold_enumerated_slice (row + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt + in + let _:usize = temp_1_ in + true) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + tt_as_ntt in let j, matrix_element:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = @@ -103,33 +74,34 @@ let compute_As_plus_e matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K - (result.[ i ] + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) product <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce #v_Vector - (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - result + let hax_temp_output:Prims.unit = () <: Prims.unit in + tt_as_ntt let compute_ring_element_v (v_K: usize) @@ -144,14 +116,12 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -194,30 +164,15 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -228,29 +183,16 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -317,14 +259,12 @@ let compute_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -356,35 +296,22 @@ let sample_matrix_A (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) = let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Rust_primitives.Hax.Folds.fold_range (sz 0) v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -394,14 +321,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -433,28 +358,14 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array @@ -498,4 +409,5 @@ let sample_matrix_A in v_A_transpose)) in + let hax_temp_output:Prims.unit = () <: Prims.unit in v_A_transpose diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index dce9ae911..78dea4243 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -15,6 +15,7 @@ val compute_As_plus_e (v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: @@ -66,6 +67,8 @@ val sample_matrix_A (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) : Prims.Pure diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst new file mode 100644 index 000000000..ca698a11d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti new file mode 100644 index 000000000..98114aa20 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -0,0 +1,86 @@ +module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index 92d239a86..a7e01533b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) @@ -33,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 2328c8d2a..24fb25cc9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst new file mode 100644 index 000000000..3b74c3b27 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti new file mode 100644 index 000000000..46f643f14 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -0,0 +1,94 @@ +module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 45a07df21..e89c0a92f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) @@ -33,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 5911a2ae3..32080b0df 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst new file mode 100644 index 000000000..b77d33651 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -0,0 +1,108 @@ +module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1536) + (sz 1568) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 4) + (sz 1536) + (sz 1536) + (sz 1568) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) + (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1600) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, key_pair:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + key_pair + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti new file mode 100644 index 000000000..fdc651118 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -0,0 +1,94 @@ +module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 1024 (unpacked) +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: +/// +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 1024 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] +/// and an [`MlKem1024Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index c28c2c857..326b30645 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) - (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) @@ -33,6 +27,13 @@ let decapsulate (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) + (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index c28386f94..4ba09a9a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst new file mode 100644 index 000000000..363d3888a --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst @@ -0,0 +1,51 @@ +module Libcrux_ml_kem.Mlkem1024.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem1024.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = + Libcrux_ml_kem.Mlkem1024.generate_key_pair randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti new file mode 100644 index 000000000..a6890b7d0 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem1024.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 1024 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem1024KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index efef5d867..6137197ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) @@ -33,6 +27,13 @@ let decapsulate (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) (sz 1536) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 698f0b9ef..e62e15b56 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -62,23 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. @@ -88,6 +82,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 1024 +/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 1024 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst new file mode 100644 index 000000000..6fc3cda34 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -0,0 +1,104 @@ +module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti new file mode 100644 index 000000000..cd0cb965f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -0,0 +1,84 @@ +module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 38bf6188b..f58c71977 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,25 +3,21 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) @@ -31,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 807f211cc..5b846dc53 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst new file mode 100644 index 000000000..273041027 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -0,0 +1,104 @@ +module Libcrux_ml_kem.Mlkem512.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) + (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) + (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti new file mode 100644 index 000000000..40ecdcc8d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -0,0 +1,92 @@ +module Libcrux_ml_kem.Mlkem512.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 4299e04c3..5e88a7193 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,25 +3,21 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) @@ -31,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 0c02c89fd..f737bc363 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst new file mode 100644 index 000000000..54eb129c9 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -0,0 +1,105 @@ +module Libcrux_ml_kem.Mlkem512.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + = + let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + (), + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 768) + (sz 800) + public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 2) + (sz 768) + (sz 768) + (sz 800) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) + (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) + (sz 128) (sz 800) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti new file mode 100644 index 000000000..2aee55d13 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -0,0 +1,92 @@ +module Libcrux_ml_kem.Mlkem512.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 512 (unpacked) +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 512 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] +/// and an [`MlKem512Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair in "unpacked" form +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 7a9d84fb6..47ebe2fe6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,25 +3,21 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) @@ -31,6 +27,13 @@ let decapsulate (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) + (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index a119efa43..277ef3588 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst new file mode 100644 index 000000000..e0359272f --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst @@ -0,0 +1,49 @@ +module Libcrux_ml_kem.Mlkem512.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem512.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = + Libcrux_ml_kem.Mlkem512.generate_key_pair randomness + in + rng, hax_temp_output <: (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti new file mode 100644 index 000000000..95ba62654 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem512.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 512 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem512KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index e5628c836..4898aaa26 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,25 +3,21 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) @@ -31,6 +27,13 @@ let decapsulate (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) (sz 768) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index d2fb363c4..9031c5873 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -62,23 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. @@ -88,6 +82,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 512 +/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 512 Key Pair /// The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst new file mode 100644 index 000000000..1a75cf7bf --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -0,0 +1,140 @@ +module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti new file mode 100644 index 000000000..4d8df4bc3 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -0,0 +1,106 @@ +module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Avx2 in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index 306e91697..a57fd2b32 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) @@ -33,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 9a3179c1c..316f123b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst new file mode 100644 index 000000000..1b1c3736e --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -0,0 +1,141 @@ +module Libcrux_ml_kem.Mlkem768.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Neon.Vector_type in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti new file mode 100644 index 000000000..3c76dc76c --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -0,0 +1,117 @@ +module Libcrux_ml_kem.Mlkem768.Neon.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Neon.Vector_type in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 020024946..b8e43d354 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) @@ -33,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 6b65cf91f..6b527d102 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst new file mode 100644 index 000000000..39960a363 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -0,0 +1,141 @@ +module Libcrux_ml_kem.Mlkem768.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + () + +let encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key + randomness + +let init_public_key (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 1184) + public_key + serialized + in + serialized + +let unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let hax_temp_output, unpacked_public_key:(Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + (), + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 3) + (sz 1152) + (sz 1152) + (sz 1184) + public_key + unpacked_public_key + <: + (Prims.unit & + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + unpacked_public_key + +let decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) + (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) + (sz 128) (sz 1120) private_key ciphertext + +let generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + key_pair + in + key_pair + +let init_key_pair (_: Prims.unit) = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + () + +let key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = + Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (sz 1152) + (sz 1184) + key_pair + serialized + in + serialized + +let public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + = + let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + key_pair + <: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + in + pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti new file mode 100644 index 000000000..30956fcb9 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -0,0 +1,117 @@ +module Libcrux_ml_kem.Mlkem768.Portable.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Ind_cca.Unpacked in + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + () + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + () + +/// Encapsulate ML-KEM 768 (unpacked) +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], +/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. +val encapsulate + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked public key. +val init_public_key: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val serialized_public_key + (public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val unpacked_public_key + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (unpacked_public_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Decapsulate ML-KEM 768 (unpacked) +/// Generates an [`MlKemSharedSecret`]. +/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] +/// and an [`MlKem768Ciphertext`]. +val decapsulate + (private_key: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair in "unpacked" form. +val generate_key_pair + (randomness: t_Array u8 (sz 64)) + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Create a new, empty unpacked key. +val init_key_pair: Prims.unit + -> Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val key_pair_serialized_public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the unpacked public key. +val public_key + (key_pair: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (pk: + Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure + (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 14c69001d..9690ed48f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) - (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) @@ -33,6 +27,13 @@ let decapsulate (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) + (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 95252b386..a44262014 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -3,23 +3,17 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. @@ -29,6 +23,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst new file mode 100644 index 000000000..df3caf4a2 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst @@ -0,0 +1,51 @@ +module Libcrux_ml_kem.Mlkem768.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +let encapsulate + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 32) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Mlkem768.encapsulate public_key randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + +let generate_key_pair + (#impl_277843321_: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) + (rng: impl_277843321_) + = + let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in + let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = + Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness + in + let rng:impl_277843321_ = tmp0 in + let randomness:t_Array u8 (sz 64) = tmp1 in + let _:Prims.unit = () in + let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = + Libcrux_ml_kem.Mlkem768.generate_key_pair randomness + in + rng, hax_temp_output + <: + (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti new file mode 100644 index 000000000..6d9fbe622 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti @@ -0,0 +1,39 @@ +module Libcrux_ml_kem.Mlkem768.Rand +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Rand_core in + () + +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`]. +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +val encapsulate + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (rng: impl_277843321_) + : Prims.Pure + (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Generate ML-KEM 768 Key Pair +/// The random number generator `rng` needs to implement `RngCore` and +/// `CryptoRng` to sample the required randomness internally. +/// This function returns an [`MlKem768KeyPair`]. +val generate_key_pair + (#impl_277843321_: Type0) + {| i1: Rand_core.t_RngCore impl_277843321_ |} + {| i2: Rand_core.t_CryptoRng impl_277843321_ |} + (rng: impl_277843321_) + : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index e814cd4de..5d0bec2fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,27 +3,21 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) @@ -33,6 +27,13 @@ let decapsulate (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) private_key ciphertext +let encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let generate_key_pair (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) (sz 1152) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index ea6223aa8..16febee24 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -62,23 +62,17 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] -/// bytes of `randomness`. -val encapsulate - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. @@ -88,6 +82,17 @@ val decapsulate (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +/// Encapsulate ML-KEM 768 +/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. +/// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] +/// bytes of `randomness`. +val encapsulate + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size /// [`KEY_GENERATION_SEED_SIZE`]. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..46dfb217a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 9c6f28d5d..3cb84c2ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,19 +192,12 @@ let impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -245,14 +232,12 @@ let impl__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -292,14 +277,12 @@ let impl__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -348,14 +331,12 @@ let impl__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -388,14 +369,12 @@ let impl__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 0d6e4719e..9c52850fc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,18 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -183,22 +176,13 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -230,18 +214,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -257,19 +235,13 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index a3991d73c..f90c60055 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -146,17 +136,12 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -210,17 +195,12 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -274,14 +254,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -377,18 +355,12 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -431,18 +403,12 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -485,18 +451,12 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -539,18 +499,12 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -605,14 +559,12 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -693,18 +645,12 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -742,31 +688,18 @@ let deserialize_ring_elements_reduced i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -782,6 +715,29 @@ let deserialize_ring_elements_reduced <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in + let hax_temp_output:Prims.unit = () <: Prims.unit in + deserialized_pk + +let deserialize_ring_elements_reduced_out + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: t_Slice u8) + = + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE v_K #v_Vector public_key deserialized_pk + in deserialized_pk let deserialize_to_uncompressed_ring_element @@ -795,18 +751,12 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -840,17 +790,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index f4e2ef812..b320a6fd9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -126,10 +126,21 @@ val deserialize_to_reduced_ring_element Prims.l_True (fun _ -> Prims.l_True) +/// See [deserialize_ring_elements_reduced_out]. +val deserialize_ring_elements_reduced + (v_PUBLIC_KEY_SIZE v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Prims.l_True + (fun _ -> Prims.l_True) + /// This function deserializes ring elements and reduces the result by the field /// modulus. /// This function MUST NOT be used on secret inputs. -val deserialize_ring_elements_reduced +val deserialize_ring_elements_reduced_out (v_PUBLIC_KEY_SIZE v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index e5a39ea4d..9e95712a0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -3,17 +3,17 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul -let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_7__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_12__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_14__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_18__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_21__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value +let impl_7__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value +let impl_14__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value +let impl_21__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value let impl__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) @@ -54,7 +54,7 @@ let impl__new let impl__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk + = impl_21__as_slice v_PUBLIC_KEY_SIZE self.f_pk let impl__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) @@ -69,4 +69,4 @@ let impl__public_key let impl__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk + = impl_14__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 413d737d5..d533a764b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -4,22 +4,33 @@ open Core open FStar.Mul /// The number of bytes -val impl_6__len: v_SIZE: usize -> Prims.unit +val impl_7__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_12__len: v_SIZE: usize -> Prims.unit +val impl_14__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_18__len: v_SIZE: usize -> Prims.unit +val impl_21__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_1 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); @@ -27,7 +38,7 @@ let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -35,7 +46,7 @@ let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -48,7 +59,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +let impl_5 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = { f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true); f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -56,14 +67,25 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip } /// A reference to the raw byte slice. -val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) +val impl_7__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_8 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_9 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); @@ -71,7 +93,7 @@ let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -79,7 +101,7 @@ let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -92,7 +114,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +let impl_12 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -100,14 +122,25 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr } /// A reference to the raw byte slice. -val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) +val impl_14__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_15 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_16 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); @@ -115,7 +148,7 @@ let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -123,7 +156,7 @@ let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -136,7 +169,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +let impl_19 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -144,11 +177,11 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu } /// A reference to the raw byte slice. -val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) +val impl_21__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_6 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -179,7 +212,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_13 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -210,7 +243,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_20 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti new file mode 100644 index 000000000..4d6616fd4 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -0,0 +1,243 @@ +module Libcrux_ml_kem.Variant +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + () + +/// Implements [`Variant`], to perform the ML-KEM-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) +/// * during encapsulation, the initial randomness is used without prior hashing, +/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. +type t_MlKem = | MlKem : t_MlKem + +/// This trait collects differences in specification between ML-KEM +/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the +/// NIST PQ competition. +/// cf. FIPS 203, Appendix C +class t_Variant (v_Self: Type0) = { + f_kdf_pre: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Type0; + f_kdf_post: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + t_Array u8 (sz 32) + -> Type0; + f_kdf: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 -> + x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Prims.Pure (t_Array u8 (sz 32)) + (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) + (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); + f_entropy_preprocess_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 + -> Type0; + f_entropy_preprocess_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 32) + -> Type0; + f_entropy_preprocess: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 32)) + (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) + (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); + f_cpa_keygen_seed_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 + -> Type0; + f_cpa_keygen_seed_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 64) + -> Type0; + f_cpa_keygen_seed: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 64)) + (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0) + (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: t_Variant t_MlKem = + { + f_kdf_pre + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + true); + f_kdf_post + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (out1: t_Array u8 (sz 32)) + -> + true); + f_kdf + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + out); + f_entropy_preprocess_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + true); + f_entropy_preprocess_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + (out1: t_Array u8 (sz 32)) + -> + true); + f_entropy_preprocess + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + out); + f_cpa_keygen_seed_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + true); + f_cpa_keygen_seed_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (out: t_Array u8 (sz 64)) + -> + true); + f_cpa_keygen_seed + = + fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (seed.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + key_generation_seed + <: + t_Slice u8) + in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + (cast (v_K <: usize) <: u8) + in + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (seed <: t_Slice u8) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..3eb5abd35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -35,17 +35,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -71,17 +66,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -111,17 +101,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -144,17 +129,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -199,17 +179,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -238,17 +213,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -271,17 +241,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -306,17 +271,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..9a88facf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -247,14 +247,12 @@ let serialize_5_int (v: t_Slice i16) = let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +270,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -755,14 +751,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +776,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index f09b6c7ce..b905b706f 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -3,45 +3,12 @@ use crate::{ constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, ind_cpa::serialize_public_key, - serialize::deserialize_ring_elements_reduced, + serialize::deserialize_ring_elements_reduced_out, types::*, utils::into_padded_array, variant::*, vector::Operations, }; -#[cfg(feature = "unpacked")] -use crate::{ - constant_time_ops::{ - compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, - }, - polynomial::PolynomialRingElement, -}; - -/// Types for the unpacked API. -#[cfg(feature = "unpacked")] -pub(crate) mod unpacked { - use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPrivateKeyUnpacked { - pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, - pub(crate) implicit_rejection_value: [u8; 32], - } - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPublicKeyUnpacked { - pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, - pub(crate) public_key_hash: [u8; 32], - } - - /// An unpacked ML-KEM KeyPair - pub struct MlKemKeyPairUnpacked { - pub private_key: MlKemPrivateKeyUnpacked, - pub public_key: MlKemPublicKeyUnpacked, - } -} -#[cfg(feature = "unpacked")] -use unpacked::*; /// Seed size for key generation pub const KEY_GENERATION_SEED_SIZE: usize = CPA_PKE_KEY_GENERATION_SEED_SIZE + SHARED_SECRET_SIZE; @@ -100,7 +67,7 @@ fn validate_public_key< >( public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { - let deserialized_pk = deserialize_ring_elements_reduced::( + let deserialized_pk = deserialize_ring_elements_reduced_out::( &public_key[..RANKED_BYTES_PER_RING_ELEMENT], ); let public_key_serialized = @@ -309,187 +276,347 @@ pub(crate) fn decapsulate< ) } -// Unpacked API -// Generate Unpacked Keys -#[cfg(feature = "unpacked")] -pub(crate) fn generate_keypair_unpacked< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> MlKemKeyPairUnpacked { - let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; - let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let (ind_cpa_private_key, mut ind_cpa_public_key) = - crate::ind_cpa::generate_keypair_unpacked::( - ind_cpa_keypair_randomness, +/// Types for the unpacked API. +pub(crate) mod unpacked { + use core::array::from_fn; + + use super::*; + use crate::{ + constant_time_ops::{ + compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + }, + ind_cpa::{generate_keypair_unpacked, serialize_public_key_mut, unpacked::*}, + matrix::sample_matrix_A, + polynomial::PolynomialRingElement, + serialize::deserialize_ring_elements_reduced, + vector::traits::Operations, + }; + + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPrivateKeyUnpacked { + pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, + pub(crate) implicit_rejection_value: [u8; 32], + } + + /// An unpacked ML-KEM IND-CCA Private Key + #[derive(Clone)] + pub struct MlKemPublicKeyUnpacked { + pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, + pub(crate) public_key_hash: [u8; 32], + } + + /// An unpacked ML-KEM KeyPair + pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, + } + + /// Generate an unpacked key from a serialized key. + #[inline(always)] + pub(crate) fn unpack_public_key< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Hasher: Hash, + Vector: Operations, + >( + public_key: &MlKemPublicKey, + unpacked_public_key: &mut MlKemPublicKeyUnpacked, + ) { + deserialize_ring_elements_reduced::( + &public_key.value[..T_AS_NTT_ENCODED_SIZE], + &mut unpacked_public_key.ind_cpa_public_key.t_as_ntt, + ); + unpacked_public_key.ind_cpa_public_key.seed_for_A = + into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]); + sample_matrix_A::( + &mut unpacked_public_key.ind_cpa_public_key.A, + into_padded_array(&public_key.value[T_AS_NTT_ENCODED_SIZE..]), + false, ); + unpacked_public_key.public_key_hash = Hasher::H(public_key.as_slice()); + } - // We need to un-transpose the A_transpose matrix provided by IND-CPA - // We would like to write the following but it is not supported by Eurydice yet. - // https://github.com/AeneasVerif/eurydice/issues/39 - // - // let A = core::array::from_fn(|i| { - // core::array::from_fn(|j| A_transpose[j][i]) - // }); - - #[allow(non_snake_case)] - let mut A = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - for i in 0..K { - for j in 0..K { - A[i][j] = ind_cpa_public_key.A[j][i].clone(); + impl MlKemPublicKeyUnpacked { + /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key_mut< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + serialized: &mut MlKemPublicKey, + ) { + serialize_public_key_mut::( + &self.ind_cpa_public_key.t_as_ntt, + &self.ind_cpa_public_key.seed_for_A, + &mut serialized.value, + ); } - } - ind_cpa_public_key.A = A; - let pk_serialized = serialize_public_key::( - &ind_cpa_public_key.t_as_ntt, - &ind_cpa_public_key.seed_for_A, - ); - let public_key_hash = Hasher::H(&pk_serialized); - let implicit_rejection_value: [u8; 32] = implicit_rejection_value.try_into().unwrap(); + /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + ) -> MlKemPublicKey { + serialize_public_key::( + &self.ind_cpa_public_key.t_as_ntt, + &self.ind_cpa_public_key.seed_for_A, + ) + .into() + } + } - MlKemKeyPairUnpacked { - private_key: MlKemPrivateKeyUnpacked { - ind_cpa_private_key, - implicit_rejection_value, - }, - public_key: MlKemPublicKeyUnpacked { - ind_cpa_public_key, - public_key_hash, - }, + impl Default for MlKemPublicKeyUnpacked { + #[inline(always)] + fn default() -> Self { + Self { + ind_cpa_public_key: IndCpaPublicKeyUnpacked::default(), + public_key_hash: [0u8; 32], + } + } } -} -// Encapsulate with Unpacked Public Key -#[cfg(feature = "unpacked")] -pub(crate) fn encapsulate_unpacked< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - public_key: &MlKemPublicKeyUnpacked, - randomness: [u8; SHARED_SECRET_SIZE], -) -> (MlKemCiphertext, MlKemSharedSecret) { - let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); - to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); + impl MlKemKeyPairUnpacked { + /// Create a new empty unpacked key pair. + #[inline(always)] + pub fn new() -> Self { + Self::default() + } - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key_mut< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + serialized: &mut MlKemPublicKey, + ) { + self.public_key + .serialized_public_key_mut::( + serialized, + ) + } - let ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); - let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; - shared_secret_array.copy_from_slice(shared_secret); - (MlKemCiphertext::from(ciphertext), shared_secret_array) -} + /// Get the serialized public key. + #[inline(always)] + pub fn serialized_public_key< + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + &self, + ) -> MlKemPublicKey { + self.public_key + .serialized_public_key::() + } -// Decapsulate with Unpacked Private Key -#[cfg(feature = "unpacked")] -pub(crate) fn decapsulate_unpacked< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - key_pair: &MlKemKeyPairUnpacked, - ciphertext: &MlKemCiphertext, -) -> MlKemSharedSecret { - let decrypted = crate::ind_cpa::decrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - C1_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - Vector, - >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + /// Get the serialized public key. + #[inline(always)] + pub fn public_key(&self) -> &MlKemPublicKeyUnpacked { + &self.public_key + } - let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + /// Get the serialized public key. + #[inline(always)] + pub fn private_key(&self) -> &MlKemPrivateKeyUnpacked { + &self.private_key + } - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + /// Get the serialized private key. + pub fn serialized_private_key(&self) -> MlKemPrivateKey { + todo!() + } + } - let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = - into_padded_array(&key_pair.private_key.implicit_rejection_value); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); - let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + impl Default for MlKemKeyPairUnpacked { + #[inline(always)] + fn default() -> Self { + Self { + private_key: MlKemPrivateKeyUnpacked { + ind_cpa_private_key: IndCpaPrivateKeyUnpacked::default(), + implicit_rejection_value: [0u8; 32], + }, + public_key: MlKemPublicKeyUnpacked::default(), + } + } + } - let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, + /// Generate Unpacked Keys + pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + Scheme: Variant, >( - &key_pair.public_key.ind_cpa_public_key, - decrypted, - pseudorandomness, - ); + randomness: [u8; KEY_GENERATION_SEED_SIZE], + out: &mut MlKemKeyPairUnpacked, + ) { + let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; + let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let selector = compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); + generate_keypair_unpacked::( + ind_cpa_keypair_randomness, + &mut out.private_key.ind_cpa_private_key, + &mut out.public_key.ind_cpa_public_key, + ); - select_shared_secret_in_constant_time( - shared_secret, - &implicit_rejection_shared_secret, - selector, - ) + // We need to un-transpose the A_transpose matrix provided by IND-CPA + // We would like to write the following but it is not supported by Eurydice yet. + // https://github.com/AeneasVerif/eurydice/issues/39 + // + // let A = from_fn(|i| { + // from_fn(|j| A_transpose[j][i]) + // }); + + #[allow(non_snake_case)] + let mut A = from_fn(|_i| from_fn(|_j| PolynomialRingElement::::ZERO())); + for i in 0..K { + for j in 0..K { + A[i][j] = out.public_key.ind_cpa_public_key.A[j][i].clone(); + } + } + out.public_key.ind_cpa_public_key.A = A; + + let pk_serialized = + serialize_public_key::( + &out.public_key.ind_cpa_public_key.t_as_ntt, + &out.public_key.ind_cpa_public_key.seed_for_A, + ); + out.public_key.public_key_hash = Hasher::H(&pk_serialized); + out.private_key.implicit_rejection_value = implicit_rejection_value.try_into().unwrap(); + } + + // Encapsulate with Unpacked Public Key + pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + public_key: &MlKemPublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); + to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); + let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; + shared_secret_array.copy_from_slice(shared_secret); + (MlKemCiphertext::from(ciphertext), shared_secret_array) + } + + // Decapsulate with Unpacked Private Key + pub(crate) fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + let decrypted = crate::ind_cpa::decrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + C1_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + Vector, + >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + + let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = + into_padded_array(&key_pair.private_key.implicit_rejection_value); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); + let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + + let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >( + &key_pair.public_key.ind_cpa_public_key, + decrypted, + pseudorandomness, + ); + + let selector = + compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); + + select_shared_secret_in_constant_time( + shared_secret, + &implicit_rejection_shared_secret, + selector, + ) + } } diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index e9d780ab2..a1b76a978 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -6,13 +6,6 @@ macro_rules! instantiate { KEY_GENERATION_SEED_SIZE, SHARED_SECRET_SIZE, }; - #[cfg(feature = "unpacked")] - pub(crate) type MlKemKeyPairUnpacked = - crate::ind_cca::unpacked::MlKemKeyPairUnpacked; - #[cfg(feature = "unpacked")] - pub(crate) type MlKemPublicKeyUnpacked = - crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; - /// Portable generate key pair. pub(crate) fn generate_keypair< const K: usize, @@ -268,113 +261,142 @@ macro_rules! instantiate { } /// Unpacked API - #[cfg(feature = "unpacked")] - pub(crate) fn generate_keypair_unpacked< - const K: usize, - const CPA_PRIVATE_KEY_SIZE: usize, - const PRIVATE_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - >( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKemKeyPairUnpacked { - crate::ind_cca::generate_keypair_unpacked::< - K, - CPA_PRIVATE_KEY_SIZE, - PRIVATE_KEY_SIZE, - PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, - ETA1, - ETA1_RANDOMNESS_SIZE, - $vector, - $hash, - >(randomness) - } + pub(crate) mod unpacked { + use super::*; - /// Portable encapsualte - #[cfg(feature = "unpacked")] - pub(crate) fn encapsulate_unpacked< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - >( - public_key: &MlKemPublicKeyUnpacked, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKemCiphertext, MlKemSharedSecret) { - crate::ind_cca::encapsulate_unpacked::< - K, - CIPHERTEXT_SIZE, - PUBLIC_KEY_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - $vector, - $hash, - >(public_key, randomness) - } + pub(crate) type MlKemKeyPairUnpacked = + crate::ind_cca::unpacked::MlKemKeyPairUnpacked; + pub(crate) type MlKemPublicKeyUnpacked = + crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; - /// Portable decapsulate - #[cfg(feature = "unpacked")] - pub(crate) fn decapsulate_unpacked< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - >( - key_pair: &MlKemKeyPairUnpacked, - ciphertext: &MlKemCiphertext, - ) -> MlKemSharedSecret { - crate::ind_cca::decapsulate_unpacked::< - K, - SECRET_KEY_SIZE, - CPA_SECRET_KEY_SIZE, - PUBLIC_KEY_SIZE, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - $vector, - $hash, - >(key_pair, ciphertext) + /// Get the unpacked public key. + pub(crate) fn unpack_public_key< + const K: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + >( + public_key: &MlKemPublicKey, + unpacked_public_key: &mut MlKemPublicKeyUnpacked, + ) { + crate::ind_cca::unpacked::unpack_public_key::< + K, + T_AS_NTT_ENCODED_SIZE, + RANKED_BYTES_PER_RING_ELEMENT, + PUBLIC_KEY_SIZE, + $hash, + $vector, + >(public_key, unpacked_public_key) + } + + /// Generate a key pair + pub(crate) fn generate_keypair< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + out: &mut MlKemKeyPairUnpacked, + ) { + crate::ind_cca::unpacked::generate_keypair::< + K, + CPA_PRIVATE_KEY_SIZE, + PRIVATE_KEY_SIZE, + PUBLIC_KEY_SIZE, + BYTES_PER_RING_ELEMENT, + ETA1, + ETA1_RANDOMNESS_SIZE, + $vector, + $hash, + crate::variant::MlKem, + >(randomness, out) + } + + /// Unpacked encapsulate + pub(crate) fn encapsulate< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + >( + public_key: &MlKemPublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + crate::ind_cca::unpacked::encapsulate::< + K, + CIPHERTEXT_SIZE, + PUBLIC_KEY_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + $vector, + $hash, + >(public_key, randomness) + } + + /// Unpacked decapsulate + pub(crate) fn decapsulate< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + >( + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + crate::ind_cca::unpacked::decapsulate::< + K, + SECRET_KEY_SIZE, + CPA_SECRET_KEY_SIZE, + PUBLIC_KEY_SIZE, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + $vector, + $hash, + >(key_pair, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 9704a32ab..5a2367195 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -1,5 +1,5 @@ -#[cfg(feature = "unpacked")] -use crate::variant::MlKem; +use core::array::from_fn; + use crate::{ constants::{BYTES_PER_RING_ELEMENT, COEFFICIENTS_IN_RING_ELEMENT, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -30,13 +30,31 @@ pub mod unpacked { pub(crate) secret_as_ntt: [PolynomialRingElement; K], } + impl Default for IndCpaPrivateKeyUnpacked { + fn default() -> Self { + Self { + secret_as_ntt: [PolynomialRingElement::::ZERO(); K], + } + } + } + /// An unpacked ML-KEM IND-CPA Private Key - #[cfg(feature = "unpacked")] + #[derive(Clone)] pub(crate) struct IndCpaPublicKeyUnpacked { pub(crate) t_as_ntt: [PolynomialRingElement; K], pub(crate) seed_for_A: [u8; 32], pub(crate) A: [[PolynomialRingElement; K]; K], } + + impl Default for IndCpaPublicKeyUnpacked { + fn default() -> Self { + Self { + t_as_ntt: [PolynomialRingElement::::ZERO(); K], + seed_for_A: [0u8; 32], + A: [[PolynomialRingElement::::ZERO(); K]; K], + } + } + } } use unpacked::*; @@ -52,16 +70,37 @@ pub(crate) fn serialize_public_key< seed_for_a: &[u8], ) -> [u8; PUBLIC_KEY_SIZE] { let mut public_key_serialized = [0u8; PUBLIC_KEY_SIZE]; - public_key_serialized[0..RANKED_BYTES_PER_RING_ELEMENT].copy_from_slice( - &serialize_secret_key::(t_as_ntt), + serialize_public_key_mut::( + t_as_ntt, + seed_for_a, + &mut public_key_serialized, ); - public_key_serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a); public_key_serialized } +/// Concatenate `t` and `ρ` into the public key. +#[inline(always)] +pub(crate) fn serialize_public_key_mut< + const K: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, + const PUBLIC_KEY_SIZE: usize, + Vector: Operations, +>( + t_as_ntt: &[PolynomialRingElement; K], + seed_for_a: &[u8], + serialized: &mut [u8; PUBLIC_KEY_SIZE], +) { + serialized[0..RANKED_BYTES_PER_RING_ELEMENT].copy_from_slice(&serialize_secret_key::< + K, + RANKED_BYTES_PER_RING_ELEMENT, + Vector, + >(t_as_ntt)); + serialized[RANKED_BYTES_PER_RING_ELEMENT..].copy_from_slice(seed_for_a); +} + /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -fn serialize_secret_key( +pub(crate) fn serialize_secret_key( key: &[PolynomialRingElement; K], ) -> [u8; OUT_LEN] { let mut out = [0u8; OUT_LEN]; @@ -88,7 +127,7 @@ fn sample_ring_element_cbd< prf_input: [u8; 33], mut domain_separator: u8, ) -> ([PolynomialRingElement; K], u8) { - let mut error_1 = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + let mut error_1 = from_fn(|_i| PolynomialRingElement::::ZERO()); let mut prf_inputs = [prf_input; K]; for i in 0..K { prf_inputs[i][32] = domain_separator; @@ -111,10 +150,10 @@ fn sample_vector_cbd_then_ntt< Vector: Operations, Hasher: Hash, >( + re_as_ntt: &mut [PolynomialRingElement; K], prf_input: [u8; 33], mut domain_separator: u8, -) -> ([PolynomialRingElement; K], u8) { - let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); +) -> u8 { let mut prf_inputs = [prf_input; K]; for i in 0..K { prf_inputs[i][32] = domain_separator; @@ -125,6 +164,26 @@ fn sample_vector_cbd_then_ntt< re_as_ntt[i] = sample_from_binomial_distribution::(&prf_outputs[i]); ntt_binomially_sampled_ring_element(&mut re_as_ntt[i]); } + domain_separator +} + +#[inline(always)] +fn sample_vector_cbd_then_ntt_out< + const K: usize, + const ETA: usize, + const ETA_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, +>( + prf_input: [u8; 33], + mut domain_separator: u8, +) -> ([PolynomialRingElement; K], u8) { + let mut re_as_ntt = from_fn(|_i| PolynomialRingElement::::ZERO()); + domain_separator = sample_vector_cbd_then_ntt::( + &mut re_as_ntt, + prf_input, + domain_separator, + ); (re_as_ntt, domain_separator) } @@ -167,49 +226,50 @@ fn sample_vector_cbd_then_ntt< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[cfg(feature = "unpacked")] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, Hasher: Hash, + Scheme: Variant, >( key_generation_seed: &[u8], -) -> ( - IndCpaPrivateKeyUnpacked, - IndCpaPublicKeyUnpacked, + private_key: &mut IndCpaPrivateKeyUnpacked, + public_key: &mut IndCpaPublicKeyUnpacked, ) { // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM - let hashed = MlKem::cpa_keygen_seed::(key_generation_seed); + let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); - let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); + sample_matrix_A::(&mut public_key.A, into_padded_array(seed_for_A), true); let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); - let (secret_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); - let (error_as_ntt, _) = + let domain_separator = sample_vector_cbd_then_ntt::( + &mut private_key.secret_as_ntt, + prf_input, + 0, + ); + let (error_as_ntt, _) = + sample_vector_cbd_then_ntt_out::( prf_input, domain_separator, ); // tˆ := Aˆ ◦ sˆ + eˆ - let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + compute_As_plus_e( + &mut public_key.t_as_ntt, + &public_key.A, + &private_key.secret_as_ntt, + &error_as_ntt, + ); - let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + public_key.seed_for_A = seed_for_A.try_into().unwrap(); // For encapsulation, we need to store A not Aˆ, and so we untranspose A // However, we pass A_transpose here and let the IND-CCA layer do the untranspose. // We could do it here, but then we would pay the performance cost (if any) for the packed API as well. - let pk = IndCpaPublicKeyUnpacked { - t_as_ntt, - A: A_transpose, - seed_for_A, - }; - let sk = IndCpaPrivateKeyUnpacked { secret_as_ntt }; - (sk, pk) } #[allow(non_snake_case)] @@ -226,37 +286,24 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - // We don't use the unpacked function here in order to reduce stack size. - - // (ρ,σ) := G(d) for Kyber, (ρ,σ) := G(d || K) for ML-KEM - let hashed = Scheme::cpa_keygen_seed::(key_generation_seed); - let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); + let mut private_key = IndCpaPrivateKeyUnpacked::default(); + let mut public_key = IndCpaPublicKeyUnpacked::default(); - let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); - - let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); - let (secret_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); - let (error_as_ntt, _) = - sample_vector_cbd_then_ntt::( - prf_input, - domain_separator, - ); - - // tˆ := Aˆ ◦ sˆ + eˆ - let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); - - let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); + generate_keypair_unpacked::( + key_generation_seed, + &mut private_key, + &mut public_key, + ); // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - &t_as_ntt, - &seed_for_A, + &public_key.t_as_ntt, + &public_key.seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) - let secret_key_serialized = serialize_secret_key(&secret_as_ntt); + let secret_key_serialized = serialize_secret_key(&private_key.secret_as_ntt); (secret_key_serialized, public_key_serialized) } @@ -324,7 +371,6 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[cfg(feature = "unpacked")] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -352,7 +398,9 @@ pub(crate) fn encrypt_unpacked< // rˆ := NTT(r) let mut prf_input: [u8; 33] = into_padded_array(randomness); let (r_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); + sample_vector_cbd_then_ntt_out::( + prf_input, 0, + ); // for i from 0 to k−1 do // e1[i] := CBD_{η2}(PRF(r,N)) @@ -419,9 +467,12 @@ pub(crate) fn encrypt< message: [u8; SHARED_SECRET_SIZE], randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { + let mut unpacked_public_key = IndCpaPublicKeyUnpacked::::default(); + // tˆ := Decode_12(pk) - let t_as_ntt = deserialize_ring_elements_reduced::( + deserialize_ring_elements_reduced::( &public_key[..T_AS_NTT_ENCODED_SIZE], + &mut unpacked_public_key.t_as_ntt, ); // ρ := pk + 12·k·n / 8 @@ -431,57 +482,29 @@ pub(crate) fn encrypt< // end for // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; - let A = sample_matrix_A::(into_padded_array(seed), false); - - // Note that we do not use the unpacked function internally here and instead - // duplicate the code to avoid blowing up the stack. - - // for i from 0 to k−1 do - // r[i] := CBD{η1}(PRF(r, N)) - // N := N + 1 - // end for - // rˆ := NTT(r) - let mut prf_input: [u8; 33] = into_padded_array(randomness); - let (r_as_ntt, domain_separator) = - sample_vector_cbd_then_ntt::(prf_input, 0); - - // for i from 0 to k−1 do - // e1[i] := CBD_{η2}(PRF(r,N)) - // N := N + 1 - // end for - let (error_1, domain_separator) = - sample_ring_element_cbd::( - prf_input, - domain_separator, - ); - - // e_2 := CBD{η2}(PRF(r, N)) - prf_input[32] = domain_separator; - let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input); - let error_2 = sample_from_binomial_distribution::(&prf_output); - - // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 - let u = compute_vector_u(&A, &r_as_ntt, &error_1); - - // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) - let message_as_ring_element = deserialize_then_decompress_message(message); - let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); - - let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; - - // c_1 := Encode_{du}(Compress_q(u,d_u)) - compress_then_serialize_u::( - u, - &mut ciphertext[0..C1_LEN], + sample_matrix_A::( + &mut unpacked_public_key.A, + into_padded_array(seed), + false, ); - // c_2 := Encode_{dv}(Compress_q(v,d_v)) - compress_then_serialize_ring_element_v::( - v, - &mut ciphertext[C1_LEN..], - ); - - ciphertext + // After unpacking the public key we can now call the unpacked decryption. + encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_LEN, + C2_LEN, + U_COMPRESSION_FACTOR, + V_COMPRESSION_FACTOR, + BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&unpacked_public_key, message, randomness) } /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element @@ -495,7 +518,7 @@ fn deserialize_then_decompress_u< >( ciphertext: &[u8; CIPHERTEXT_SIZE], ) -> [PolynomialRingElement; K] { - let mut u_as_ntt = core::array::from_fn(|_| PolynomialRingElement::::ZERO()); + let mut u_as_ntt = from_fn(|_| PolynomialRingElement::::ZERO()); cloop! { for (i, u_bytes) in ciphertext .chunks_exact((COEFFICIENTS_IN_RING_ELEMENT * U_COMPRESSION_FACTOR) / 8) @@ -513,7 +536,7 @@ fn deserialize_then_decompress_u< fn deserialize_secret_key( secret_key: &[u8], ) -> [PolynomialRingElement; K] { - let mut secret_as_ntt = core::array::from_fn(|_| PolynomialRingElement::::ZERO()); + let mut secret_as_ntt = from_fn(|_| PolynomialRingElement::::ZERO()); cloop! { for (i, secret_bytes) in secret_key.chunks_exact(BYTES_PER_RING_ELEMENT).enumerate() { secret_as_ntt[i] = deserialize_to_uncompressed_ring_element(secret_bytes); @@ -585,7 +608,6 @@ pub(crate) fn decrypt< ) -> [u8; SHARED_SECRET_SIZE] { // sˆ := Decode_12(sk) let secret_as_ntt = deserialize_secret_key::(secret_key); - let secret_key_unpacked = IndCpaPrivateKeyUnpacked { secret_as_ntt }; decrypt_unpacked::< diff --git a/libcrux-ml-kem/src/lib.rs b/libcrux-ml-kem/src/lib.rs index a787a5f1d..acd6466b3 100644 --- a/libcrux-ml-kem/src/lib.rs +++ b/libcrux-ml-kem/src/lib.rs @@ -75,6 +75,9 @@ analogously for encapsulation and decapsulation."## // Enable doc cfg feature for doc builds. They use nightly. #![cfg_attr(doc_cfg, feature(doc_cfg))] +#[cfg(feature = "std")] +extern crate std; + /// Feature gating helper macros #[macro_use] mod cfg; diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index d07c95f93..651ab345b 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -6,13 +6,10 @@ use crate::{ #[inline(always)] #[allow(non_snake_case)] pub(crate) fn sample_matrix_A>( + A_transpose: &mut [[PolynomialRingElement; K]; K], seed: [u8; 34], transpose: bool, -) -> [[PolynomialRingElement; K]; K] { - let mut A_transpose = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - +) { for i in 0..K { let mut seeds = [seed; K]; for j in 0..K { @@ -30,9 +27,8 @@ pub(crate) fn sample_matrix_A( #[inline(always)] #[allow(non_snake_case)] pub(crate) fn compute_As_plus_e( + t_as_ntt: &mut [PolynomialRingElement; K], matrix_A: &[[PolynomialRingElement; K]; K], s_as_ntt: &[PolynomialRingElement; K], error_as_ntt: &[PolynomialRingElement; K], -) -> [PolynomialRingElement; K] { - let mut result = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); - +) { cloop! { for (i, row) in matrix_A.iter().enumerate() { + // This may be externally provided memory. Ensure that `t_as_ntt` + // is all 0. + t_as_ntt[i] = PolynomialRingElement::::ZERO(); cloop! { for (j, matrix_element) in row.iter().enumerate() { let product = matrix_element.ntt_multiply(&s_as_ntt[j]); - result[i].add_to_ring_element::(&product); + t_as_ntt[i].add_to_ring_element::(&product); } } - result[i].add_standard_error_reduce(&error_as_ntt[i]); + t_as_ntt[i].add_standard_error_reduce(&error_as_ntt[i]); } - } - - result + }; + () } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 26718e625..3b3484b04 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -1,7 +1,5 @@ //! ML-KEM 1024 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 1024 parameters const RANK_1024: usize = 4; @@ -46,17 +44,6 @@ pub type MlKem1024PublicKey = MlKemPublicKey; /// An ML-KEM 1024 Key pair pub type MlKem1024KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 1024 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem1024PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 1024 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem1024KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -234,95 +221,136 @@ macro_rules! instantiate { >(private_key, ciphertext) } - /// Generate ML-KEM 1024 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem1024KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_1024, - CPA_PKE_SECRET_KEY_SIZE_1024, - SECRET_KEY_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - RANKED_BYTES_PER_RING_ELEMENT_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 1024 (unpacked) - /// - /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - /// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: - /// - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem1024PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_1024, - CPA_PKE_CIPHERTEXT_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - T_AS_NTT_ENCODED_SIZE_1024, - C1_SIZE_1024, - C2_SIZE_1024, - VECTOR_U_COMPRESSION_FACTOR_1024, - VECTOR_V_COMPRESSION_FACTOR_1024, - C1_BLOCK_SIZE_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - - /// Decapsulate ML-KEM 1024 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] - /// and an [`MlKem1024Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem1024KeyPairUnpacked<$vec>, - ciphertext: &MlKem1024Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_1024, - SECRET_KEY_SIZE_1024, - CPA_PKE_SECRET_KEY_SIZE_1024, - CPA_PKE_PUBLIC_KEY_SIZE_1024, - CPA_PKE_CIPHERTEXT_SIZE_1024, - T_AS_NTT_ENCODED_SIZE_1024, - C1_SIZE_1024, - C2_SIZE_1024, - VECTOR_U_COMPRESSION_FACTOR_1024, - VECTOR_V_COMPRESSION_FACTOR_1024, - C1_BLOCK_SIZE_1024, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) + /// Unpacked APIs that don't use serialized keys. + pub mod unpacked { + use super::*; + + /// An Unpacked ML-KEM 1024 Public key + pub type MlKem1024PublicKeyUnpacked = + p::unpacked::MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 1024 Key pair + pub type MlKem1024KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem1024KeyPairUnpacked { + MlKem1024KeyPairUnpacked::default() + } + + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem1024PublicKeyUnpacked { + MlKem1024PublicKeyUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key( + public_key: &MlKem1024PublicKeyUnpacked, + serialized: &mut MlKem1024PublicKey, + ) { + public_key.serialized_public_key_mut::< + RANKED_BYTES_PER_RING_ELEMENT_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + >(serialized); + } + + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem1024PublicKey, + unpacked_public_key: &mut MlKem1024PublicKeyUnpacked, + ) { + p::unpacked::unpack_public_key::< + RANK_1024, + T_AS_NTT_ENCODED_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + >(public_key, unpacked_public_key) + } + + /// Generate ML-KEM 1024 Key Pair in "unpacked" form + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem1024KeyPairUnpacked, + ) { + p::unpacked::generate_keypair::< + RANK_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + RANKED_BYTES_PER_RING_ELEMENT_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair) + } + + /// Encapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + /// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: + /// + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + pub fn encapsulate( + public_key: &MlKem1024PublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem1024Ciphertext, MlKemSharedSecret) { + p::unpacked::encapsulate::< + RANK_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 1024 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] + /// and an [`MlKem1024Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem1024KeyPairUnpacked, + ciphertext: &MlKem1024Ciphertext, + ) -> MlKemSharedSecret { + p::unpacked::decapsulate::< + RANK_1024, + SECRET_KEY_SIZE_1024, + CPA_PKE_SECRET_KEY_SIZE_1024, + CPA_PKE_PUBLIC_KEY_SIZE_1024, + CPA_PKE_CIPHERTEXT_SIZE_1024, + T_AS_NTT_ENCODED_SIZE_1024, + C1_SIZE_1024, + C2_SIZE_1024, + VECTOR_U_COMPRESSION_FACTOR_1024, + VECTOR_V_COMPRESSION_FACTOR_1024, + C1_BLOCK_SIZE_1024, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index eb5a37ddf..c6fa31997 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -1,7 +1,5 @@ //! ML-KEM 512 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 512 parameters const RANK_512: usize = 2; @@ -44,17 +42,6 @@ pub type MlKem512PublicKey = MlKemPublicKey; /// An ML-KEM 512 Key pair pub type MlKem512KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 512 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem512PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 512 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem512KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -231,93 +218,134 @@ macro_rules! instantiate { >(private_key, ciphertext) } - /// Generate ML-KEM 512 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem512KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_512, - CPA_PKE_SECRET_KEY_SIZE_512, - SECRET_KEY_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - RANKED_BYTES_PER_RING_ELEMENT_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 512 (unpacked) - /// - /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem512PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem512Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_512, - CPA_PKE_CIPHERTEXT_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - T_AS_NTT_ENCODED_SIZE_512, - C1_SIZE_512, - C2_SIZE_512, - VECTOR_U_COMPRESSION_FACTOR_512, - VECTOR_V_COMPRESSION_FACTOR_512, - C1_BLOCK_SIZE_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - /// Decapsulate ML-KEM 512 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] - /// and an [`MlKem512Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem512KeyPairUnpacked<$vec>, - ciphertext: &MlKem512Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_512, - SECRET_KEY_SIZE_512, - CPA_PKE_SECRET_KEY_SIZE_512, - CPA_PKE_PUBLIC_KEY_SIZE_512, - CPA_PKE_CIPHERTEXT_SIZE_512, - T_AS_NTT_ENCODED_SIZE_512, - C1_SIZE_512, - C2_SIZE_512, - VECTOR_U_COMPRESSION_FACTOR_512, - VECTOR_V_COMPRESSION_FACTOR_512, - C1_BLOCK_SIZE_512, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) + /// Unpacked APIs that don't use serialized keys. + pub mod unpacked { + use super::*; + + /// An Unpacked ML-KEM 512 Public key + pub type MlKem512PublicKeyUnpacked = p::unpacked::MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 512 Key pair + pub type MlKem512KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem512KeyPairUnpacked { + MlKem512KeyPairUnpacked::default() + } + + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem512PublicKeyUnpacked { + MlKem512PublicKeyUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key( + public_key: &MlKem512PublicKeyUnpacked, + serialized: &mut MlKem512PublicKey + ) { + public_key.serialized_public_key_mut::< + RANKED_BYTES_PER_RING_ELEMENT_512, + CPA_PKE_PUBLIC_KEY_SIZE_512 + >(serialized) + } + + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem512PublicKey, + unpacked_public_key: &mut MlKem512PublicKeyUnpacked , + ) { + p::unpacked::unpack_public_key::< + RANK_512, + T_AS_NTT_ENCODED_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + >(public_key, unpacked_public_key) + } + + /// Generate ML-KEM 512 Key Pair in "unpacked" form + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem512KeyPairUnpacked, + ) { + p::unpacked::generate_keypair::< + RANK_512, + CPA_PKE_SECRET_KEY_SIZE_512, + SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + RANKED_BYTES_PER_RING_ELEMENT_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair); + } + + /// Encapsulate ML-KEM 512 (unpacked) + /// + /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + pub fn encapsulate( + public_key: &MlKem512PublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem512Ciphertext, MlKemSharedSecret) { + p::unpacked::encapsulate::< + RANK_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 512 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] + /// and an [`MlKem512Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem512KeyPairUnpacked, + ciphertext: &MlKem512Ciphertext, + ) -> MlKemSharedSecret { + p::unpacked::decapsulate::< + RANK_512, + SECRET_KEY_SIZE_512, + CPA_PKE_SECRET_KEY_SIZE_512, + CPA_PKE_PUBLIC_KEY_SIZE_512, + CPA_PKE_CIPHERTEXT_SIZE_512, + T_AS_NTT_ENCODED_SIZE_512, + C1_SIZE_512, + C2_SIZE_512, + VECTOR_U_COMPRESSION_FACTOR_512, + VECTOR_V_COMPRESSION_FACTOR_512, + C1_BLOCK_SIZE_512, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 88c328801..bdc5c78f7 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -1,8 +1,6 @@ //! ML-KEM 768 use super::{constants::*, ind_cca::*, types::*, *}; -#[cfg(feature = "unpacked")] -use super::{ind_cca::unpacked::*, vector::traits::VectorType}; // Kyber 768 parameters const RANK_768: usize = 3; @@ -46,17 +44,6 @@ pub type MlKem768PublicKey = MlKemPublicKey; /// An ML-KEM 768 Key pair pub type MlKem768KeyPair = MlKemKeyPair; -/// An Unpacked ML-KEM 768 Public key -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem768PublicKeyUnpacked = MlKemPublicKeyUnpacked; -/// Am Unpacked ML-KEM 768 Key pair -#[allow(type_alias_bounds)] -#[cfg(feature = "unpacked")] -#[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] -pub type MlKem768KeyPairUnpacked = MlKemKeyPairUnpacked; - // Instantiate the different functions. macro_rules! instantiate { ($modp:ident, $p:path, $vec:path, $doc:expr) => { @@ -234,93 +221,137 @@ macro_rules! instantiate { >(private_key, ciphertext) } - /// Generate ML-KEM 768 Key Pair in "unpacked" form - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn generate_key_pair_unpacked( - randomness: [u8; KEY_GENERATION_SEED_SIZE], - ) -> MlKem768KeyPairUnpacked<$vec> { - p::generate_keypair_unpacked::< - RANK_768, - CPA_PKE_SECRET_KEY_SIZE_768, - SECRET_KEY_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - RANKED_BYTES_PER_RING_ELEMENT_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - >(randomness) - } - - /// Encapsulate ML-KEM 768 (unpacked) - /// - /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], - /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. - #[cfg_attr( - hax, - hax_lib::fstar::before( - interface, - " -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - ()" - ) - )] - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn encapsulate_unpacked( - public_key: &MlKem768PublicKeyUnpacked<$vec>, - randomness: [u8; SHARED_SECRET_SIZE], - ) -> (MlKem768Ciphertext, MlKemSharedSecret) { - p::encapsulate_unpacked::< - RANK_768, - CPA_PKE_CIPHERTEXT_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - T_AS_NTT_ENCODED_SIZE_768, - C1_SIZE_768, - C2_SIZE_768, - VECTOR_U_COMPRESSION_FACTOR_768, - VECTOR_V_COMPRESSION_FACTOR_768, - C1_BLOCK_SIZE_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - >(public_key, randomness) - } - - /// Decapsulate ML-KEM 768 (unpacked) - /// - /// Generates an [`MlKemSharedSecret`]. - /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] - /// and an [`MlKem768Ciphertext`]. - #[cfg(feature = "unpacked")] - #[cfg_attr(docsrs, doc(cfg(feature = "unpacked")))] - pub fn decapsulate_unpacked( - private_key: &MlKem768KeyPairUnpacked<$vec>, - ciphertext: &MlKem768Ciphertext, - ) -> MlKemSharedSecret { - p::decapsulate_unpacked::< - RANK_768, - SECRET_KEY_SIZE_768, - CPA_PKE_SECRET_KEY_SIZE_768, - CPA_PKE_PUBLIC_KEY_SIZE_768, - CPA_PKE_CIPHERTEXT_SIZE_768, - T_AS_NTT_ENCODED_SIZE_768, - C1_SIZE_768, - C2_SIZE_768, - VECTOR_U_COMPRESSION_FACTOR_768, - VECTOR_V_COMPRESSION_FACTOR_768, - C1_BLOCK_SIZE_768, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - IMPLICIT_REJECTION_HASH_INPUT_SIZE, - >(private_key, ciphertext) + /// Unpacked APIs that don't use serialized keys. + pub mod unpacked { + use super::*; + + /// An Unpacked ML-KEM 768 Public key + pub type MlKem768PublicKeyUnpacked = p::unpacked::MlKemPublicKeyUnpacked; + + /// Am Unpacked ML-KEM 768 Key pair + pub type MlKem768KeyPairUnpacked = p::unpacked::MlKemKeyPairUnpacked; + + /// Create a new, empty unpacked key. + pub fn init_key_pair() -> MlKem768KeyPairUnpacked { + MlKem768KeyPairUnpacked::default() + } + + /// Create a new, empty unpacked public key. + pub fn init_public_key() -> MlKem768PublicKeyUnpacked { + MlKem768PublicKeyUnpacked::default() + } + + /// Get the serialized public key. + pub fn serialized_public_key(public_key: &MlKem768PublicKeyUnpacked, serialized : &mut MlKem768PublicKey) { + public_key.serialized_public_key_mut::(serialized); + } + + /// Get the serialized public key. + pub fn key_pair_serialized_public_key(key_pair: &MlKem768KeyPairUnpacked, serialized : &mut MlKem768PublicKey) { + key_pair.serialized_public_key_mut::(serialized); + } + + /// Get the unpacked public key. + pub fn public_key(key_pair: &MlKem768KeyPairUnpacked, pk: &mut MlKem768PublicKeyUnpacked) { + *pk = (*key_pair.public_key()).clone(); + } + + /// Get the unpacked public key. + pub fn unpacked_public_key( + public_key: &MlKem768PublicKey, + unpacked_public_key: &mut MlKem768PublicKeyUnpacked + ) { + p::unpacked::unpack_public_key::< + RANK_768, + T_AS_NTT_ENCODED_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + >(public_key, unpacked_public_key) + } + + /// Generate ML-KEM 768 Key Pair in "unpacked" form. + pub fn generate_key_pair( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + key_pair: &mut MlKem768KeyPairUnpacked, + ) { + p::unpacked::generate_keypair::< + RANK_768, + CPA_PKE_SECRET_KEY_SIZE_768, + SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + RANKED_BYTES_PER_RING_ELEMENT_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + >(randomness, key_pair); + } + + /// Encapsulate ML-KEM 768 (unpacked) + /// + /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + /// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], + /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. + #[cfg_attr( + hax, + hax_lib::fstar::before( + interface, + " + let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Neon in + ()" + ) + )] + pub fn encapsulate( + public_key: &MlKem768PublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKem768Ciphertext, MlKemSharedSecret) { + p::unpacked::encapsulate::< + RANK_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + >(public_key, randomness) + } + + /// Decapsulate ML-KEM 768 (unpacked) + /// + /// Generates an [`MlKemSharedSecret`]. + /// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] + /// and an [`MlKem768Ciphertext`]. + pub fn decapsulate( + private_key: &MlKem768KeyPairUnpacked, + ciphertext: &MlKem768Ciphertext, + ) -> MlKemSharedSecret { + p::unpacked::decapsulate::< + RANK_768, + SECRET_KEY_SIZE_768, + CPA_PKE_SECRET_KEY_SIZE_768, + CPA_PKE_PUBLIC_KEY_SIZE_768, + CPA_PKE_CIPHERTEXT_SIZE_768, + T_AS_NTT_ENCODED_SIZE_768, + C1_SIZE_768, + C2_SIZE_768, + VECTOR_U_COMPRESSION_FACTOR_768, + VECTOR_V_COMPRESSION_FACTOR_768, + C1_BLOCK_SIZE_768, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + IMPLICIT_REJECTION_HASH_INPUT_SIZE, + >(private_key, ciphertext) + } } } }; diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index f7efc95a7..e5abd0045 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,8 +14,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone, Copy))] -#[cfg_attr(not(eurydice), derive(Clone))] +// XXX: We don't want to copy this. But for eurydice we have to have this. +#[derive(Clone, Copy)] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 65648ce22..44736b59d 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -89,7 +89,7 @@ fn deserialize_to_reduced_ring_element( /// /// This function MUST NOT be used on secret inputs. #[inline(always)] -pub(super) fn deserialize_ring_elements_reduced< +pub(super) fn deserialize_ring_elements_reduced_out< const PUBLIC_KEY_SIZE: usize, const K: usize, Vector: Operations, @@ -97,6 +97,23 @@ pub(super) fn deserialize_ring_elements_reduced< public_key: &[u8], ) -> [PolynomialRingElement; K] { let mut deserialized_pk = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); + deserialize_ring_elements_reduced::( + public_key, + &mut deserialized_pk, + ); + deserialized_pk +} + +/// See [deserialize_ring_elements_reduced_out]. +#[inline(always)] +pub(super) fn deserialize_ring_elements_reduced< + const PUBLIC_KEY_SIZE: usize, + const K: usize, + Vector: Operations, +>( + public_key: &[u8], + deserialized_pk: &mut [PolynomialRingElement; K], +) { cloop! { for (i, ring_element) in public_key .chunks_exact(BYTES_PER_RING_ELEMENT) @@ -104,8 +121,8 @@ pub(super) fn deserialize_ring_elements_reduced< { deserialized_pk[i] = deserialize_to_reduced_ring_element(ring_element); } - } - deserialized_pk + }; + () } #[inline(always)] diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index b2ab0cc30..b13a8e8dd 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -5,6 +5,12 @@ macro_rules! impl_generic_struct { pub(crate) value: [u8; SIZE], } + impl Default for $name { + fn default() -> Self { + Self { value: [0u8; SIZE] } + } + } + impl AsRef<[u8]> for $name { fn as_ref(&self) -> &[u8] { &self.value diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 8f392ea41..138ad7ad3 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -81,12 +81,3 @@ pub fn to_unsigned_representative(a: T) -> T { pub fn decompress_1(v: T) -> T { T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) } - -/// Internal vectors. -/// -/// Used in the unpacked API. -#[cfg(feature = "unpacked")] -pub trait VectorType: Operations {} - -#[cfg(feature = "unpacked")] -impl VectorType for T {} diff --git a/libcrux-ml-kem/tests/self.rs b/libcrux-ml-kem/tests/self.rs index 065183385..ebffcc0b2 100644 --- a/libcrux-ml-kem/tests/self.rs +++ b/libcrux-ml-kem/tests/self.rs @@ -34,19 +34,46 @@ macro_rules! impl_consistency { }; } -#[cfg(all(feature = "pre-verification", feature = "unpacked"))] +#[cfg(all(feature = "pre-verification",))] macro_rules! impl_consistency_unpacked { - ($name:ident, $key_gen:expr, $encaps:expr, $key_gen_unpacked:expr, $encaps_unpacked:expr, $decaps_unpacked:expr) => { + ($name:ident, $modp:path) => { #[cfg_attr(target_arch = "wasm32", wasm_bindgen_test::wasm_bindgen_test)] #[test] fn $name() { + use $modp as p; + let randomness = random_array(); - let key_pair_unpacked = $key_gen_unpacked(randomness); - let key_pair = $key_gen(randomness); + + // Generate unpacked key + let mut key_pair_unpacked = Default::default(); + p::unpacked::generate_key_pair(randomness, &mut key_pair_unpacked); + + // Generate regular key + let key_pair = p::generate_key_pair(randomness); + + // Ensure the two keys are the same + let mut serialized_public_key = Default::default(); + p::unpacked::serialized_public_key( + key_pair_unpacked.public_key(), + &mut serialized_public_key, + ); + assert_eq!( + key_pair.public_key().as_slice(), + serialized_public_key.as_slice() + ); + let mut re_unpacked_public_key = Default::default(); + p::unpacked::unpacked_public_key(key_pair.public_key(), &mut re_unpacked_public_key); + let mut serialized_public_key = Default::default(); + p::unpacked::serialized_public_key(&re_unpacked_public_key, &mut serialized_public_key); + assert_eq!( + serialized_public_key.as_slice(), + key_pair.public_key().as_slice() + ); + let randomness = random_array(); - let (ciphertext, shared_secret) = $encaps(key_pair.public_key(), randomness); + let (ciphertext, shared_secret) = p::encapsulate(key_pair.public_key(), randomness); let (ciphertext_unpacked, shared_secret_unpacked) = - $encaps_unpacked(&key_pair_unpacked.public_key, randomness); + p::unpacked::encapsulate(&key_pair_unpacked.public_key, randomness); assert_eq!( shared_secret, shared_secret_unpacked, "lhs: shared_secret, rhs: shared_secret_unpacked" @@ -56,11 +83,17 @@ macro_rules! impl_consistency_unpacked { ciphertext_unpacked.as_slice(), "lhs: ciphertext, rhs: ciphertext_unpacked" ); - let shared_secret_decapsulated = $decaps_unpacked(&key_pair_unpacked, &ciphertext); + let shared_secret_decapsulated = + p::unpacked::decapsulate(&key_pair_unpacked, &ciphertext); + let shared_secret = p::decapsulate(key_pair.private_key(), &ciphertext); assert_eq!( shared_secret_unpacked, shared_secret_decapsulated, "lhs: shared_secret_unpacked, rhs: shared_secret_decapsulated" ); + assert_eq!( + shared_secret, shared_secret_decapsulated, + "lhs: shared_secret, rhs: shared_secret_decapsulated" + ); // If the randomness was not enough for the rejection sampling step // in key-generation and encapsulation, simply return without // failing. @@ -229,136 +262,82 @@ impl_consistency!( libcrux_ml_kem::mlkem1024::decapsulate ); -#[cfg(all( - feature = "mlkem512", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem512", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_512_portable, - libcrux_ml_kem::mlkem512::portable::generate_key_pair, - libcrux_ml_kem::mlkem512::portable::encapsulate, - libcrux_ml_kem::mlkem512::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem512::portable ); #[cfg(all( feature = "mlkem512", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_neon, - libcrux_ml_kem::mlkem512::neon::generate_key_pair, - libcrux_ml_kem::mlkem512::neon::encapsulate, - libcrux_ml_kem::mlkem512::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem512::neon ); #[cfg(all( feature = "mlkem512", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_512_avx2, - libcrux_ml_kem::mlkem512::avx2::generate_key_pair, - libcrux_ml_kem::mlkem512::avx2::encapsulate, - libcrux_ml_kem::mlkem512::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem512::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem512::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem512::avx2 ); -#[cfg(all( - feature = "mlkem1024", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem1024", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_1024_portable, - libcrux_ml_kem::mlkem1024::portable::generate_key_pair, - libcrux_ml_kem::mlkem1024::portable::encapsulate, - libcrux_ml_kem::mlkem1024::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::portable ); #[cfg(all( feature = "mlkem1024", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_neon, - libcrux_ml_kem::mlkem1024::neon::generate_key_pair, - libcrux_ml_kem::mlkem1024::neon::encapsulate, - libcrux_ml_kem::mlkem1024::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::neon ); #[cfg(all( feature = "mlkem1024", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_1024_avx2, - libcrux_ml_kem::mlkem1024::avx2::generate_key_pair, - libcrux_ml_kem::mlkem1024::avx2::encapsulate, - libcrux_ml_kem::mlkem1024::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem1024::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem1024::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem1024::avx2 ); -#[cfg(all( - feature = "mlkem768", - feature = "pre-verification", - feature = "unpacked" -))] +#[cfg(all(feature = "mlkem768", feature = "pre-verification",))] impl_consistency_unpacked!( consistency_unpacked_768_portable, - libcrux_ml_kem::mlkem768::portable::generate_key_pair, - libcrux_ml_kem::mlkem768::portable::encapsulate, - libcrux_ml_kem::mlkem768::portable::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::portable::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::portable::decapsulate_unpacked + libcrux_ml_kem::mlkem768::portable ); #[cfg(all( feature = "mlkem768", feature = "pre-verification", feature = "simd128", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_neon, - libcrux_ml_kem::mlkem768::neon::generate_key_pair, - libcrux_ml_kem::mlkem768::neon::encapsulate, - libcrux_ml_kem::mlkem768::neon::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::neon::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::neon::decapsulate_unpacked + libcrux_ml_kem::mlkem768::neon ); #[cfg(all( feature = "mlkem768", feature = "pre-verification", feature = "simd256", - feature = "unpacked" ))] impl_consistency_unpacked!( consistency_unpacked_768_avx2, - libcrux_ml_kem::mlkem768::avx2::generate_key_pair, - libcrux_ml_kem::mlkem768::avx2::encapsulate, - libcrux_ml_kem::mlkem768::avx2::generate_key_pair_unpacked, - libcrux_ml_kem::mlkem768::avx2::encapsulate_unpacked, - libcrux_ml_kem::mlkem768::avx2::decapsulate_unpacked + libcrux_ml_kem::mlkem768::avx2 ); #[cfg(feature = "mlkem512")] diff --git a/libcrux-psq/Cargo.toml b/libcrux-psq/Cargo.toml index 4e0f7395d..2c172cdcf 100644 --- a/libcrux-psq/Cargo.toml +++ b/libcrux-psq/Cargo.toml @@ -14,18 +14,18 @@ publish = false bench = false # so libtest doesn't eat the arguments to criterion [dependencies] -libcrux-kem = { version = "0.0.2-alpha.3", path = "../libcrux-kem", features = [ +libcrux-kem = { version = "0.0.2-beta.2", path = "../libcrux-kem", features = [ "pre-verification", ] } -libcrux-hkdf = { version = "=0.0.2-alpha.3", path = "../libcrux-hkdf" } -libcrux-hmac = { version = "=0.0.2-alpha.3", path = "../libcrux-hmac" } +libcrux-hkdf = { version = "=0.0.2-beta.2", path = "../libcrux-hkdf" } +libcrux-hmac = { version = "=0.0.2-beta.2", path = "../libcrux-hmac" } classic-mceliece-rust = { version = "2.0.0", features = [ "mceliece460896f", "zeroize", ] } rand = { version = "0.8" } -libcrux-ecdh = { version = "0.0.2-alpha.3", path = "../libcrux-ecdh" } -libcrux = { version = "0.0.2-alpha.3", path = ".." } +libcrux-ecdh = { version = "0.0.2-beta.2", path = "../libcrux-ecdh" } +libcrux = { version = "0.0.2-beta.2", path = ".." } [dev-dependencies] criterion = "0.5" diff --git a/libcrux-sha3/Cargo.toml b/libcrux-sha3/Cargo.toml index ebf3dde70..85ed0be95 100644 --- a/libcrux-sha3/Cargo.toml +++ b/libcrux-sha3/Cargo.toml @@ -14,8 +14,8 @@ exclude = ["/proofs", "/c.sh", "/c.yaml", "/tests/tv", "tests/cavp.rs"] bench = false # so libtest doesn't eat the arguments to criterion [dependencies] -libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } -libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } +libcrux-platform = { version = "0.0.2-beta.2", path = "../sys/platform" } +libcrux-intrinsics = { version = "0.0.2-beta.2", path = "../libcrux-intrinsics" } # This is only required for verification. # The hax config is set by the hax toolchain. @@ -34,7 +34,7 @@ harness = false criterion = "0.5.1" hex = "0.4.3" rand = "0.8.5" -cavp = { version = "0.0.2-alpha.3", path = "../cavp" } +cavp = { version = "0.0.2-beta.2", path = "../cavp" } pretty_env_logger = "0.5.0" [lints.rust] diff --git a/specs/kyber/Cargo.toml b/specs/kyber/Cargo.toml index 7d8804a93..6c6415240 100644 --- a/specs/kyber/Cargo.toml +++ b/specs/kyber/Cargo.toml @@ -4,11 +4,11 @@ version = "0.1.0" edition = "2021" [dependencies] -libcrux = { version = "=0.0.2-alpha.3", path = "../../" } +libcrux = { version = "=0.0.2-beta.2", path = "../../" } hacspec-lib = { version = "0.0.1", path = "../hacspec-lib" } [dev-dependencies] -libcrux-kem = { version = "=0.0.2-alpha.3", path = "../../libcrux-kem", features = [ +libcrux-kem = { version = "=0.0.2-beta.2", path = "../../libcrux-kem", features = [ "tests", ] } hex = { version = "0.4.3", features = ["serde"] } diff --git a/sys/hacl/Cargo.toml b/sys/hacl/Cargo.toml index 19390a9b3..910b9dd7b 100644 --- a/sys/hacl/Cargo.toml +++ b/sys/hacl/Cargo.toml @@ -16,7 +16,7 @@ crate-type = ["cdylib", "rlib"] [build-dependencies] cc = { version = "1.1", features = ["parallel"] } -libcrux-platform = { version = "=0.0.2-alpha.3", path = "../platform" } +libcrux-platform = { version = "=0.0.2-beta.2", path = "../platform" } bindgen = { version = "0.69", optional = true } [features] diff --git a/sys/libjade/Cargo.toml b/sys/libjade/Cargo.toml index ef36dbb21..f84c6ea29 100644 --- a/sys/libjade/Cargo.toml +++ b/sys/libjade/Cargo.toml @@ -14,7 +14,7 @@ publish = false [build-dependencies] cc = { version = "1.1", features = ["parallel"] } -libcrux-platform = { version = "=0.0.2-alpha.3", path = "../platform" } +libcrux-platform = { version = "=0.0.2-beta.2", path = "../platform" } [target.'cfg(not(windows))'.build-dependencies] bindgen = { version = "0.69", optional = true } diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..0b77def1e 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)