diff --git a/.github/workflows/c-bench.yml.disabled b/.github/workflows/c-bench.yml.disabled new file mode 100644 index 000000000..04d03d819 --- /dev/null +++ b/.github/workflows/c-bench.yml.disabled @@ -0,0 +1,55 @@ +name: Benchmark C + +on: + workflow_dispatch: + merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: false + matrix: + os: + - macos-latest + - ubuntu-latest + # - windows-latest # currently runs forever, needs to be investigated before adding again! + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - name: ๐Ÿ”จ Build libcrux-ml-kem/c + working-directory: libcrux-ml-kem/c + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + # FIXME: Benchmarks on Windows CI are not working right now. + # - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark + # working-directory: libcrux-ml-kem/c + # run: ./build/Release/ml_kem_bench + # if: ${{ matrix.os == 'windows-latest' }} + + - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark (libcrux-ml-kem/c) + working-directory: libcrux-ml-kem/c + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} + + - name: ๐Ÿ”จ Build libcrux-ml-kem/cg + working-directory: libcrux-ml-kem/cg + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark libcrux-ml-kem/cg + working-directory: libcrux-ml-kem/cg + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index c734bf0de..c3535185b 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -14,7 +14,6 @@ concurrency: jobs: extract: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -33,10 +32,10 @@ jobs: with: name: c-extraction path: libcrux-ml-kem/c + include-hidden-files: true if-no-files-found: error extract-header-only: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -55,11 +54,11 @@ jobs: with: name: header-only-c-extraction path: libcrux-ml-kem/cg/ + include-hidden-files: true if-no-files-found: error diff: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -80,7 +79,6 @@ jobs: diff-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -101,7 +99,6 @@ jobs: build: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -141,7 +138,6 @@ jobs: build-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -174,50 +170,3 @@ jobs: - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Test run: ./build/ml_kem_test if: ${{ matrix.os != 'windows-latest' }} - - benchmark: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: false - matrix: - os: - - macos-latest - - ubuntu-latest - - windows-latest - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem/c - - steps: - - uses: actions/checkout@v4 - - - name: ๐Ÿ”จ Build Release - run: | - cmake -B build -DCMAKE_BUILD_TYPE=Release - cmake --build build --config Release - - # FIXME: Benchmarks on Windows CI are not working right now. - # - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark - # run: ./build/Release/ml_kem_bench - # if: ${{ matrix.os == 'windows-latest' }} - - - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark (c) - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmark (cg) - working-directory: libcrux-ml-kem/cg - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmark] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 5fab6fabd..0438fb798 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml index feee99cfa..438386e60 100644 --- a/.github/workflows/ecdh.yml +++ b/.github/workflows/ecdh.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index bac3854d5..94932d553 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -11,6 +11,7 @@ on: - cron: "0 0 * * *" workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always @@ -29,7 +30,7 @@ jobs: - uses: DeterminateSystems/magic-nix-cache-action@main - name: โคต Install FStar - run: nix profile install github:FStarLang/FStar/v2024.01.13 + run: nix profile install github:FStarLang/FStar/v2024.09.05 - name: โคต Clone HACL-star repository uses: actions/checkout@v4 diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml index ca3c7f23f..d4ada3cdf 100644 --- a/.github/workflows/kem.yml +++ b/.github/workflows/kem.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index 8c46feafd..40be6f8c0 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always @@ -97,3 +98,9 @@ jobs: run: | cargo clean cargo test --verbose --release $RUST_TARGET_FLAG + + # Benchmarks + - name: ๐Ÿ”จ Build Benchmarks + run: | + cargo clean + cargo bench --no-run diff --git a/.github/workflows/mlkem-bench.yml.disabled b/.github/workflows/mlkem-bench.yml.disabled new file mode 100644 index 000000000..5f049aaca --- /dev/null +++ b/.github/workflows/mlkem-bench.yml.disabled @@ -0,0 +1,105 @@ +name: Benchmark ML-KEM + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem + + steps: + - uses: actions/checkout@v4 + + - name: Update dependencies + run: cargo update + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: ๐Ÿ› ๏ธ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: ๐Ÿ› ๏ธ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: ๐Ÿ› ๏ธ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: ๐Ÿ› ๏ธ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: ๐Ÿ› ๏ธ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # - name: ๐Ÿ”จ Build + # run: cargo build --benches + + # - name: โฌ† Upload build + # uses: ./.github/actions/upload_artifacts + # with: + # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} + + # Benchmarks ... + + - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt + + - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks Portable + run: | + cargo clean + LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | sed 's/^test \(.*\) \.\.\. bench/test portable \1 ... bench/' | tee -a bench.txt + - name: Clear Cargo.lock so it doesn't interfere with git + run: git checkout Cargo.lock + - name: Store benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ML-KEM Benchmark + tool: 'cargo' + output-file-path: libcrux-ml-kem/bench.txt + benchmark-data-dir-path: dev/bench/mlkem + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true + + + diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 67376a6c2..575339c5d 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -88,6 +87,11 @@ jobs: rustc --print=cfg cargo build --verbose $RUST_TARGET_FLAG --features pre-verification + - name: ๐Ÿ”จ Build unpacked + run: | + rustc --print=cfg + cargo build --verbose $RUST_TARGET_FLAG --features pre-verification,unpacked + - name: ๐Ÿ”จ Build Release run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification @@ -156,7 +160,7 @@ jobs: - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Test Kyber run: | cargo clean - cargo test --features kyber --verbose $RUST_TARGET_FLAG + cargo test --features pre-verification,kyber --verbose $RUST_TARGET_FLAG - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Cargo Check Features if: ${{ matrix.bits == 64 }} @@ -169,96 +173,3 @@ jobs: run: | cargo clean cargo hack test --each-feature $EXCLUDE_FEATURES --verbose $RUST_TARGET_FLAG - - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-13 - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem - - steps: - - uses: actions/checkout@v4 - - - name: Update dependencies - run: cargo update - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: ๐Ÿ› ๏ธ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: ๐Ÿ› ๏ธ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: ๐Ÿ› ๏ธ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: ๐Ÿ› ๏ธ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: ๐Ÿ› ๏ธ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # - name: ๐Ÿ”จ Build - # run: cargo build --benches - - # - name: โฌ† Upload build - # uses: ./.github/actions/upload_artifacts - # with: - # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} - - # Benchmarks ... - - - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG - - - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks Portable - run: | - cargo clean - LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG - - mq_status: - if: | - always() && - github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' - needs: [benchmarks] - runs-on: ubuntu-latest - steps: - - name: Successful - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Failing - if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index aa893300c..f852b95a3 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -4,6 +4,7 @@ on: push: branches: [main, dev] pull_request: + merge_group: jobs: nix: diff --git a/.github/workflows/platform.yml b/.github/workflows/platform.yml index 3415ee2f3..074dea37d 100644 --- a/.github/workflows/platform.yml +++ b/.github/workflows/platform.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/rust-bench.yml.disabled b/.github/workflows/rust-bench.yml.disabled new file mode 100644 index 000000000..3258ab0c3 --- /dev/null +++ b/.github/workflows/rust-bench.yml.disabled @@ -0,0 +1,98 @@ +name: Benchmark + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + # FIXME: Linking isn't working here yet for hacl #42 + - bits: 32 + os: "windows-latest" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: โš™๏ธ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: โš™๏ธ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: โš™๏ธ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: ๐Ÿ› ๏ธ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: ๐Ÿ› ๏ธ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # Set up windows + + - name: โš™๏ธ Setup Windows x86 + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x86-windows-static-md + + - name: โš™๏ธ Setup Windows x64 + if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x64-windows-static-md + + # Benchmarks ... + + - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt + - name: Store Benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: Rust Benchmark + tool: 'cargo' + output-file-path: bench.txt + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 7b4324a5c..c09f98d06 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -123,7 +122,7 @@ jobs: run: cargo build --verbose $RUST_TARGET_FLAG wasm: - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} + if: false #${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: @@ -141,90 +140,4 @@ jobs: - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Test run: CC=emcc AR=emar wasm-pack test --node --features wasm - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - # FIXME: Linking isn't working here yet for hacl #42 - - bits: 32 - os: "windows-latest" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - - steps: - - uses: actions/checkout@v4 - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: โš™๏ธ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: โš™๏ธ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: โš™๏ธ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: ๐Ÿ› ๏ธ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: ๐Ÿ› ๏ธ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # Set up windows - - - name: โš™๏ธ Setup Windows x86 - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x86-windows-static-md - - - name: โš™๏ธ Setup Windows x64 - if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x64-windows-static-md - - # Benchmarks ... - - - name: ๐Ÿƒ๐Ÿปโ€โ™€๏ธ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmarks] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/skip-benches-in-prs.yml.disabled b/.github/workflows/skip-benches-in-prs.yml.disabled new file mode 100644 index 000000000..27d9cb4bc --- /dev/null +++ b/.github/workflows/skip-benches-in-prs.yml.disabled @@ -0,0 +1,33 @@ +name: Skip Benchmarks in PRs + +on: [ pull_request ] + +jobs: + benchmark: + strategy: + fail-fast: false + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} + steps: + - run: true + + benchmark_without_bits: + strategy: + fail-fast: false + matrix: + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} + name: "benchmark (${{ matrix.os }})" + steps: + - run: true + diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml index 83a79e802..383d45cdf 100644 --- a/.github/workflows/specs.yml +++ b/.github/workflows/specs.yml @@ -5,6 +5,7 @@ on: branches: [ "main", "dev" ] pull_request: branches: [ "main", "dev" ] + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..c7347c48f --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,22 @@ +name: 'Triage stale issues and PRs' +on: + schedule: + - cron: '00 1 * * *' + workflow_dispatch: + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-pr-message: "This PR has been marked as stale due to a lack of activity for 60 days. If you believe this pull request is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-issue-label: 'stale' + exempt-issue-labels: 'keep-open' + stale-pr-label: 'stale' + exempt-pr-labels: 'keep-open' + days-before-stale: 60 + days-before-close: 7 + close-issue-message: "This issue has been closed due to a lack of activity since being marked as stale. If you believe this issue is still relevant, please reopen it with an update or comment." + close-pr-message: "This PR has been closed due to a lack of activity since being marked as stale. If you believe this pull request is still relevant, please reopen it with an update or comment." diff --git a/Cargo.lock b/Cargo.lock index 0da78d60b..f5c2c65ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.15" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" dependencies = [ "anstream", "anstyle", @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "proc-macro2", "quote", @@ -1265,9 +1265,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1278,15 +1278,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" dependencies = [ "plotters-backend", ] @@ -1569,9 +1569,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", @@ -1623,18 +1623,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -1643,9 +1643,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.127" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -1773,9 +1773,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" diff --git a/Cargo.toml b/Cargo.toml index 6eec956ec..1b8317ec1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,7 @@ exclude = [ [lib] crate-type = ["staticlib", "cdylib", "lib"] +bench = false # so libtest doesn't eat the arguments for criterion [build-dependencies] libcrux-platform = { version = "=0.0.2-alpha.3", path = "sys/platform" } @@ -72,13 +73,14 @@ rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } +getrandom = { version = "0.2", features = ["js"], optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. -# [target.'cfg(hax)'.workspace.dependencies] +#[target.'cfg(hax)'.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } -#hax-lib = { path = "../hax/hax-lib" } +hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } @@ -99,7 +101,7 @@ getrandom = { version = "0.2", features = ["js"] } [features] hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] -wasm = ["wasm-bindgen"] +wasm = ["wasm-bindgen", "getrandom"] log = ["dep:log"] tests = [] # Expose functions for testing. experimental = [] # Expose experimental APIs. diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 1e8ba7372..0a7015968 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -2,7 +2,7 @@ module Tactics.Seq open Core module L = FStar.List.Tot -module S = FStar.Seq.Base +module S = FStar.Seq open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index a03c287ec..d4014e6a8 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 47d5ae8e5..44910de0c 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -21,14 +21,14 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: }; kind = Concrete_ident.Kind.Value })); span = - { Span.id = 1879; + { Span.id = 2213; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 240 }; - lo = { Span.Imported.col = 0; line = 237 } } + hi = { Span.Imported.col = 2; line = 213 }; + lo = { Span.Imported.col = 0; line = 207 } } ] }; typ = @@ -54,43 +54,43 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: (Ast.String "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); span = - { Span.id = 1879; + { Span.id = 2213; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 240 }; - lo = { Span.Imported.col = 0; line = 237 } } + hi = { Span.Imported.col = 2; line = 213 }; + lo = { Span.Imported.col = 0; line = 207 } } ] }; typ = Ast.Make.TStr }; { Ast.Make.e = (Ast.Make.Literal (Ast.String - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"240\" };\n lo = { Types.col = \"0\"; line = \"237\" } };\n ty = Types.Never }")); + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"213\" };\n lo = { Types.col = \"0\"; line = \"207\" } };\n ty = Types.Never }")); span = - { Span.id = 1879; + { Span.id = 2213; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 240 }; - lo = { Span.Imported.col = 0; line = 237 } } + hi = { Span.Imported.col = 2; line = 213 }; + lo = { Span.Imported.col = 0; line = 207 } } ] }; typ = Ast.Make.TStr } ]; generic_args = []; bounds_impls = []; trait = None}; span = - { Span.id = 1879; + { Span.id = 2213; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 240 }; - lo = { Span.Imported.col = 0; line = 237 } } + hi = { Span.Imported.col = 2; line = 213 }; + lo = { Span.Imported.col = 0; line = 207 } } ] }; typ = @@ -116,7 +116,7 @@ Last AST: [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "mm256_srli_epi16"); + (Concrete_ident.Imported.ValueNs "mm256_mullo_epi16"); disambiguator = 0 } ] }; diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 30b8f7147..94d84faff 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,19 +1,37 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul unfold type t_Vec128 = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = + Seq.index (vec128_as_i16x8 v) i unfold type t_Vec256 = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + let get_lane (v:t_Vec256) (i:nat{i < 16}) = + Seq.index (vec256_as_i16x16 v) i -val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( +. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_and_si256 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( &. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -45,9 +63,22 @@ val mm256_madd_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mulhi_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec256_as_i16x16 lhs) + (vec256_as_i16x16 rhs)) unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 + let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -62,13 +93,23 @@ val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) val mm256_permutevar8x32_epi32 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set1_epi16 (constant: i16) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == Spec.Utils.create (sz 16) constant) val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -98,7 +139,13 @@ val mm256_sllv_epi32 (vector counts: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec256_as_i16x16 vector)) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -117,7 +164,14 @@ val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: t_Vec256) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val mm256_sub_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -132,19 +186,48 @@ val mm256_unpacklo_epi64 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_xor_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_add_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 -val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - -val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_mulhi_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec128_as_i16x8 lhs) + (vec128_as_i16x8 rhs)) + +val mm_mullo_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 -val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_set1_epi16 (constant: i16) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: @@ -166,4 +249,11 @@ val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) (Core.Slice.impl__len #i16 output_future <: usize) =. (Core.Slice.impl__len #i16 output <: usize)) -val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_sub_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 110dea312..ddd3ada9e 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -8,7 +8,9 @@ #[hax_lib::fstar::replace( interface, "unfold type $:{Vec256} = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)" + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + let get_lane (v:t_Vec256) (i:nat{i < 16}) = + Seq.index (vec256_as_i16x16 v) i" )] pub struct Vec256(u8); @@ -17,7 +19,9 @@ pub struct Vec256(u8); #[hax_lib::fstar::replace( interface, "unfold type $:{Vec128} = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)" + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = + Seq.index (vec128_as_i16x8 v) i" )] pub struct Vec128(u8); @@ -124,13 +128,19 @@ pub fn mm256_set_epi8( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.create (sz 16) $constant"))] pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() } #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16" + "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit()" )] pub fn mm256_set_epi16( input15: i16, @@ -153,6 +163,8 @@ pub fn mm256_set_epi16( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.create (sz 8) $constant"))] pub fn mm_set1_epi16(constant: i16) -> Vec128 { unimplemented!() } @@ -173,12 +185,18 @@ pub fn mm256_set_epi32( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (+.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } + +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (+.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } + pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -186,21 +204,33 @@ pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (-.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } + +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (-.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16" + "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16 + let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2))] = admit() + " )] pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 mul_mod (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -209,6 +239,9 @@ pub fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -217,6 +250,8 @@ pub fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -225,6 +260,8 @@ pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (&.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -233,6 +270,9 @@ pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (vec256_as_i16x16 $vector)"))] pub fn mm256_srai_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unimplemented!() diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 1e5bf3333..bae04a508 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -18,14 +18,15 @@ exclude = [ "/hax.py", ] +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + [dependencies] rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -# This is only required for verification, but we are setting it as default until some hax attributes are fixed -# [target.'cfg(hax)'.dependencies] hax-lib.workspace = true [features] @@ -35,20 +36,24 @@ default = ["std", "mlkem512", "mlkem768", "mlkem1024"] # Hardware features can be force enabled. # It is not recommended to use these. This crate performs CPU feature detection # and enables the features when they are available. -simd128 = ["libcrux-sha3/simd128","libcrux-intrinsics/simd128"] -simd256 = ["libcrux-sha3/simd256","libcrux-intrinsics/simd256"] +simd128 = ["libcrux-sha3/simd128", "libcrux-intrinsics/simd128"] +simd256 = ["libcrux-sha3/simd256", "libcrux-intrinsics/simd256"] # Features for the different key sizes of ML-KEM mlkem512 = [] mlkem768 = [] mlkem1024 = [] +# Enable the unpacked API +unpacked = [] + # Enable Round 3 Kyber in addition to ML-KEM kyber = [] # Code that is not yet verified pre-verification = [] +# std support std = [] [dev-dependencies] @@ -75,7 +80,7 @@ name = "keygen" required-features = ["mlkem768"] [package.metadata."docs.rs"] -features = ["pre-verification", "kyber"] +features = ["pre-verification", "kyber", "unpacked"] rustdoc-args = ["--cfg", "doc_cfg"] [lints.rust] diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 2af7c36be..f407256d6 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_d9 ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] + - [libcrux_sha3, generic_keccak, absorb_final_80 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_6d ] api: - [libcrux_sha3, avx2, "*"] private: diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index d5b35e949..a11eef2e5 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 50e2aa7a6..d0d648272 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 +Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index d9b08f6ad..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -46,7 +46,7 @@ typedef struct { // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ +#define EURYDICE_SLICE(x, start, end) \ (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an @@ -55,42 +55,42 @@ typedef struct { // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ @@ -99,21 +99,21 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, @@ -169,28 +169,14 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// wraparound semantics in C +// unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } - static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } -static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { - return x + y; -} - -static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { - return x - y; -} - -static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { - return x * y; -} - - static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { *x0 = *x0 + *x1; @@ -211,10 +197,10 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N } // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ .f0 = (iter_ptr)->start++})) // Old name (TODO: remove once everyone has upgraded to the latest Charon) @@ -254,25 +240,25 @@ static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, return curr_chunk; } -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ - ((Eurydice_chunks){ \ - .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ .chunk_size = sz_}) #define core_slice_iter_Chunks Eurydice_chunks #define core_slice_iter_ChunksExact Eurydice_chunks -#define Eurydice_chunks_next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ +#define Eurydice_chunks_next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ .f0 = chunk_next(iter, sizeof(t))})) #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \ Eurydice_chunks_next // This name changed on 20240627 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \ Eurydice_chunks_next -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ - iter, t, _ret_t) \ +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) typedef struct { @@ -280,17 +266,17 @@ typedef struct { size_t index; } Eurydice_slice_iterator; -#define core_slice___Slice_T___iter(x, t, _ret_t) \ +#define core_slice___Slice_T___iter(x, t, _ret_t) \ ((Eurydice_slice_iterator){.s = x, .index = 0}) #define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ - ret_t) \ - (((iter)->index == (iter)->s.len) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = \ - ((iter)->index++, \ - &((t *)((iter)->s.ptr))[(iter)->index - 1])})) +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) // STRINGS @@ -301,8 +287,8 @@ typedef const char *Prims_string; typedef void *core_fmt_Formatter; typedef void *core_fmt_Arguments; typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ - x4) \ +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ NULL // VECTORS (ANCIENT, POSSIBLY UNTESTED) @@ -320,49 +306,49 @@ typedef struct { * statement-expression -- this suitably initializes ptr to NULL and len and * size to 0. */ #define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size / sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX / 2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t *)v->ptr)[v->len] = x; \ - v->len++; \ +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size / sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX / 2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t *)v->ptr)[v->len] = x; \ + v->len++; \ } while (0) -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ } while (0) #define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] #define EURYDICE_VEC_LEN(v, t) (v)->len /* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) \ - ({ \ - t *p = malloc(sizeof(t)); \ - *p = x; \ - p; \ +#define EURYDICE_BOX_NEW(x, t) \ + ({ \ + t *p = malloc(sizeof(t)); \ + *p = x; \ + p; \ }) -#define EURYDICE_REPLACE(ptr, new_v, t) \ - ({ \ - t old_v = *ptr; \ - *ptr = new_v; \ - old_v; \ +#define EURYDICE_REPLACE(ptr, new_v, t) \ + ({ \ + t old_v = *ptr; \ + *ptr = new_v; \ + old_v; \ }) #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3ef2beef6..49fee3ce8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_core_H @@ -21,12 +21,6 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); - #define CORE_NUM__U32_8__BITS (32U) static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); @@ -81,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( uint8_t value[1568U]); /** @@ -94,7 +88,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -107,7 +101,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( uint8_t value[3168U]); /** @@ -119,7 +113,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( uint8_t value[1568U]); /** @@ -130,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -153,7 +147,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -165,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( uint8_t value[1184U]); /** @@ -178,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -191,7 +185,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( uint8_t value[2400U]); /** @@ -203,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( uint8_t value[1088U]); /** @@ -214,7 +208,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +231,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( uint8_t value[800U]); /** @@ -262,7 +256,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -275,7 +269,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( uint8_t value[1632U]); /** @@ -287,7 +281,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( uint8_t value[768U]); /** @@ -298,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -309,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -333,7 +327,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -343,7 +337,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -355,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -366,7 +360,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -377,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -401,7 +395,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -424,7 +418,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -447,7 +441,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -470,7 +464,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index debf82f1a..313e8fff2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_e21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_e20( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_e2( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 3c3c0e9d3..48768729f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -23,7 +23,7 @@ extern "C" { #include "internal/libcrux_core.h" #include "internal/libcrux_sha3_internal.h" -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; +int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i); #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_161( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_160( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_16( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a2365b0a1..a1eb2b1e5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -23,9 +23,30 @@ extern "C" { #include "internal/libcrux_core.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +void libcrux_sha3_generic_keccak_absorb_final_80( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); + typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1002e489a..203ac4320 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); } /** @@ -50,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -58,15 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); } /** @@ -76,7 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 3fd2a5aa7..da448bb61 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -196,7 +196,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -316,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -421,7 +421,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -440,7 +440,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -460,7 +460,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -512,7 +512,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -531,7 +531,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -551,7 +551,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -571,7 +571,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -591,7 +591,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -611,7 +611,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 66b054b12..5ae6d35b2 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_core_H @@ -229,7 +229,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 82fd34954..6a58e99a4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 9fc3014b2..5ba67b2cc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f3( +static void decapsulate_010( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_250(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e20(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f3(private_key, ciphertext, ret); + decapsulate_010(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_d1( +static void decapsulate_unpacked_300( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d1(private_key, ciphertext, ret); + decapsulate_unpacked_300(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6c( +static tuple_21 encapsulate_d90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6c(uu____0, copy_of_randomness); + return encapsulate_d90(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_e9( +static tuple_21 encapsulate_unpacked_8b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_e9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e9(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b0(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a3( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_500( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_210(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a3(copy_of_randomness); + return generate_keypair_500(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_3e(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_3e(copy_of_randomness); + return generate_keypair_unpacked_5a0(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_ea0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a0(public_key); +static bool validate_public_key_ae0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_060(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_ea0(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_ea0(public_key.value)) { + if (validate_public_key_ae0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 1e4429f30..117cbb9c5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 7d72cc93a..d76b92948 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_aa( +static void decapsulate_b31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_531(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_161(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_aa(private_key, ciphertext, ret); + decapsulate_b31(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_0b( +static void decapsulate_unpacked_171( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0b(private_key, ciphertext, ret); + decapsulate_unpacked_171(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_07( +static tuple_21 encapsulate_cd1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_07(uu____0, copy_of_randomness); + return encapsulate_cd1(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_7c( +static tuple_21 encapsulate_unpacked_571( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_7c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7c(uu____0, copy_of_randomness); + return encapsulate_unpacked_571(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_99( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_651(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c1(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_ff1(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_60(uint8_t randomness[64U]) { +generate_keypair_unpacked_c61(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_60(copy_of_randomness); + return generate_keypair_unpacked_c61(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_361(public_key); +static bool validate_public_key_091(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_821(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_931(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_931(public_key.value)) { + if (validate_public_key_091(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 3bc0c4199..09598b5e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index d603ac13b..2686fd558 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_H @@ -21,52 +21,28 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 ((size_t)320U) -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 ((size_t)640U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 ((size_t)128U) -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 ((size_t)768U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 ((size_t)800U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 ((size_t)768U) #define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE ((size_t)192U) #define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE ((size_t)128U) #define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + ((size_t)800U) typedef libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_mlkem512_MlKem512Ciphertext; @@ -80,15 +56,17 @@ typedef libcrux_ml_kem_types_MlKemPrivateKey_5e typedef libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_mlkem512_MlKem512PublicKey; -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 ((size_t)768U) -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 ((size_t)1632U) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 ((size_t)768U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d7a9eb950..1949286a4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_01(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_25(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e2(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1c(private_key, ciphertext, ret); + decapsulate_01(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_36( +static void decapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_36( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_36(private_key, ciphertext, ret); + decapsulate_unpacked_30(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_93( +static tuple_ec encapsulate_d9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_93(uu____0, copy_of_randomness); + return encapsulate_d9(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ff( +static tuple_ec encapsulate_unpacked_8b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_ff( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ff(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c6( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_50( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c6(copy_of_randomness); + return generate_keypair_50(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7a(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7a(copy_of_randomness); + return generate_keypair_unpacked_5a(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_ea(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); +static bool validate_public_key_ae(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_ea(public_key.value)) { + if (validate_public_key_ae(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 0aa147efe..9aae3051a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e8f8433ad..bc1b33818 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_530(private_key, ciphertext, ret); +static void decapsulate_b30( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_160(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_b30(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_0e( +static void decapsulate_unpacked_170( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_0e( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0e(private_key, ciphertext, ret); + decapsulate_unpacked_170(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d8( +static tuple_ec encapsulate_cd0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d8(uu____0, copy_of_randomness); + return encapsulate_cd0(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_d7( +static tuple_ec encapsulate_unpacked_570( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_d7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d7(uu____0, copy_of_randomness); + return encapsulate_unpacked_570(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ff0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_650(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c0(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_25(copy_of_randomness); + return generate_keypair_ff0(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d1(uint8_t randomness[64U]) { +generate_keypair_unpacked_c60(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d1(copy_of_randomness); + return generate_keypair_unpacked_c60(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_360(public_key); +static bool validate_public_key_090(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_820(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_930(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_930(public_key.value)) { + if (validate_public_key_090(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 28f2a9ad7..83e67c6de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 6d41768b1..be002b2a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 71ed1a8ac..673055121 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_10( +static void decapsulate_011( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_251(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e21(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_10( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_10(private_key, ciphertext, ret); + decapsulate_011(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_1f( +static void decapsulate_unpacked_301( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_1f( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1f(private_key, ciphertext, ret); + decapsulate_unpacked_301(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_6f( +static tuple_3c encapsulate_d91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e91(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b31(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f(uu____0, copy_of_randomness); + return encapsulate_d91(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_b8( +static tuple_3c encapsulate_unpacked_8b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_b8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b8(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b1(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_75( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_501( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_211(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_75(copy_of_randomness); + return generate_keypair_501(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_4c(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4c(copy_of_randomness); + return generate_keypair_unpacked_5a1(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_ea1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a1(public_key); +static bool validate_public_key_ae1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_061(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_ea1(public_key.value)) { + if (validate_public_key_ae1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 1c88c7072..940d04ca9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1420d7a72..afdf0b2fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_64( +static void decapsulate_b3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_53(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_16(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_64( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_64(private_key, ciphertext, ret); + decapsulate_b3(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_87( +static void decapsulate_unpacked_17( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_87( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_87(private_key, ciphertext, ret); + decapsulate_unpacked_17(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_eb( +static tuple_3c encapsulate_cd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_eb(uu____0, copy_of_randomness); + return encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_d0( +static tuple_3c encapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_d0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d0(uu____0, copy_of_randomness); + return encapsulate_unpacked_57(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_0a( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0a(copy_of_randomness); + return generate_keypair_ff(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_0f(uint8_t randomness[64U]) { +generate_keypair_unpacked_c6(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0f(copy_of_randomness); + return generate_keypair_unpacked_c6(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); +static bool validate_public_key_09(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_93(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_93(public_key.value)) { + if (validate_public_key_09(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index f51ce81d2..107f7b5e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index db101ec95..6cc32fdef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_mlkem_avx2.h" @@ -105,22 +105,24 @@ __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); + __m256i cv = mm256_set1_epi16(constant); + return mm256_mullo_epi16(vector, cv); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return mm256_and_si256(vector, mm256_set1_epi16(constant)); + __m256i cv = mm256_set1_epi16(constant); + return mm256_and_si256(vector, cv); } /** @@ -159,11 +161,11 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = mm256_mulhi_epi16( + __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); return mm256_sub_epi16(vector, quotient_times_field_modulus); @@ -180,16 +182,17 @@ __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i vec_constant = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, vec_constant); __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); + __m256i modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); + __m256i value_high = mm256_mulhi_epi16(vector, vec_constant); return mm256_sub_epi16(value_high, k_times_modulus); } @@ -239,16 +242,17 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); + __m256i vec, __m256i constants) { + __m256i value_low = mm256_mullo_epi16(vec, constants); __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); + __m256i modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); + __m256i value_high = mm256_mulhi_epi16(vec, constants); return mm256_sub_epi16(value_high, k_times_modulus); } @@ -304,16 +308,16 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); + __m128i vec, __m128i constants) { + __m128i value_low = mm_mullo_epi16(vec, constants); __m128i k = mm_mullo_epi16( value_low, mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); + __m128i modulus = mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m128i k_times_modulus = mm_mulhi_epi16(k, modulus); + __m128i value_high = mm_mulhi_epi16(vec, constants); return mm_sub_epi16(value_high, k_times_modulus); } @@ -428,15 +432,15 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = mm256_mullo_epi16( - v, + vec, mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); __m256i k_times_modulus = mm256_mulhi_epi16( k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i value_high = mm256_srli_epi32((int32_t)16, vec, __m256i); __m256i result = mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); return mm256_srai_epi32((int32_t)16, result0, __m256i); @@ -599,7 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1035,7 +1039,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_98(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1063,8 +1067,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ce(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_reduced_ring_element_55(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1083,12 +1087,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_301( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1100,7 +1104,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1113,7 +1117,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_fb(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_f5(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1126,8 +1130,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_cf(__m256i vector) { - return shift_right_fb(vector); +static __m256i shift_right_09_22(__m256i vector) { + return shift_right_f5(vector); } /** @@ -1136,8 +1140,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_4b(__m256i a) { - __m256i t = shift_right_09_cf(a); +static __m256i to_unsigned_representative_4f(__m256i a) { + __m256i t = shift_right_09_22(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1149,13 +1153,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_4b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_4f(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1173,7 +1177,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_801( +static KRML_MUSTINLINE void serialize_secret_key_501( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1191,7 +1195,7 @@ static KRML_MUSTINLINE void serialize_secret_key_801( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1206,14 +1210,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_ac1( +static KRML_MUSTINLINE void serialize_public_key_511( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_801(t_as_ntt, ret0); + serialize_secret_key_501(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1233,15 +1237,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_301( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_511( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1272,7 +1276,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1282,10 +1286,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_d61( +static void closure_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -1295,7 +1299,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_501(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1317,11 +1321,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(copy_of_input); + return shake128_init_absorb_final_501(copy_of_input); } /** @@ -1330,7 +1334,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1364,9 +1368,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); + shake128_squeeze_first_three_blocks_001(self, ret); } /** @@ -1417,7 +1421,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_973( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_613( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1455,7 +1459,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1489,9 +1493,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); + shake128_squeeze_next_block_dd1(self, ret); } /** @@ -1542,7 +1546,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_614( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1585,8 +1589,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_84(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); +from_i16_array_20_82(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1603,9 +1607,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e91( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a1( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1615,7 +1619,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_0c1( +static KRML_MUSTINLINE void sample_from_xof_c11( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1624,25 +1628,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(copy_of_seeds); + shake128_init_absorb_final_a9_3f1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_973( + bool done = sample_from_uniform_distribution_next_613( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_974( + done = sample_from_uniform_distribution_next_614( copy_of_randomness, sampled_coefficients, out); } } @@ -1651,7 +1655,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e91(copy_of_out[i]);); + ret0[i] = closure_8a1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1663,12 +1667,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_431( +static KRML_MUSTINLINE void sample_matrix_A_ff1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_d61(A_transpose[i]);); + closure_ba1(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1683,7 +1687,7 @@ static KRML_MUSTINLINE void sample_matrix_A_431( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_0c1(copy_of_seeds, sampled); + sample_from_xof_c11(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1727,7 +1731,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1765,60 +1769,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_ef2(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v โˆˆ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B โˆˆ ๐”น^{64ฮท}. - Output: array f โˆˆ โ„คโ‚‚โ‚…โ‚†. - - b โ† BytesToBits(B) - for (i โ† 0; i < 256; i++) - x โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + j] - y โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + ฮท + j] - f[i] โ† xโˆ’y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1826,7 +1781,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_6a(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1860,7 +1815,7 @@ sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1871,7 +1826,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_5f(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1904,7 +1859,7 @@ sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1915,8 +1870,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_9b(randomness); +sample_from_binomial_distribution_8e0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_6a(randomness); } /** @@ -1925,7 +1880,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_68( +static KRML_MUSTINLINE void ntt_at_layer_7_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1950,7 +1905,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_7b(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_25(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1961,8 +1916,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_c5(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_7b(b, zeta_r); +ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_25(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1975,7 +1930,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1988,9 +1943,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_c5( + ntt_layer_int_vec_step_0a( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2005,14 +1960,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));); } /** @@ -2021,16 +1976,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_70( +static KRML_MUSTINLINE void ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -2040,20 +1994,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_7e( +static KRML_MUSTINLINE void ntt_at_layer_1_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } @@ -2067,7 +2018,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void poly_barrett_reduce_20_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2083,17 +2034,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c7( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_68(re); + ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -2104,11 +2055,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_e41( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2120,12 +2071,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2150,25 +2101,21 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); } return out; } @@ -2183,7 +2130,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f31( +static KRML_MUSTINLINE void add_to_ring_element_20_471( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2203,7 +2150,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_6b(__m256i v) { +static __m256i to_standard_domain_f5(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2218,14 +2165,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_a1( +static KRML_MUSTINLINE void add_standard_error_reduce_20_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_6b(self->coefficients[j]); + to_standard_domain_f5(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2238,14 +2185,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b1( +static KRML_MUSTINLINE void compute_As_plus_e_ef1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2266,10 +2213,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_471(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2288,10 +2235,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_f81( +static tuple_9b0 generate_keypair_unpacked_471( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); + G_a9_ab1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2299,15 +2246,15 @@ static tuple_9b0 generate_keypair_unpacked_f81( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_431(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_ff1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2319,14 +2266,14 @@ static tuple_9b0 generate_keypair_unpacked_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_571(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e41(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_4b1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -2377,7 +2324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -2390,7 +2337,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_4a( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2409,7 +2356,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2427,7 +2374,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2436,7 +2383,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_471(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 @@ -2447,7 +2394,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2457,19 +2404,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_511( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -2505,17 +2452,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_f81( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_471(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_511( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_801(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_501(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2539,7 +2486,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c91( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2565,7 +2512,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c91( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_651(public_key, ret0); + H_a9_311(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2594,7 +2541,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2603,13 +2550,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_f81(ind_cpa_keypair_randomness); + generate_keypair_931(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_c91( + serialize_kem_secret_key_eb1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2618,13 +2565,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b10( + uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); } /** @@ -2636,10 +2583,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e71(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2651,11 +2598,11 @@ sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2676,7 +2623,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2693,9 +2640,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -2704,7 +2651,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2712,13 +2659,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -2728,7 +2672,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_88( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2736,9 +2680,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -2748,15 +2691,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); + KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));); } /** @@ -2766,11 +2708,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = montgomery_multiply_fe_25(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2781,7 +2723,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2796,9 +2738,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_e9( + inv_ntt_layer_int_vec_step_reduce_e0( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2813,18 +2755,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c51( +static KRML_MUSTINLINE void invert_ntt_montgomery_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -2837,7 +2779,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_87( +static KRML_MUSTINLINE void add_error_reduce_20_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,14 +2800,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_641( +static KRML_MUSTINLINE void compute_vector_u_e31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2885,11 +2827,11 @@ static KRML_MUSTINLINE void compute_vector_u_641( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_471(&result0[i1], &product); } - invert_ntt_montgomery_c51(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_971(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2906,11 +2848,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_05(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), - &v), - (int16_t)1665); +static __m256i decompress_1_34(__m256i vec) { + __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); + __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, + (int16_t)1665); } /** @@ -2920,8 +2862,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2929,7 +2871,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_05(coefficient_compressed);); + re.coefficients[i0] = decompress_1_34(coefficient_compressed);); return re; } @@ -2944,7 +2886,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_86( +add_message_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2971,18 +2913,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c1( +compute_ring_element_v_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_471(&result, &product);); + invert_ntt_montgomery_971(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -2993,7 +2935,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a7(__m256i vector) { +compress_ciphertext_coefficient_fd(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3040,8 +2982,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_b5(__m256i vector) { - return compress_ciphertext_coefficient_a7(vector); +static __m256i compress_09_76(__m256i vector) { + return compress_ciphertext_coefficient_fd(vector); } /** @@ -3050,14 +2992,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a8( +static KRML_MUSTINLINE void compress_then_serialize_10_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b5(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_76(to_unsigned_representative_4f(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3075,7 +3017,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a70(__m256i vector) { +compress_ciphertext_coefficient_fd0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3122,8 +3064,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_b50(__m256i vector) { - return compress_ciphertext_coefficient_a70(vector); +static __m256i compress_09_760(__m256i vector) { + return compress_ciphertext_coefficient_fd0(vector); } /** @@ -3133,10 +3075,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a8(re, uu____0); + compress_then_serialize_10_bf(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3149,7 +3091,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_521( +static void compress_then_serialize_u_9f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3165,7 +3107,7 @@ static void compress_then_serialize_u_521( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3178,7 +3120,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a71(__m256i vector) { +compress_ciphertext_coefficient_fd1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3225,8 +3167,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_b51(__m256i vector) { - return compress_ciphertext_coefficient_a71(vector); +static __m256i compress_09_761(__m256i vector) { + return compress_ciphertext_coefficient_fd1(vector); } /** @@ -3235,7 +3177,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_42( +static KRML_MUSTINLINE void compress_then_serialize_4_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3244,7 +3186,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_42( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b51(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_761(to_unsigned_representative_4f(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3203,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a72(__m256i vector) { +compress_ciphertext_coefficient_fd2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3250,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_b52(__m256i vector) { - return compress_ciphertext_coefficient_a72(vector); +static __m256i compress_09_762(__m256i vector) { + return compress_ciphertext_coefficient_fd2(vector); } /** @@ -3318,7 +3260,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8a( +static KRML_MUSTINLINE void compress_then_serialize_5_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3327,7 +3269,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_b52(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_762(to_unsigned_representative_4f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3344,9 +3286,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_42(re, out); + compress_then_serialize_4_c0(re, out); } /** @@ -3366,15 +3308,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac1( +static void encrypt_unpacked_061( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3384,7 +3326,7 @@ static void encrypt_unpacked_ac1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_b31(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e71(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3392,31 +3334,31 @@ static void encrypt_unpacked_ac1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_641(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e31(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_521( + compress_then_serialize_u_9f1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3440,11 +3382,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3454,7 +3396,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3467,7 +3409,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_ac1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_061(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3477,7 +3419,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3498,11 +3440,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_151(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3522,22 +3464,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_501(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_301( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_431(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_ff1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -3567,7 +3509,7 @@ static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_061(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3582,11 +3524,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e1(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3608,27 +3550,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d1( + entropy_preprocess_af_151( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_a9_311(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3636,19 +3578,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_501(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e51(shared_secret, shared_secret_array); + kdf_af_6e1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3668,7 +3610,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f(__m256i vector) { +decompress_ciphertext_coefficient_2d(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3712,8 +3654,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_ab(__m256i vector) { - return decompress_ciphertext_coefficient_2f(vector); +static __m256i decompress_ciphertext_coefficient_09_ac(__m256i vector) { + return decompress_ciphertext_coefficient_2d(vector); } /** @@ -3723,8 +3665,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_04(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_10_56(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3736,7 +3678,7 @@ deserialize_then_decompress_10_04(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac(coefficient); } return re; } @@ -3748,7 +3690,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f0(__m256i vector) { +decompress_ciphertext_coefficient_2d0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3792,8 +3734,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_ab0(__m256i vector) { - return decompress_ciphertext_coefficient_2f0(vector); +static __m256i decompress_ciphertext_coefficient_09_ac0(__m256i vector) { + return decompress_ciphertext_coefficient_2d0(vector); } /** @@ -3803,15 +3745,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_0a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_11_42(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac0(coefficient); } return re; } @@ -3823,8 +3765,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_07(Eurydice_slice serialized) { - return deserialize_then_decompress_10_04(serialized); +deserialize_then_decompress_ring_element_u_d5(Eurydice_slice serialized) { + return deserialize_then_decompress_10_56(serialized); } /** @@ -3833,17 +3775,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_bf( +static KRML_MUSTINLINE void ntt_vector_u_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -3854,12 +3796,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3877,8 +3819,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); + ntt_vector_u_27(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3892,7 +3834,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f1(__m256i vector) { +decompress_ciphertext_coefficient_2d1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3936,8 +3878,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_ab1(__m256i vector) { - return decompress_ciphertext_coefficient_2f1(vector); +static __m256i decompress_ciphertext_coefficient_09_ac1(__m256i vector) { + return decompress_ciphertext_coefficient_2d1(vector); } /** @@ -3947,15 +3889,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_4_44(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac1(coefficient); } return re; } @@ -3967,7 +3909,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f2(__m256i vector) { +decompress_ciphertext_coefficient_2d2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4011,8 +3953,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_ab2(__m256i vector) { - return decompress_ciphertext_coefficient_2f2(vector); +static __m256i decompress_ciphertext_coefficient_09_ac2(__m256i vector) { + return decompress_ciphertext_coefficient_2d2(vector); } /** @@ -4022,8 +3964,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_5_f0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4031,7 +3973,7 @@ deserialize_then_decompress_5_fe(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_ab2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_ac2(re.coefficients[i0]); } return re; } @@ -4043,8 +3985,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f0(serialized); +deserialize_then_decompress_ring_element_v_08(Eurydice_slice serialized) { + return deserialize_then_decompress_4_44(serialized); } /** @@ -4058,7 +4000,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_45(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4080,17 +4022,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c81( +compute_message_3f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_471(&result, &product);); + invert_ntt_montgomery_971(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -4100,12 +4042,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_fc( +static KRML_MUSTINLINE void compress_then_serialize_message_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_4b(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_4f(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4128,19 +4070,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_071( +static void decrypt_unpacked_4c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_08( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c81(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4149,7 +4091,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4166,8 +4108,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -4191,14 +4133,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_071(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4209,7 +4151,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4217,17 +4159,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4235,11 +4177,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_061(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4257,8 +4199,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_uncompressed_ring_element_ae(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4275,12 +4217,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_881( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4292,7 +4234,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4314,10 +4256,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); + deserialize_secret_key_881(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4329,7 +4271,7 @@ static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_071(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4355,7 +4297,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_e21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4373,9 +4315,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4383,7 +4325,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4391,39 +4333,37 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_501(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51(Eurydice_array_to_slice( + kdf_af_6e1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e51(shared_secret0, shared_secret1); + kdf_af_6e1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4432,12 +4372,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_300( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4449,7 +4389,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4464,7 +4404,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_800( +static KRML_MUSTINLINE void serialize_secret_key_500( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4482,7 +4422,7 @@ static KRML_MUSTINLINE void serialize_secret_key_800( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4497,14 +4437,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_ac0( +static KRML_MUSTINLINE void serialize_public_key_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_800(t_as_ntt, ret0); + serialize_secret_key_500(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4524,15 +4464,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_300( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_510( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4563,7 +4503,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4573,10 +4513,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_d60( +static void closure_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -4586,7 +4526,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_500(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4608,11 +4548,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(copy_of_input); + return shake128_init_absorb_final_500(copy_of_input); } /** @@ -4621,7 +4561,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4658,9 +4598,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); + shake128_squeeze_first_three_blocks_000(self, ret); } /** @@ -4711,7 +4651,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_971( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_611( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4749,7 +4689,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4786,9 +4726,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); + shake128_squeeze_next_block_dd0(self, ret); } /** @@ -4839,7 +4779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_972( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_612( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4877,9 +4817,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e90( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a0( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4889,7 +4829,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_0c0( +static KRML_MUSTINLINE void sample_from_xof_c10( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4898,25 +4838,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(copy_of_seeds); + shake128_init_absorb_final_a9_3f0(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_971( + bool done = sample_from_uniform_distribution_next_611( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_972( + done = sample_from_uniform_distribution_next_612( copy_of_randomness, sampled_coefficients, out); } } @@ -4925,7 +4865,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e90(copy_of_out[i]);); + ret0[i] = closure_8a0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4937,12 +4877,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_430( +static KRML_MUSTINLINE void sample_matrix_A_ff0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_d60(A_transpose[i]);); + closure_ba0(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4957,7 +4897,7 @@ static KRML_MUSTINLINE void sample_matrix_A_430( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_0c0(copy_of_seeds, sampled); + sample_from_xof_c10(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5001,7 +4941,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5042,9 +4982,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_ef1(input, ret); } /** @@ -5055,11 +4995,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_e40( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5071,12 +5011,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5100,7 +5040,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f30( +static KRML_MUSTINLINE void add_to_ring_element_20_470( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5120,14 +5060,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b0( +static KRML_MUSTINLINE void compute_As_plus_e_ef0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5148,10 +5088,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_470(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5170,10 +5110,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_f80( +static tuple_54 generate_keypair_unpacked_470( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); + G_a9_ab0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5181,15 +5121,15 @@ static tuple_54 generate_keypair_unpacked_f80( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_430(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_ff0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5201,14 +5141,14 @@ static tuple_54 generate_keypair_unpacked_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_570(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e40(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_4b0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5259,7 +5199,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -5271,7 +5211,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5289,7 +5229,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5298,7 +5238,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_f80(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_470(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 @@ -5309,7 +5249,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5319,19 +5259,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_510( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5367,17 +5307,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_f80( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_f80(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_470(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_510( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_800(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_500(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5401,7 +5341,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c90( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5427,7 +5367,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c90( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_650(public_key, ret0); + H_a9_310(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5456,7 +5396,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5465,13 +5405,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_f80(ind_cpa_keypair_randomness); + generate_keypair_930(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_c90( + serialize_kem_secret_key_eb0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5480,13 +5420,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b11( + uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); } /** @@ -5498,10 +5438,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e70(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5513,11 +5453,11 @@ sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5543,9 +5483,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -5554,18 +5494,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c50( +static KRML_MUSTINLINE void invert_ntt_montgomery_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -5574,14 +5514,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_640( +static KRML_MUSTINLINE void compute_vector_u_e30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5601,11 +5541,11 @@ static KRML_MUSTINLINE void compute_vector_u_640( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_470(&result0[i1], &product); } - invert_ntt_montgomery_c50(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_970(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5623,18 +5563,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c0( +compute_ring_element_v_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_470(&result, &product);); + invert_ntt_montgomery_970(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -5644,14 +5584,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_a50( +static KRML_MUSTINLINE void compress_then_serialize_11_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b50(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_760(to_unsigned_representative_4f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5669,10 +5609,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_a50(re, uu____0); + compress_then_serialize_11_770(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5685,7 +5625,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_520( +static void compress_then_serialize_u_9f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5701,7 +5641,7 @@ static void compress_then_serialize_u_520( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_970(&re, ret); + compress_then_serialize_ring_element_u_810(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5714,9 +5654,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8a(re, out); + compress_then_serialize_5_2c(re, out); } /** @@ -5736,15 +5676,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac0( +static void encrypt_unpacked_060( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5754,7 +5694,7 @@ static void encrypt_unpacked_ac0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_b30(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e70(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5762,31 +5702,31 @@ static void encrypt_unpacked_ac0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_640(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e30(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e70(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_520( + compress_then_serialize_u_9f0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a0( + compress_then_serialize_ring_element_v_0c0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5810,11 +5750,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5824,7 +5764,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5837,7 +5777,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_ac0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_060(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5847,7 +5787,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5868,11 +5808,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_150(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -5892,22 +5832,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_500(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_300( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_430(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_ff0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5937,7 +5877,7 @@ static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_060(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5952,11 +5892,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e0(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -5978,27 +5918,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d0( + entropy_preprocess_af_150( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_a9_310(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6006,19 +5946,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_500(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e50(shared_secret, shared_secret_array); + kdf_af_6e0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6038,8 +5978,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_070(Eurydice_slice serialized) { - return deserialize_then_decompress_11_0a(serialized); +deserialize_then_decompress_ring_element_u_d50(Eurydice_slice serialized) { + return deserialize_then_decompress_11_42(serialized); } /** @@ -6048,17 +5988,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_bf0( +static KRML_MUSTINLINE void ntt_vector_u_270( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -6069,12 +6009,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6092,8 +6032,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_070(u_bytes); - ntt_vector_u_bf0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d50(u_bytes); + ntt_vector_u_270(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6107,8 +6047,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_fe(serialized); +deserialize_then_decompress_ring_element_v_080(Eurydice_slice serialized) { + return deserialize_then_decompress_5_f0(serialized); } /** @@ -6118,17 +6058,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c80( +compute_message_3f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_470(&result, &product);); + invert_ntt_montgomery_970(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -6142,19 +6082,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_070( +static void decrypt_unpacked_4c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb0( + deserialize_then_decompress_ring_element_v_080( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c80(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6168,8 +6108,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -6193,15 +6133,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_070(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -6212,7 +6152,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6220,17 +6160,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -6238,11 +6178,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_060(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6259,12 +6199,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_880( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6276,7 +6216,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6298,10 +6238,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); + deserialize_secret_key_880(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6313,7 +6253,7 @@ static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_070(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6339,7 +6279,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_e20( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6358,9 +6298,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6368,7 +6308,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6376,39 +6316,37 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f00(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_500(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50(Eurydice_array_to_slice( + kdf_af_6e0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e50(shared_secret0, shared_secret1); + kdf_af_6e0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6417,12 +6355,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_30( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6434,7 +6372,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6449,7 +6387,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_80( +static KRML_MUSTINLINE void serialize_secret_key_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6467,7 +6405,7 @@ static KRML_MUSTINLINE void serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6482,14 +6420,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_ac( +static KRML_MUSTINLINE void serialize_public_key_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_80(t_as_ntt, ret0); + serialize_secret_key_50(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6509,15 +6447,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_30( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_51( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6548,7 +6486,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6558,10 +6496,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_d6( +static void closure_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -6571,7 +6509,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { +shake128_init_absorb_final_50(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6593,11 +6531,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(copy_of_input); + return shake128_init_absorb_final_50(copy_of_input); } /** @@ -6606,7 +6544,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6637,9 +6575,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); + shake128_squeeze_first_three_blocks_00(self, ret); } /** @@ -6690,7 +6628,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_97( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_61( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6728,7 +6666,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6759,9 +6697,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); + shake128_squeeze_next_block_dd(self, ret); } /** @@ -6812,7 +6750,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_970( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_610( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6850,9 +6788,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e9( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6862,7 +6800,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_0c( +static KRML_MUSTINLINE void sample_from_xof_c1( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6871,25 +6809,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(copy_of_seeds); + shake128_init_absorb_final_a9_3f(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_97( + bool done = sample_from_uniform_distribution_next_61( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_970( + done = sample_from_uniform_distribution_next_610( copy_of_randomness, sampled_coefficients, out); } } @@ -6898,7 +6836,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e9(copy_of_out[i]);); + ret0[i] = closure_8a(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6910,12 +6848,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_43( +static KRML_MUSTINLINE void sample_matrix_A_ff( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_d6(A_transpose[i]);); + closure_ba(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6930,7 +6868,7 @@ static KRML_MUSTINLINE void sample_matrix_A_43( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_0c(copy_of_seeds, sampled); + sample_from_xof_c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6974,7 +6912,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7009,9 +6947,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); + PRFxN_ef(input, ret); } /** @@ -7021,8 +6959,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_41(randomness); +sample_from_binomial_distribution_8e(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_5f(randomness); } /** @@ -7033,11 +6971,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_e4( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7049,12 +6987,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); + PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf( + re_as_ntt[i0] = sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7078,7 +7016,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f3( +static KRML_MUSTINLINE void add_to_ring_element_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7098,14 +7036,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b( +static KRML_MUSTINLINE void compute_As_plus_e_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7126,10 +7064,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_47(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7148,10 +7086,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_f8( +static tuple_4c generate_keypair_unpacked_47( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); + G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7159,15 +7097,15 @@ static tuple_4c generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_ff(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7179,14 +7117,14 @@ static tuple_4c generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7237,7 +7175,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_1b();); } /** @@ -7249,7 +7187,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7267,7 +7205,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7276,7 +7214,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_f8(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_47(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 @@ -7287,7 +7225,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7297,19 +7235,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_51( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -7345,17 +7283,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_f8( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_f8(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_47(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_51( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7379,7 +7317,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7405,7 +7343,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_65(public_key, ret0); + H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7433,7 +7371,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7443,13 +7381,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_f8(ind_cpa_keypair_randomness); + generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_c9( + serialize_kem_secret_key_eb( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7458,13 +7396,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -7473,7 +7411,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7508,9 +7446,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); + PRFxN_ef0(input, ret); } /** @@ -7522,10 +7460,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7537,11 +7475,11 @@ sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); + PRFxN_a9_410(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7567,9 +7505,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -7578,18 +7516,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void invert_ntt_montgomery_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -7598,14 +7536,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_64( +static KRML_MUSTINLINE void compute_vector_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7625,11 +7563,11 @@ static KRML_MUSTINLINE void compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_47(&result0[i1], &product); } - invert_ntt_montgomery_c5(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_97(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7647,18 +7585,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c( +compute_ring_element_v_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_47(&result, &product);); + invert_ntt_montgomery_97(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -7671,7 +7609,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_52( +static void compress_then_serialize_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7687,7 +7625,7 @@ static void compress_then_serialize_u_52( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7710,15 +7648,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac( +static void encrypt_unpacked_06( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7728,7 +7666,7 @@ static void encrypt_unpacked_ac( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_b3(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e7(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7736,31 +7674,31 @@ static void encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e7(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_52( + compress_then_serialize_u_9f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7784,11 +7722,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -7798,7 +7736,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7811,7 +7749,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7821,7 +7759,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7842,11 +7780,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_15(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7866,22 +7804,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_50(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_30( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_ff(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7911,7 +7849,7 @@ static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7926,11 +7864,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7952,27 +7890,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d( + entropy_preprocess_af_15( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_a9_31(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7980,19 +7918,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e5(shared_secret, shared_secret_array); + kdf_af_6e(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8013,12 +7951,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8036,8 +7974,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); + ntt_vector_u_27(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8051,17 +7989,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c8( +compute_message_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_47(&result, &product);); + invert_ntt_montgomery_97(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -8075,19 +8013,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_07( +static void decrypt_unpacked_4c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_08( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c8(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8101,8 +8039,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -8126,14 +8064,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_07(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -8144,7 +8082,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8152,17 +8090,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -8170,11 +8108,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_ac(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_06(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8191,12 +8129,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_88( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8208,7 +8146,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8230,10 +8168,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + deserialize_secret_key_88(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8245,7 +8183,7 @@ static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_07(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8271,7 +8209,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_e2( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8289,9 +8227,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8299,7 +8237,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8307,36 +8245,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + kdf_af_6e(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e5(shared_secret0, shared_secret1); + kdf_af_6e(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index edb0c9772..6a24cf71d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_avx2_H @@ -77,7 +77,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c); __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( @@ -137,7 +137,7 @@ __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, __m256i rhs); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); + __m256i vec, __m256i constants); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -163,7 +163,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); + __m128i vec, __m128i constants); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta); @@ -207,7 +207,8 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + __m256i vec); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, int16_t zeta0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index fe31da61f..72dbc2626 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index a85df9d5b..0e8d513e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 0dd9bf381..1d9374fbc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_mlkem_portable.h" @@ -32,7 +32,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { +static const int16_t ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, @@ -66,6 +66,10 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) { + return ZETAS_TIMES_MONTGOMERY_R[i]; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -75,7 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_f9(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -171,30 +175,28 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + ret[0U] = r0_10.fst; + ret[1U] = r0_10.snd; + ret[2U] = r0_10.thd; + ret[3U] = r0_10.f3; + ret[4U] = r0_10.f4; + ret[5U] = r0_10.f5; + ret[6U] = r0_10.f6; + ret[7U] = r0_10.f7; + ret[8U] = r0_10.f8; + ret[9U] = r0_10.f9; + ret[10U] = r0_10.f10; + ret[11U] = r11_21.fst; + ret[12U] = r11_21.snd; + ret[13U] = r11_21.thd; + ret[14U] = r11_21.f3; + ret[15U] = r11_21.f4; + ret[16U] = r11_21.f5; + ret[17U] = r11_21.f6; + ret[18U] = r11_21.f7; + ret[19U] = r11_21.f8; + ret[20U] = r11_21.f9; + ret[21U] = r11_21.f10; } /** @@ -270,28 +272,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -299,25 +279,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -860,6 +839,28 @@ const uint8_t {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U}}; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -876,8 +877,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = - core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } return lhs; } @@ -900,9 +901,8 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = - core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); - lhs.elements[i0] = uu____0; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; } return lhs; } @@ -920,14 +920,14 @@ libcrux_ml_kem_vector_portable_sub_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); - v.elements[i0] = uu____0; + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] * c; } - return v; + return vec; } /** @@ -936,20 +936,20 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + vec.elements[uu____0] = vec.elements[uu____0] & c; } - return v; + return vec; } /** @@ -965,16 +965,16 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) { + if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } } - return v; + return vec; } /** @@ -1018,9 +1018,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - vec.elements[i0] = + int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( vec.elements[i0]); + vec.elements[i0] = vi; } return vec; } @@ -1090,15 +1091,15 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); + vec.elements[i0], c); } - return v; + return vec; } /** @@ -1184,36 +1185,36 @@ int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; + vec->elements[j], zeta); + vec->elements[j] = vec->elements[i] - t; + vec->elements[i] = vec->elements[i] + t; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1230,25 +1231,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1264,22 +1265,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1293,38 +1297,39 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { + int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + vec->elements[i] + vec->elements[j]); + int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); + vec->elements[i] = o0; + vec->elements[j] = o1; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1341,25 +1346,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1376,24 +1381,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1406,43 +1412,31 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `Xยฒ - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: aโ‚€, aโ‚, bโ‚€, bโ‚ โˆˆ โ„คq. - Input: ฮณ โˆˆ โ„คq. - Output: cโ‚€, cโ‚ โˆˆ โ„คq. - - cโ‚€ โ† aโ‚€ยทbโ‚€ + aโ‚ยทbโ‚ยทฮณ - cโ‚ โ† aโ‚€ยทbโ‚ + aโ‚ยทbโ‚€ - return cโ‚€, cโ‚ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); + int16_t ai = a->elements[i]; + int16_t bi = b->elements[i]; + int16_t aj = a->elements[j]; + int16_t bj = b->elements[j]; + int32_t ai_bi = (int32_t)ai * (int32_t)bi; + int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; + int16_t aj_bj = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + aj_bj_); + int32_t aj_bj_zeta = (int32_t)aj_bj * (int32_t)zeta; + int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; + int16_t o0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + ai_bi_aj_bj); + int32_t ai_bj = (int32_t)ai * (int32_t)bj; + int32_t aj_bi = (int32_t)aj * (int32_t)bi; + int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); + ai_bj_aj_bi); out->elements[i] = o0; out->elements[j] = o1; } @@ -1452,24 +1446,28 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t nzeta0 = -zeta0; + int16_t nzeta1 = -zeta1; + int16_t nzeta2 = -zeta2; + int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); return out; } @@ -1489,18 +1487,24 @@ libcrux_ml_kem_vector_portable_ntt_multiply_0d( KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = (uint32_t)result[uu____1] | - (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + uint8_t result0 = (((((((uint32_t)(uint8_t)v.elements[0U] | + (uint32_t)(uint8_t)v.elements[1U] << 1U) | + (uint32_t)(uint8_t)v.elements[2U] << 2U) | + (uint32_t)(uint8_t)v.elements[3U] << 3U) | + (uint32_t)(uint8_t)v.elements[4U] << 4U) | + (uint32_t)(uint8_t)v.elements[5U] << 5U) | + (uint32_t)(uint8_t)v.elements[6U] << 6U) | + (uint32_t)(uint8_t)v.elements[7U] << 7U; + uint8_t result1 = (((((((uint32_t)(uint8_t)v.elements[8U] | + (uint32_t)(uint8_t)v.elements[9U] << 1U) | + (uint32_t)(uint8_t)v.elements[10U] << 2U) | + (uint32_t)(uint8_t)v.elements[11U] << 3U) | + (uint32_t)(uint8_t)v.elements[12U] << 4U) | + (uint32_t)(uint8_t)v.elements[13U] << 5U) | + (uint32_t)(uint8_t)v.elements[14U] << 6U) | + (uint32_t)(uint8_t)v.elements[15U] << 7U; + ret[0U] = result0; + ret[1U] = result1; } /** @@ -1515,23 +1519,86 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; + int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) & + 1U); + int16_t result1 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result2 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result3 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result4 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result5 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result6 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result7 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 7U & + 1U); + int16_t result8 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) & + 1U); + int16_t result9 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result10 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result11 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result12 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result13 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result14 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result15 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 7U & + 1U); + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = result0; + lit.elements[1U] = result1; + lit.elements[2U] = result2; + lit.elements[3U] = result3; + lit.elements[4U] = result4; + lit.elements[5U] = result5; + lit.elements[6U] = result6; + lit.elements[7U] = result7; + lit.elements[8U] = result8; + lit.elements[9U] = result9; + lit.elements[10U] = result10; + lit.elements[11U] = result11; + lit.elements[12U] = result12; + lit.elements[13U] = result13; + lit.elements[14U] = result14; + lit.elements[15U] = result15; + return lit; } /** @@ -1580,16 +1647,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); + ret[0U] = result0_3.fst; + ret[1U] = result0_3.snd; + ret[2U] = result0_3.thd; + ret[3U] = result0_3.f3; + ret[4U] = result4_7.fst; + ret[5U] = result4_7.snd; + ret[6U] = result4_7.thd; + ret[7U] = result4_7.f3; } /** @@ -1649,25 +1714,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1712,18 +1776,16 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; } /** @@ -1794,25 +1856,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1873,28 +1934,26 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; + ret[10U] = r10_14.fst; + ret[11U] = r10_14.snd; + ret[12U] = r10_14.thd; + ret[13U] = r10_14.f3; + ret[14U] = r10_14.f4; + ret[15U] = r15_19.fst; + ret[16U] = r15_19.snd; + ret[17U] = r15_19.thd; + ret[18U] = r15_19.f3; + ret[19U] = r15_19.f4; } /** @@ -1973,25 +2032,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2042,32 +2100,30 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); + ret[0U] = r0_2.fst; + ret[1U] = r0_2.snd; + ret[2U] = r0_2.thd; + ret[3U] = r3_5.fst; + ret[4U] = r3_5.snd; + ret[5U] = r3_5.thd; + ret[6U] = r6_8.fst; + ret[7U] = r6_8.snd; + ret[8U] = r6_8.thd; + ret[9U] = r9_11.fst; + ret[10U] = r9_11.snd; + ret[11U] = r9_11.thd; + ret[12U] = r12_14.fst; + ret[13U] = r12_14.snd; + ret[14U] = r12_14.thd; + ret[15U] = r15_17.fst; + ret[16U] = r15_17.snd; + ret[17U] = r15_17.thd; + ret[18U] = r18_20.fst; + ret[19U] = r18_20.snd; + ret[20U] = r18_20.thd; + ret[21U] = r21_23.fst; + ret[22U] = r21_23.snd; + ret[23U] = r21_23.thd; } /** @@ -2115,25 +2171,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_1.fst; + lit.elements[1U] = v0_1.snd; + lit.elements[2U] = v2_3.fst; + lit.elements[3U] = v2_3.snd; + lit.elements[4U] = v4_5.fst; + lit.elements[5U] = v4_5.snd; + lit.elements[6U] = v6_7.fst; + lit.elements[7U] = v6_7.snd; + lit.elements[8U] = v8_9.fst; + lit.elements[9U] = v8_9.snd; + lit.elements[10U] = v10_11.fst; + lit.elements[11U] = v10_11.snd; + lit.elements[12U] = v12_13.fst; + lit.elements[13U] = v12_13.snd; + lit.elements[14U] = v14_15.fst; + lit.elements[15U] = v14_15.snd; + return lit; } /** @@ -2234,7 +2289,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_9a(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_1c(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,8 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_reduced_ring_element_62(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2284,12 +2339,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_071( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2301,7 +2356,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2315,13 +2370,13 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_58(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; } - return v; + return vec; } /** @@ -2334,8 +2389,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_53(v); +shift_right_0d_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_58(v); } /** @@ -2345,10 +2400,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_39( +to_unsigned_representative_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_e7(a); + shift_right_0d_f1(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2361,14 +2416,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_a6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re->coefficients[i0]); + to_unsigned_representative_87(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2386,7 +2441,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f01( +static KRML_MUSTINLINE void serialize_secret_key_cd1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2404,7 +2459,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f01( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2419,14 +2474,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_951( +static KRML_MUSTINLINE void serialize_public_key_771( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f01(t_as_ntt, ret0); + serialize_secret_key_cd1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2446,15 +2501,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_071( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_771( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2485,7 +2540,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2496,10 +2551,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_441( +static void closure_a31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -2518,7 +2573,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_401(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2549,11 +2604,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(copy_of_input); + return shake128_init_absorb_final_401(copy_of_input); } /** @@ -2562,7 +2617,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2583,9 +2638,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); + shake128_squeeze_first_three_blocks_9a1(self, ret); } /** @@ -2636,7 +2691,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_833( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_893( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2674,7 +2729,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2695,9 +2750,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); + shake128_squeeze_next_block_ea1(self, ret); } /** @@ -2748,7 +2803,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_894( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2791,8 +2846,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_8d(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); +from_i16_array_20_d3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2812,9 +2867,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2825,7 +2880,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_611( +static KRML_MUSTINLINE void sample_from_xof_1b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2833,25 +2888,25 @@ static KRML_MUSTINLINE void sample_from_xof_611( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_833( + bool done = sample_from_uniform_distribution_next_893( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_041(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_834( + done = sample_from_uniform_distribution_next_894( copy_of_randomness, sampled_coefficients, out); } } @@ -2860,7 +2915,7 @@ static KRML_MUSTINLINE void sample_from_xof_611( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_6a1(copy_of_out[i]);); + ret0[i] = closure_2c1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2873,12 +2928,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_451( +static KRML_MUSTINLINE void sample_matrix_A_0b1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_441(A_transpose[i]);); + closure_a31(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2893,7 +2948,7 @@ static KRML_MUSTINLINE void sample_matrix_A_451( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_611(copy_of_seeds, sampled); + sample_from_xof_1b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2937,7 +2992,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2958,60 +3013,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_d32(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v โˆˆ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B โˆˆ ๐”น^{64ฮท}. - Output: array f โˆˆ โ„คโ‚‚โ‚…โ‚†. - - b โ† BytesToBits(B) - for (i โ† 0; i < 256; i++) - x โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + j] - y โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + ฮท + j] - f[i] โ† xโˆ’y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3019,7 +3025,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_d9(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3053,7 +3059,7 @@ sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3064,7 +3070,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_af(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3097,7 +3103,7 @@ sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3108,8 +3114,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_b3(randomness); +sample_from_binomial_distribution_d8(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_d9(randomness); } /** @@ -3118,7 +3124,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_3e( +static KRML_MUSTINLINE void ntt_at_layer_7_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3146,7 +3152,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_10( +montgomery_multiply_fe_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3160,12 +3166,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_10(b, zeta_r); + montgomery_multiply_fe_77(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3179,7 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3192,9 +3198,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_67( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -3209,7 +3215,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_9c( +static KRML_MUSTINLINE void ntt_at_layer_3_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3217,7 +3223,7 @@ static KRML_MUSTINLINE void ntt_at_layer_3_9c( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0;); } @@ -3227,7 +3233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6b( +static KRML_MUSTINLINE void ntt_at_layer_2_8a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3235,9 +3241,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_6b( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -3247,7 +3252,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_37( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3255,13 +3260,10 @@ static KRML_MUSTINLINE void ntt_at_layer_1_37( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } @@ -3275,7 +3277,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void poly_barrett_reduce_20_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3293,17 +3295,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_37( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_3e(re); + ntt_at_layer_7_99(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -3315,11 +3317,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_061( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3331,12 +3333,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3361,26 +3363,22 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_23(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_multiply_0d( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; @@ -3396,7 +3394,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e1( +static KRML_MUSTINLINE void add_to_ring_element_20_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3421,7 +3419,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_d6( +to_standard_domain_22( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3437,14 +3435,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_7d( +static KRML_MUSTINLINE void add_standard_error_reduce_20_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_d6(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_22(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3459,14 +3457,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e1( +static KRML_MUSTINLINE void compute_As_plus_e_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3487,10 +3485,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc1(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3510,10 +3508,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a11( +static tuple_540 generate_keypair_unpacked_831( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_d01(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3521,15 +3519,15 @@ static tuple_540 generate_keypair_unpacked_a11( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_451(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_0b1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3541,14 +3539,14 @@ static tuple_540 generate_keypair_unpacked_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_561(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_061(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_0e1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -3597,10 +3595,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a11( +static void closure_d61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -3613,7 +3611,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_20( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3635,7 +3633,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3654,7 +3652,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3663,18 +3661,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_a11(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_831(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a11(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_d61(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3684,19 +3682,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_771( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -3733,17 +3731,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c01( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a11(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_831(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_771( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f01(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3767,7 +3765,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_50( +static KRML_MUSTINLINE void serialize_kem_secret_key_d5( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3793,7 +3791,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_fd1(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3823,7 +3821,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3832,13 +3830,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c01(ind_cpa_keypair_randomness); + generate_keypair_fc1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_50( + serialize_kem_secret_key_d5( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3847,13 +3845,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b11( + uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); } /** @@ -3866,10 +3864,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a21(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3881,11 +3879,11 @@ sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3906,7 +3904,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3923,9 +3921,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -3934,7 +3932,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_e7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3942,13 +3940,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -3958,7 +3953,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3966,9 +3961,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -3978,7 +3972,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3986,7 +3980,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0;); } @@ -3998,7 +3992,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_42( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4006,7 +4000,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = montgomery_multiply_fe_77(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4018,7 +4012,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4033,9 +4027,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_42( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -4050,18 +4044,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_271( +static KRML_MUSTINLINE void invert_ntt_montgomery_311( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -4074,7 +4068,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_fc( +static KRML_MUSTINLINE void add_error_reduce_20_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4098,14 +4092,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a21( +static KRML_MUSTINLINE void compute_vector_u_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4125,11 +4119,11 @@ static KRML_MUSTINLINE void compute_vector_u_a21( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc1(&result0[i1], &product); } - invert_ntt_montgomery_271(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_311(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4147,11 +4141,15 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = +decompress_1_4c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); - return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665); + libcrux_ml_kem_vector_portable_vector_type_PortableVector s = + libcrux_ml_kem_vector_portable_sub_0d(z, &vec); + libcrux_ml_kem_vector_portable_vector_type_PortableVector res = + libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + s, (int16_t)1665); + return res; } /** @@ -4161,8 +4159,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_08(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_message_52(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4172,7 +4170,7 @@ deserialize_then_decompress_message_08(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5f(coefficient_compressed); + decompress_1_4c(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4188,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_0f( +add_message_error_reduce_20_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,18 +4216,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_041( +compute_ring_element_v_661( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc1(&result, &product);); + invert_ntt_montgomery_311(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -4239,7 +4237,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4260,9 +4258,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_73( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f(v); + return compress_0c(v); } /** @@ -4271,7 +4269,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4293,8 +4291,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_730(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f0(v); +compress_0d_9a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c0(v); } /** @@ -4303,14 +4301,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_250( +static KRML_MUSTINLINE void compress_then_serialize_11_e20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_730(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_9a0(to_unsigned_representative_87(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4328,10 +4326,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_250(re, uu____0); + compress_then_serialize_11_e20(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4344,7 +4342,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_a41( +static void compress_then_serialize_u_ed1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4360,7 +4358,7 @@ static void compress_then_serialize_u_a41( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4c0(&re, ret); + compress_then_serialize_ring_element_u_310(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4372,7 +4370,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4392,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_731(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f1(v); +compress_0d_9a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c1(v); } /** @@ -4404,7 +4402,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_53( +static KRML_MUSTINLINE void compress_then_serialize_4_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4413,7 +4411,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_731(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_9a1(to_unsigned_representative_87(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4429,7 +4427,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4451,8 +4449,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_732(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f2(v); +compress_0d_9a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c2(v); } /** @@ -4461,7 +4459,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_94( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4470,7 +4468,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_732(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_9a2(to_unsigned_representative_87(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,9 +4485,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_94(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -4510,15 +4508,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e1( +static void encrypt_unpacked_d71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4528,7 +4526,7 @@ static void encrypt_unpacked_8e1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_151(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a21(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4536,31 +4534,31 @@ static void encrypt_unpacked_8e1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a21(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_661(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a41( + compress_then_serialize_u_ed1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc0( + compress_then_serialize_ring_element_v_2d0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4585,11 +4583,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4599,7 +4597,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4612,7 +4610,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_8e1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4622,7 +4620,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4643,11 +4641,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_9b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_da(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4668,22 +4666,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_951(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_071( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_451(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_0b1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -4713,7 +4711,7 @@ static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d71(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4728,11 +4726,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_4a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3b(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4754,27 +4752,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_9b( + entropy_preprocess_af_da( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_f1_fd1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4782,19 +4780,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_971(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_951(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_4a(shared_secret, shared_secret_array); + kdf_af_3b(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4814,7 +4812,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_63( +decompress_ciphertext_coefficient_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4839,9 +4837,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_80( +decompress_ciphertext_coefficient_0d_8f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_63(v); + return decompress_ciphertext_coefficient_df(v); } /** @@ -4851,8 +4849,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_10_0e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4868,7 +4866,7 @@ deserialize_then_decompress_10_26(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_80(coefficient); + decompress_ciphertext_coefficient_0d_8f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4881,7 +4879,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_630( +decompress_ciphertext_coefficient_df0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4906,9 +4904,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_800( +decompress_ciphertext_coefficient_0d_8f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_630(v); + return decompress_ciphertext_coefficient_df0(v); } /** @@ -4918,8 +4916,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_11_73(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4928,7 +4926,7 @@ deserialize_then_decompress_11_fe(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_800(coefficient); + decompress_ciphertext_coefficient_0d_8f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4941,8 +4939,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_110(Eurydice_slice serialized) { - return deserialize_then_decompress_11_fe(serialized); +deserialize_then_decompress_ring_element_u_990(Eurydice_slice serialized) { + return deserialize_then_decompress_11_73(serialized); } /** @@ -4951,17 +4949,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2e0( +static KRML_MUSTINLINE void ntt_vector_u_740( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -4972,12 +4970,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_031( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b81( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4995,8 +4993,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_031( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_110(u_bytes); - ntt_vector_u_2e0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_990(u_bytes); + ntt_vector_u_740(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5010,7 +5008,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_631( +decompress_ciphertext_coefficient_df1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5035,9 +5033,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_801( +decompress_ciphertext_coefficient_0d_8f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_631(v); + return decompress_ciphertext_coefficient_df1(v); } /** @@ -5047,8 +5045,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_ab(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_4_33(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5057,7 +5055,7 @@ deserialize_then_decompress_4_ab(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_801(coefficient); + decompress_ciphertext_coefficient_0d_8f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5070,7 +5068,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_632( +decompress_ciphertext_coefficient_df2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5095,9 +5093,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_802( +decompress_ciphertext_coefficient_0d_8f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_632(v); + return decompress_ciphertext_coefficient_df2(v); } /** @@ -5107,8 +5105,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_5c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_5_df(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5117,7 +5115,7 @@ deserialize_then_decompress_5_5c(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_802(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_8f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5130,8 +5128,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_5c(serialized); +deserialize_then_decompress_ring_element_v_bf0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_df(serialized); } /** @@ -5145,7 +5143,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_4b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_78(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5170,17 +5168,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a1( +compute_message_3b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc1(&result, &product);); + invert_ntt_montgomery_311(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -5190,13 +5188,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_80( +static KRML_MUSTINLINE void compress_then_serialize_message_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re.coefficients[i0]); + to_unsigned_representative_87(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5220,19 +5218,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_681( +static void decrypt_unpacked_871( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_031(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b81(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f0( + deserialize_then_decompress_ring_element_v_bf0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5241,7 +5239,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5258,8 +5256,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -5284,15 +5282,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_681(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_871(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5303,7 +5301,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5311,17 +5309,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5329,11 +5327,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d71(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5351,8 +5349,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_30(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_uncompressed_ring_element_7b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5371,12 +5369,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_681( +static KRML_MUSTINLINE void deserialize_secret_key_751( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5388,7 +5386,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_681( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5410,10 +5408,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c31(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_681(secret_key, secret_as_ntt); + deserialize_secret_key_751(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5425,7 +5423,7 @@ static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_681(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_871(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5451,7 +5449,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_161( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5470,9 +5468,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b41(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c31(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5480,7 +5478,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5488,39 +5486,37 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_971(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_951(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4a(Eurydice_array_to_slice((size_t)32U, + kdf_af_3b(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_4a(shared_secret0, shared_secret1); + kdf_af_3b(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5529,12 +5525,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_070( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5546,7 +5542,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5561,7 +5557,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f00( +static KRML_MUSTINLINE void serialize_secret_key_cd0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5579,7 +5575,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f00( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5594,14 +5590,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_950( +static KRML_MUSTINLINE void serialize_public_key_770( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f00(t_as_ntt, ret0); + serialize_secret_key_cd0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5621,15 +5617,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_070( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_770( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5660,7 +5656,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5671,10 +5667,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_440( +static void closure_a30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -5693,7 +5689,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_400(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5724,11 +5720,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(copy_of_input); + return shake128_init_absorb_final_400(copy_of_input); } /** @@ -5737,7 +5733,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5758,9 +5754,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); + shake128_squeeze_first_three_blocks_9a0(self, ret); } /** @@ -5811,7 +5807,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_831( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_891( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5849,7 +5845,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5870,9 +5866,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); + shake128_squeeze_next_block_ea0(self, ret); } /** @@ -5923,7 +5919,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_832( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_892( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5962,9 +5958,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5975,7 +5971,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_610( +static KRML_MUSTINLINE void sample_from_xof_1b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5983,25 +5979,25 @@ static KRML_MUSTINLINE void sample_from_xof_610( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_831( + bool done = sample_from_uniform_distribution_next_891( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_040(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_832( + done = sample_from_uniform_distribution_next_892( copy_of_randomness, sampled_coefficients, out); } } @@ -6010,7 +6006,7 @@ static KRML_MUSTINLINE void sample_from_xof_610( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_6a0(copy_of_out[i]);); + ret0[i] = closure_2c0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6023,12 +6019,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_450( +static KRML_MUSTINLINE void sample_matrix_A_0b0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_440(A_transpose[i]);); + closure_a30(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6043,7 +6039,7 @@ static KRML_MUSTINLINE void sample_matrix_A_450( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_610(copy_of_seeds, sampled); + sample_from_xof_1b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6087,7 +6083,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6108,9 +6104,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_d30(input, ret); } /** @@ -6120,8 +6116,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_25(randomness); +sample_from_binomial_distribution_d80(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_af(randomness); } /** @@ -6133,11 +6129,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_060( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6149,12 +6145,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c30( + re_as_ntt[i0] = sample_from_binomial_distribution_d80( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6178,7 +6174,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e0( +static KRML_MUSTINLINE void add_to_ring_element_20_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6202,14 +6198,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e0( +static KRML_MUSTINLINE void compute_As_plus_e_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6230,10 +6226,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc0(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6253,10 +6249,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_a10( +static tuple_4c0 generate_keypair_unpacked_830( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_d00(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6264,15 +6260,15 @@ static tuple_4c0 generate_keypair_unpacked_a10( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_450(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_0b0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6284,14 +6280,14 @@ static tuple_4c0 generate_keypair_unpacked_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_560(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_060(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_0e0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -6340,10 +6336,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a10( +static void closure_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -6355,7 +6351,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6374,7 +6370,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6383,18 +6379,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_830(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a10(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_d60(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6404,19 +6400,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_950( + serialize_public_key_770( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6453,17 +6449,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c00( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_830(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_770( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f00(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6487,7 +6483,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_fb( +static KRML_MUSTINLINE void serialize_kem_secret_key_9d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6513,7 +6509,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_fb( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_fd0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6543,7 +6539,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6552,13 +6548,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c00(ind_cpa_keypair_randomness); + generate_keypair_fc0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_fb( + serialize_kem_secret_key_9d( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6567,13 +6563,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -6582,7 +6578,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6603,9 +6599,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_d31(input, ret); } /** @@ -6618,10 +6614,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a20(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6633,11 +6629,11 @@ sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_bf1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6663,9 +6659,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -6674,18 +6670,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_270( +static KRML_MUSTINLINE void invert_ntt_montgomery_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -6694,14 +6690,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a20( +static KRML_MUSTINLINE void compute_vector_u_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6721,11 +6717,11 @@ static KRML_MUSTINLINE void compute_vector_u_a20( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc0(&result0[i1], &product); } - invert_ntt_montgomery_270(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_310(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6743,18 +6739,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_040( +compute_ring_element_v_660( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc0(&result, &product);); + invert_ntt_montgomery_310(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -6764,14 +6760,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_51( +static KRML_MUSTINLINE void compress_then_serialize_10_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_73(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_9a(to_unsigned_representative_87(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6789,10 +6785,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_51(re, uu____0); + compress_then_serialize_10_a9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6805,7 +6801,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a40( +static void compress_then_serialize_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6821,7 +6817,7 @@ static void compress_then_serialize_u_a40( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6834,9 +6830,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_53(re, out); + compress_then_serialize_4_55(re, out); } /** @@ -6857,15 +6853,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e0( +static void encrypt_unpacked_d70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6875,7 +6871,7 @@ static void encrypt_unpacked_8e0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_150(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a20(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6883,31 +6879,31 @@ static void encrypt_unpacked_8e0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a20(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_660(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a40( + compress_then_serialize_u_ed0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6932,11 +6928,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6946,7 +6942,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6959,7 +6955,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_8e0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6969,7 +6965,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6990,11 +6986,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_b2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_e3(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7015,22 +7011,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_950(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_070( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_450(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_0b0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -7060,7 +7056,7 @@ static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d70(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7075,11 +7071,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_56(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7101,27 +7097,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_b2( + entropy_preprocess_af_e3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_f1_fd0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7129,19 +7125,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_970(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_950(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ff(shared_secret, shared_secret_array); + kdf_af_56(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7161,8 +7157,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_11(Eurydice_slice serialized) { - return deserialize_then_decompress_10_26(serialized); +deserialize_then_decompress_ring_element_u_99(Eurydice_slice serialized) { + return deserialize_then_decompress_10_0e(serialized); } /** @@ -7171,17 +7167,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2e( +static KRML_MUSTINLINE void ntt_vector_u_74( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -7192,12 +7188,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_030( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b80( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7215,8 +7211,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_030( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); + ntt_vector_u_74(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7230,8 +7226,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ab(serialized); +deserialize_then_decompress_ring_element_v_bf(Eurydice_slice serialized) { + return deserialize_then_decompress_4_33(serialized); } /** @@ -7241,17 +7237,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a0( +compute_message_3b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc0(&result, &product);); + invert_ntt_montgomery_310(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -7265,19 +7261,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_680( +static void decrypt_unpacked_870( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_030(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b80(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_bf( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7291,8 +7287,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -7317,14 +7313,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_680(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_870(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -7335,7 +7331,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7343,17 +7339,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -7361,11 +7357,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d70(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7382,12 +7378,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_680( +static KRML_MUSTINLINE void deserialize_secret_key_750( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7399,7 +7395,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_680( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7421,10 +7417,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c30(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_680(secret_key, secret_as_ntt); + deserialize_secret_key_750(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7436,7 +7432,7 @@ static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_680(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_870(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7462,7 +7458,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_160( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7480,9 +7476,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b40(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7490,7 +7486,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7498,39 +7494,37 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_970(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_950(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ff(Eurydice_array_to_slice((size_t)32U, + kdf_af_56(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ff(shared_secret0, shared_secret1); + kdf_af_56(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -7539,12 +7533,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_07( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7556,7 +7550,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7571,7 +7565,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f0( +static KRML_MUSTINLINE void serialize_secret_key_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7589,7 +7583,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7604,14 +7598,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_95( +static KRML_MUSTINLINE void serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f0(t_as_ntt, ret0); + serialize_secret_key_cd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7631,15 +7625,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_07( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7670,7 +7664,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7681,10 +7675,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_44( +static void closure_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -7703,7 +7697,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_40(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7734,11 +7728,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(copy_of_input); + return shake128_init_absorb_final_40(copy_of_input); } /** @@ -7747,7 +7741,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7768,9 +7762,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); + shake128_squeeze_first_three_blocks_9a(self, ret); } /** @@ -7821,7 +7815,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_83( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7859,7 +7853,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7880,9 +7874,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); + shake128_squeeze_next_block_ea(self, ret); } /** @@ -7933,7 +7927,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_830( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7972,9 +7966,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7985,7 +7979,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_61( +static KRML_MUSTINLINE void sample_from_xof_1b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7993,25 +7987,25 @@ static KRML_MUSTINLINE void sample_from_xof_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_83( + bool done = sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_04(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_830( + done = sample_from_uniform_distribution_next_890( copy_of_randomness, sampled_coefficients, out); } } @@ -8020,7 +8014,7 @@ static KRML_MUSTINLINE void sample_from_xof_61( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_6a(copy_of_out[i]);); + ret0[i] = closure_2c(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8033,12 +8027,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_45( +static KRML_MUSTINLINE void sample_matrix_A_0b( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_44(A_transpose[i]);); + closure_a3(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8053,7 +8047,7 @@ static KRML_MUSTINLINE void sample_matrix_A_45( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_61(copy_of_seeds, sampled); + sample_from_xof_1b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8097,7 +8091,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8118,9 +8112,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_d3(input, ret); } /** @@ -8132,11 +8126,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_06( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8148,12 +8142,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8177,7 +8171,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e( +static KRML_MUSTINLINE void add_to_ring_element_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8201,14 +8195,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e( +static KRML_MUSTINLINE void compute_As_plus_e_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8229,10 +8223,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8252,10 +8246,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a1( +static tuple_9b generate_keypair_unpacked_83( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8263,15 +8257,15 @@ static tuple_9b generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_0b(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8283,14 +8277,14 @@ static tuple_9b generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8339,10 +8333,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a1( +static void closure_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_1c();); } /** @@ -8354,7 +8348,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8373,7 +8367,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8382,18 +8376,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_a1(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_83(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_d6(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8403,19 +8397,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_77( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -8452,17 +8446,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c0( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a1(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_83(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_77( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8486,7 +8480,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void serialize_kem_secret_key_d7( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8512,7 +8506,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8542,7 +8536,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8551,13 +8545,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c0(ind_cpa_keypair_randomness); + generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_cd( + serialize_kem_secret_key_d7( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8566,13 +8560,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b10( + uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); } /** @@ -8585,10 +8579,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8600,11 +8594,11 @@ sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8630,9 +8624,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -8641,18 +8635,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_27( +static KRML_MUSTINLINE void invert_ntt_montgomery_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -8661,14 +8655,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a2( +static KRML_MUSTINLINE void compute_vector_u_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8688,11 +8682,11 @@ static KRML_MUSTINLINE void compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc(&result0[i1], &product); } - invert_ntt_montgomery_27(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_31(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8710,18 +8704,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_04( +compute_ring_element_v_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc(&result, &product);); + invert_ntt_montgomery_31(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -8734,7 +8728,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a4( +static void compress_then_serialize_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8750,7 +8744,7 @@ static void compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8774,15 +8768,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e( +static void encrypt_unpacked_d7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8792,7 +8786,7 @@ static void encrypt_unpacked_8e( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_15(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a2(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8800,31 +8794,31 @@ static void encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_66(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a4( + compress_then_serialize_u_ed( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8849,11 +8843,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8863,7 +8857,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8876,7 +8870,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8886,7 +8880,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8907,11 +8901,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ac(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -8932,22 +8926,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_95(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_07( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_0b(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8977,7 +8971,7 @@ static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8992,11 +8986,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_3f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -9018,27 +9012,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ac( + entropy_preprocess_af_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_f1_fd(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9046,19 +9040,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_3f(shared_secret, shared_secret_array); + kdf_af_a2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9079,12 +9073,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_03( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b8( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9102,8 +9096,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_03( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); + ntt_vector_u_74(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9117,17 +9111,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a( +compute_message_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc(&result, &product);); + invert_ntt_montgomery_31(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -9141,19 +9135,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_68( +static void decrypt_unpacked_87( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_03(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b8(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_bf( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9167,8 +9161,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -9193,14 +9187,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_68(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_87(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -9211,7 +9205,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9219,17 +9213,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -9237,11 +9231,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d7(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9258,12 +9252,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_68( +static KRML_MUSTINLINE void deserialize_secret_key_75( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9275,7 +9269,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_68( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9297,10 +9291,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c3(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_68(secret_key, secret_as_ntt); + deserialize_secret_key_75(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9312,7 +9306,7 @@ static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_68(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_87(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9338,7 +9332,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_16( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9356,9 +9350,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c3(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9366,7 +9360,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9374,36 +9368,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3f(Eurydice_array_to_slice((size_t)32U, + kdf_af_a2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3f(shared_secret0, shared_secret1); + kdf_af_a2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 71eea2534..96aea78f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_portable_H @@ -96,9 +96,6 @@ typedef struct int16_t_x8_s { int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -125,6 +122,9 @@ extern const uint8_t libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] [16U]; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -162,7 +162,7 @@ libcrux_ml_kem_vector_portable_sub_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -170,11 +170,11 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -186,7 +186,7 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -275,7 +275,7 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -329,13 +329,13 @@ int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe); void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j); + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -348,8 +348,8 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -362,7 +362,8 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -373,13 +374,13 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j); + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -392,8 +393,8 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -406,7 +407,8 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -416,28 +418,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `Xยฒ - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: aโ‚€, aโ‚, bโ‚€, bโ‚ โˆˆ โ„คq. - Input: ฮณ โˆˆ โ„คq. - Output: cโ‚€, cโ‚ โˆˆ โ„คq. - - cโ‚€ โ† aโ‚€ยทbโ‚€ + aโ‚ยทbโ‚ยทฮณ - cโ‚ โ† aโ‚€ยทbโ‚ + aโ‚ยทbโ‚€ - return cโ‚€, cโ‚ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index dbca50d4c..d2431db67 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 633f1d30a..a99c22075 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_sha3_avx2.h" @@ -46,14 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_21(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_58(b)); + return mm256_xor_si256(uu____0, rotate_left_21(b)); } /** @@ -176,7 +176,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { +new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -211,7 +211,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -331,13 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_ef_16(__m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); + load_block_fe(uu____0, copy_of_b); } /** @@ -346,7 +346,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_210(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), mm256_srli_epi64((int32_t)28, x, __m256i)); } @@ -357,9 +357,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_580(ab); + return rotate_left_210(ab); } /** @@ -372,8 +372,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { - return _vxarq_u64_c1(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return _vxarq_u64_13(a, b); } /** @@ -382,7 +382,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_211(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), mm256_srli_epi64((int32_t)61, x, __m256i)); } @@ -393,9 +393,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_581(ab); + return rotate_left_211(ab); } /** @@ -408,8 +408,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { - return _vxarq_u64_c10(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return _vxarq_u64_130(a, b); } /** @@ -418,7 +418,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_212(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), mm256_srli_epi64((int32_t)23, x, __m256i)); } @@ -429,9 +429,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_582(ab); + return rotate_left_212(ab); } /** @@ -444,8 +444,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { - return _vxarq_u64_c11(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return _vxarq_u64_131(a, b); } /** @@ -454,7 +454,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_213(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), mm256_srli_epi64((int32_t)46, x, __m256i)); } @@ -465,9 +465,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_583(ab); + return rotate_left_213(ab); } /** @@ -480,8 +480,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { - return _vxarq_u64_c12(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return _vxarq_u64_132(a, b); } /** @@ -490,9 +490,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_58(ab); + return rotate_left_21(ab); } /** @@ -505,8 +505,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { - return _vxarq_u64_c13(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return _vxarq_u64_133(a, b); } /** @@ -515,7 +515,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_214(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), mm256_srli_epi64((int32_t)20, x, __m256i)); } @@ -526,9 +526,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_584(ab); + return rotate_left_214(ab); } /** @@ -541,8 +541,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { - return _vxarq_u64_c14(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return _vxarq_u64_134(a, b); } /** @@ -551,7 +551,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_215(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), mm256_srli_epi64((int32_t)54, x, __m256i)); } @@ -562,9 +562,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_585(ab); + return rotate_left_215(ab); } /** @@ -577,8 +577,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { - return _vxarq_u64_c15(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return _vxarq_u64_135(a, b); } /** @@ -587,7 +587,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_216(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), mm256_srli_epi64((int32_t)19, x, __m256i)); } @@ -598,9 +598,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_586(ab); + return rotate_left_216(ab); } /** @@ -613,8 +613,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { - return _vxarq_u64_c16(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return _vxarq_u64_136(a, b); } /** @@ -623,7 +623,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_217(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), mm256_srli_epi64((int32_t)62, x, __m256i)); } @@ -634,9 +634,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_587(ab); + return rotate_left_217(ab); } /** @@ -649,8 +649,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { - return _vxarq_u64_c17(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return _vxarq_u64_137(a, b); } /** @@ -659,7 +659,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_218(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), mm256_srli_epi64((int32_t)2, x, __m256i)); } @@ -670,9 +670,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_588(ab); + return rotate_left_218(ab); } /** @@ -685,8 +685,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { - return _vxarq_u64_c18(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return _vxarq_u64_138(a, b); } /** @@ -695,7 +695,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_219(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), mm256_srli_epi64((int32_t)58, x, __m256i)); } @@ -706,9 +706,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_589(ab); + return rotate_left_219(ab); } /** @@ -721,8 +721,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { - return _vxarq_u64_c19(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return _vxarq_u64_139(a, b); } /** @@ -731,7 +731,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2110(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), mm256_srli_epi64((int32_t)21, x, __m256i)); } @@ -742,9 +742,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5810(ab); + return rotate_left_2110(ab); } /** @@ -757,8 +757,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return _vxarq_u64_c110(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return _vxarq_u64_1310(a, b); } /** @@ -767,7 +767,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2111(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), mm256_srli_epi64((int32_t)49, x, __m256i)); } @@ -778,9 +778,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5811(ab); + return rotate_left_2111(ab); } /** @@ -793,8 +793,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return _vxarq_u64_c111(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return _vxarq_u64_1311(a, b); } /** @@ -803,7 +803,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2112(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), mm256_srli_epi64((int32_t)3, x, __m256i)); } @@ -814,9 +814,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5812(ab); + return rotate_left_2112(ab); } /** @@ -829,8 +829,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return _vxarq_u64_c112(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return _vxarq_u64_1312(a, b); } /** @@ -839,7 +839,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2113(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), mm256_srli_epi64((int32_t)36, x, __m256i)); } @@ -850,9 +850,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5813(ab); + return rotate_left_2113(ab); } /** @@ -865,8 +865,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return _vxarq_u64_c113(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return _vxarq_u64_1313(a, b); } /** @@ -875,7 +875,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2114(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), mm256_srli_epi64((int32_t)9, x, __m256i)); } @@ -886,9 +886,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5814(ab); + return rotate_left_2114(ab); } /** @@ -901,8 +901,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return _vxarq_u64_c114(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return _vxarq_u64_1314(a, b); } /** @@ -911,7 +911,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2115(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), mm256_srli_epi64((int32_t)39, x, __m256i)); } @@ -922,9 +922,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5815(ab); + return rotate_left_2115(ab); } /** @@ -937,8 +937,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return _vxarq_u64_c115(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return _vxarq_u64_1315(a, b); } /** @@ -947,7 +947,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2116(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), mm256_srli_epi64((int32_t)43, x, __m256i)); } @@ -958,9 +958,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5816(ab); + return rotate_left_2116(ab); } /** @@ -973,8 +973,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return _vxarq_u64_c116(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return _vxarq_u64_1316(a, b); } /** @@ -983,7 +983,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2117(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), mm256_srli_epi64((int32_t)8, x, __m256i)); } @@ -994,9 +994,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5817(ab); + return rotate_left_2117(ab); } /** @@ -1009,8 +1009,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return _vxarq_u64_c117(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return _vxarq_u64_1317(a, b); } /** @@ -1019,7 +1019,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2118(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), mm256_srli_epi64((int32_t)37, x, __m256i)); } @@ -1030,9 +1030,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5818(ab); + return rotate_left_2118(ab); } /** @@ -1045,8 +1045,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return _vxarq_u64_c118(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return _vxarq_u64_1318(a, b); } /** @@ -1055,7 +1055,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2119(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), mm256_srli_epi64((int32_t)44, x, __m256i)); } @@ -1066,9 +1066,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5819(ab); + return rotate_left_2119(ab); } /** @@ -1081,8 +1081,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return _vxarq_u64_c119(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return _vxarq_u64_1319(a, b); } /** @@ -1091,7 +1091,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2120(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), mm256_srli_epi64((int32_t)25, x, __m256i)); } @@ -1102,9 +1102,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5820(ab); + return rotate_left_2120(ab); } /** @@ -1117,8 +1117,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return _vxarq_u64_c120(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return _vxarq_u64_1320(a, b); } /** @@ -1127,7 +1127,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2121(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), mm256_srli_epi64((int32_t)56, x, __m256i)); } @@ -1138,9 +1138,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5821(ab); + return rotate_left_2121(ab); } /** @@ -1153,8 +1153,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return _vxarq_u64_c121(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return _vxarq_u64_1321(a, b); } /** @@ -1163,7 +1163,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2122(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), mm256_srli_epi64((int32_t)50, x, __m256i)); } @@ -1174,9 +1174,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5822(ab); + return rotate_left_2122(ab); } /** @@ -1189,8 +1189,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return _vxarq_u64_c122(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return _vxarq_u64_1322(a, b); } /** @@ -1199,7 +1199,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_71( +static KRML_MUSTINLINE void theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), @@ -1228,30 +1228,30 @@ static KRML_MUSTINLINE void theta_rho_71( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,7 +1261,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_01( +static KRML_MUSTINLINE void pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1297,7 +1297,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_9b( +static KRML_MUSTINLINE void chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1315,7 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_09( +static KRML_MUSTINLINE void iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1327,14 +1327,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_07( +static KRML_MUSTINLINE void keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); + theta_rho_3f(s); + pi_d8(s); + chi_95(s); + iota_c9(s, i0); } } @@ -1345,13 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_37( +static KRML_MUSTINLINE void absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); + load_block_ef_16(uu____0, uu____1); + keccakf1600_4e(s); } /** @@ -1359,14 +1359,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c7(s, buf); + load_block_fe(s, buf); } /** @@ -1378,13 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_40(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); + load_block_full_1d(uu____0, copy_of_b); } /** @@ -1395,7 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1411,8 +1411,8 @@ static KRML_MUSTINLINE void absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_40(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -1420,7 +1420,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1553,7 +1553,7 @@ static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_e9(s, buf); + store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1580,9 +1580,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_full_ef_83(__m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); + store_block_full_61(a, ret); } /** @@ -1592,10 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( +static KRML_MUSTINLINE void squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); + store_block_full_ef_83(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1616,9 +1616,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_aa(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); + store_block_78(a, b); } /** @@ -1628,9 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_e9( +static KRML_MUSTINLINE void squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); + store_block_ef_aa(s->st, out); } /** @@ -1640,10 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_1c( +static KRML_MUSTINLINE void squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa(s->st, out); } /** @@ -1653,11 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_77( +static KRML_MUSTINLINE void squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); + keccakf1600_4e(&s); uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); + store_block_full_ef_83(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1677,9 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1689,7 +1689,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); + absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1699,12 +1699,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - absorb_final_5e(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); + squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,7 +1712,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); + squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1730,12 +1730,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); + squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_77(s, o1); + squeeze_last_0a(s, o1); } } } @@ -1749,7 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); + keccak_9b(buf0, buf); } /** @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); + return new_1e_fa(); } /** @@ -1765,7 +1765,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe0(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -1881,14 +1881,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d0(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c70(s, buf); + load_block_fe0(s, buf); } /** @@ -1900,13 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_400(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); + load_block_full_1d0(uu____0, copy_of_b); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e0( +static KRML_MUSTINLINE void absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1933,8 +1933,8 @@ static KRML_MUSTINLINE void absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_400(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -1944,7 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + absorb_final_800(s, buf); } /** @@ -1952,7 +1952,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2078,9 +2078,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_aa0(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); + store_block_780(a, b); } /** @@ -2090,9 +2090,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_e90( +static KRML_MUSTINLINE void squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + store_block_ef_aa0(s->st, out); } /** @@ -2102,10 +2102,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_1c0( +static KRML_MUSTINLINE void squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa0(s->st, out); } /** @@ -2115,7 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_three_blocks_27( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2123,15 +2123,15 @@ static KRML_MUSTINLINE void squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o1); + squeeze_next_block_ff0(s, o2); } /** @@ -2141,7 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); } /** @@ -2151,7 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); + squeeze_next_block_ff0(s, buf); } /** @@ -2161,7 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( +static KRML_MUSTINLINE void squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2169,29 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); + squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + squeeze_next_block_ff0(s, o3); + squeeze_next_block_ff0(s, o4); } /** @@ -2202,7 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + squeeze_first_five_blocks_58(s, buf); } /** @@ -2212,7 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_80(s, buf); } /** @@ -2223,7 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + squeeze_first_block_b7(s, buf); } /** @@ -2234,5 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + squeeze_next_block_ff(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index da062e426..2d71356b1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 63801aeae..07a720d52 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1431,9 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1443,10 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1454,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1511,7 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -1616,13 +1616,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1630,12 +1630,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1652,9 +1652,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -1665,10 +1665,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1691,11 +1691,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1719,10 +1719,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1733,7 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1743,12 +1743,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1774,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -1790,12 +1790,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -1803,7 +1803,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1831,13 +1831,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -1847,13 +1847,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1861,11 +1861,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -1877,13 +1877,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -1894,7 +1894,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1913,8 +1913,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1922,7 +1922,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1940,12 +1940,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1962,9 +1962,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -1975,10 +1975,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2003,9 +2003,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -2015,9 +2015,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2027,10 +2027,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2040,11 +2040,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2068,10 +2068,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2082,7 +2082,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2092,12 +2092,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2105,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2123,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -2139,12 +2139,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2163,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2180,13 +2180,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2196,13 +2196,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2210,11 +2210,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2226,13 +2226,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2243,7 +2243,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2262,8 +2262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2271,7 +2271,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2289,12 +2289,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2311,9 +2311,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2324,10 +2324,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2352,9 +2352,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2364,9 +2364,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2376,10 +2376,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2389,11 +2389,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2417,10 +2417,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2431,7 +2431,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2441,12 +2441,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2454,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2472,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2488,12 +2488,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2505,13 +2505,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2557,9 +2557,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -2570,10 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2596,11 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2624,10 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2638,7 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2648,12 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2661,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2695,12 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2711,7 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2742,10 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2766,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2813,12 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2826,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -2870,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2884,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2900,13 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2917,7 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2936,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2945,7 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -2997,10 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3025,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -3037,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3049,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3062,11 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3090,10 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3104,7 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3114,12 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3127,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -3161,12 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a0c87071b..b6fe897dd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f644d380f..9a07033c8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index 0d1334472..5e10c3b99 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,14 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 50e2aa7a6..d0d648272 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 +Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index b5c5fa751..e7625b185 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -93,7 +93,7 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t +#define TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) @@ -168,14 +168,12 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { return x * y; } - // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 5ac03509a..192ed0185 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_core_H @@ -45,12 +45,6 @@ typedef struct Option_b3_s { size_t f0; } Option_b3; -static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); - static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); #define CORE_NUM__U32_8__BITS (32U) @@ -110,7 +104,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -143,7 +137,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -176,7 +170,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -224,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_14( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_44( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -239,7 +233,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_3a(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_a9(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -273,7 +267,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_75(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_b1(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -289,7 +283,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_20(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_f1(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -319,7 +313,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_30(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_e9(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -336,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -349,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -381,7 +375,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -401,7 +395,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -421,7 +415,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_49( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_27( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -434,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -453,7 +447,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -485,7 +479,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -518,7 +512,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index ea2f6e973..cccfb172a 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 54540cb08..68004878d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_avx2_H @@ -132,8 +132,8 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + return libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, cv); } /** @@ -142,16 +142,16 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - __m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); + __m256i vec, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + return libcrux_intrinsics_avx2_mm256_and_si256(vector, cv); } /** @@ -200,13 +200,13 @@ static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16( + t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( @@ -229,19 +229,20 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i vec_constant = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, vec_constant); __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, vec_constant); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -304,17 +305,19 @@ libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i vec, __m256i constants) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vec, constants); __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vec, constants); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -376,17 +379,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i vec, __m128i constants) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(vec, constants); __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i modulus = libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16(k, modulus); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(vec, constants); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } @@ -525,9 +528,9 @@ static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, + vec, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); @@ -535,7 +538,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { k, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, vec, __m256i); __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = @@ -719,7 +722,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, ret0); + unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +822,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_e8(dst, ret0); + unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +935,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_34(dst, ret0); + unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1080,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_1c(dst, ret0); + unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1211,7 +1214,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_98(void) { +libcrux_ml_kem_polynomial_ZERO_20_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1240,8 +1243,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ac(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -1252,10 +1255,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,12 +1276,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1291,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1324,8 +1327,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_98(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -1336,7 +1339,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1388,9 +1391,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( vector); } @@ -1402,10 +1405,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1418,7 +1421,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( coefficient); } return re; @@ -1432,7 +1435,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1484,9 +1487,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( vector); } @@ -1498,10 +1501,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1509,7 +1512,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( coefficient); } return re; @@ -1523,9 +1526,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1540,7 +1543,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1553,9 +1556,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1569,7 +1572,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1582,9 +1585,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -1600,7 +1603,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1608,7 +1611,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); } } @@ -1619,17 +1622,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_70( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -1641,21 +1642,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -1671,7 +1668,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1688,21 +1685,24 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U, + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, + (size_t)6U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_6e(&zeta_i, re, (size_t)1U, + (size_t)7U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -1715,12 +1715,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1740,9 +1740,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1757,7 +1757,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1809,9 +1809,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( vector); } @@ -1823,10 +1823,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1834,7 +1834,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( coefficient); } return re; @@ -1848,7 +1848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1900,9 +1900,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( vector); } @@ -1914,10 +1914,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1925,7 +1925,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( re.coefficients[i0]); } return re; @@ -1939,9 +1939,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_58(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d(serialized); } /** @@ -1956,27 +1956,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_15( +libcrux_ml_kem_polynomial_ntt_multiply_20_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); } return out; } @@ -1992,7 +1988,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_f3( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2013,7 +2009,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2022,13 +2018,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -2040,7 +2033,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2049,9 +2042,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -2063,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2072,7 +2064,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); } } @@ -2084,13 +2076,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2103,7 +2095,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2118,9 +2110,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2136,22 +2128,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -2166,7 +2158,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_c4( +libcrux_ml_kem_polynomial_subtract_reduce_20_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2190,21 +2182,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_12( +libcrux_ml_kem_matrix_compute_message_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_c4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); return result; } @@ -2215,7 +2207,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2229,9 +2221,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_06( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_86( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(vector); } /** @@ -2242,8 +2234,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_4b(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_06(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_4f(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_86(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2257,13 +2249,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_33( +libcrux_ml_kem_serialize_compress_then_serialize_message_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2288,20 +2280,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_12(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_33(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2316,11 +2308,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_04(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2332,7 +2324,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2347,7 +2339,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2358,7 +2350,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2377,9 +2369,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); } /** @@ -2390,9 +2382,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_8b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -2403,10 +2395,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2427,12 +2419,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2445,7 +2437,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( ring_element); deserialized_pk[i0] = uu____0; } @@ -2462,8 +2454,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_32(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -2473,10 +2465,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d6( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_ba( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } } @@ -2491,7 +2483,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2515,12 +2507,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( copy_of_input); } @@ -2532,7 +2524,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2568,9 +2560,9 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( self, ret); } @@ -2624,7 +2616,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2667,7 +2659,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2703,9 +2695,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); } /** @@ -2758,7 +2750,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2805,9 +2797,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_82(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2826,8 +2818,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_e9(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_84( +libcrux_ml_kem_sampling_sample_from_xof_closure_8a(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2838,7 +2830,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2847,28 +2839,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( copy_of_randomness, sampled_coefficients, out); } } @@ -2878,7 +2870,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_e9(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_8a(copy_of_out[i]); } memcpy( ret, ret0, @@ -2892,12 +2884,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ff( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_d6(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_ba(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2917,7 +2909,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_0c(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2977,8 +2969,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_48(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_95(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -2988,7 +2980,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3027,60 +3019,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v โˆˆ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B โˆˆ ๐”น^{64ฮท}. - Output: array f โˆˆ โ„คโ‚‚โ‚…โ‚†. - - b โ† BytesToBits(B) - for (i โ† 0; i < 256; i++) - x โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + j] - y โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + ฮท + j] - f[i] โ† xโˆ’y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3089,7 +3032,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3124,7 +3067,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3136,7 +3079,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_5f( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3170,7 +3113,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3182,9 +3125,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( randomness); } @@ -3195,7 +3138,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3217,20 +3160,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_68(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + (size_t)11207U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + (size_t)11207U + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( + &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_db( + &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10( + &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_6e( + &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -3243,11 +3189,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3262,13 +3208,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3293,8 +3239,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -3307,11 +3253,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3326,11 +3272,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3353,7 +3299,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3372,9 +3318,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); } /** @@ -3385,8 +3331,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_73(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ad(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -3400,7 +3346,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_87( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3422,14 +3368,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3450,12 +3396,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_87(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3474,11 +3420,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_05(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), - &v), - (int16_t)1665); +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_34( + __m256i vec) { + __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); + __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, + (int16_t)1665); } /** @@ -3489,10 +3436,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3500,7 +3447,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_05(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_34(coefficient_compressed); } return re; } @@ -3517,7 +3464,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3545,22 +3492,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_6c( +libcrux_ml_kem_matrix_compute_ring_element_v_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( error_2, message, result); return result; } @@ -3573,7 +3520,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3628,9 +3575,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_92( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_49( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( vector); } @@ -3642,14 +3589,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_a8( +libcrux_ml_kem_serialize_compress_then_serialize_10_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_92( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_49( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3669,7 +3616,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3724,9 +3671,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_920( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_490( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( vector); } @@ -3738,14 +3685,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_a5( +libcrux_ml_kem_serialize_compress_then_serialize_11_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_920( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_490( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3766,10 +3713,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a8(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_bf(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3783,7 +3730,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3799,7 +3746,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3814,7 +3761,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3869,9 +3816,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_921( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_491( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( vector); } @@ -3883,7 +3830,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_42( +libcrux_ml_kem_serialize_compress_then_serialize_4_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3891,8 +3838,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_42( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_921( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_491( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3911,7 +3858,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3966,9 +3913,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_922( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_492( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( vector); } @@ -3980,7 +3927,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_8a( +libcrux_ml_kem_serialize_compress_then_serialize_5_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3988,8 +3935,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8a( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_922( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_492( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -4009,9 +3956,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_42(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c0(re, out); } /** @@ -4032,15 +3979,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4050,7 +3997,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4059,33 +4006,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_64(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_6c( + libcrux_ml_kem_matrix_compute_ring_element_v_e7( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4109,24 +4056,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_50(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ff(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4156,7 +4103,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4173,12 +4120,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_11( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ac( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -4204,7 +4151,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4222,10 +4169,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4233,7 +4180,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4242,14 +4189,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4257,26 +4204,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11( + libcrux_ml_kem_ind_cca_kdf_43_ac( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4300,10 +4245,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a9(private_key, ciphertext, ret); } /** @@ -4317,7 +4262,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e(private_key, ciphertext, ret); } @@ -4377,14 +4322,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4395,7 +4340,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4404,17 +4349,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -4423,11 +4368,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4464,10 +4409,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28(key_pair, ciphertext, ret); } @@ -4482,7 +4427,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( private_key, ciphertext, ret); } @@ -4497,11 +4442,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -4514,7 +4459,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4539,28 +4484,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4569,20 +4514,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4615,14 +4560,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); } /** @@ -4640,7 +4585,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( uu____0, copy_of_randomness); } @@ -4663,11 +4608,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4677,7 +4622,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4691,7 +4636,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4701,7 +4646,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4735,7 +4680,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4743,7 +4688,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( uu____0, copy_of_randomness); } @@ -4764,7 +4709,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( uu____0, copy_of_randomness); } @@ -4789,8 +4734,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_02(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ba(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -4800,7 +4745,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_6b( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_f5( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4818,14 +4763,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_6b( + libcrux_ml_kem_vector_traits_to_standard_domain_f5( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4840,14 +4785,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4869,12 +4814,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4895,10 +4840,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4906,15 +4851,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ff(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4927,17 +4872,17 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_4b(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4980,14 +4925,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -5007,7 +4952,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5025,7 +4970,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5041,14 +4986,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_50(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5073,17 +5018,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_f8(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5109,7 +5054,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5135,7 +5080,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5165,7 +5110,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5174,13 +5119,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_f8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5189,13 +5134,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -5211,12 +5156,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -5228,7 +5173,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( copy_of_randomness); } @@ -5247,9 +5192,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_87( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_cf( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -5267,10 +5212,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } } @@ -5286,7 +5231,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_4f( +libcrux_ml_kem_polynomial_clone_3a_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5311,7 +5256,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5320,7 +5265,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5328,7 +5273,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5336,7 +5281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_4f(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_3f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5348,20 +5293,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5403,12 +5348,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( copy_of_randomness); } @@ -5422,7 +5367,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( copy_of_randomness); } @@ -5438,24 +5383,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_99( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_44(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5483,7 +5428,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a90( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5501,10 +5446,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5512,7 +5457,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5521,14 +5466,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5536,26 +5481,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f( + libcrux_ml_kem_ind_cca_kdf_6c_99( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5583,10 +5526,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a90(private_key, ciphertext, ret); } /** @@ -5600,7 +5543,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( private_key, ciphertext, ret); } @@ -5615,9 +5558,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } /** @@ -5640,28 +5583,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5670,20 +5613,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5719,14 +5662,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); } /** @@ -5744,7 +5687,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( uu____0, copy_of_randomness); } @@ -5757,16 +5700,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_06( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5785,9 +5728,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); } /** @@ -5799,7 +5742,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 7882cc122..1bf8861de 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_portable_H @@ -113,6 +113,10 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) { + return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i]; +} + #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ @@ -140,7 +144,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_f9(dst, ret); + unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -251,30 +255,28 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + ret[0U] = r0_10.fst; + ret[1U] = r0_10.snd; + ret[2U] = r0_10.thd; + ret[3U] = r0_10.f3; + ret[4U] = r0_10.f4; + ret[5U] = r0_10.f5; + ret[6U] = r0_10.f6; + ret[7U] = r0_10.f7; + ret[8U] = r0_10.f8; + ret[9U] = r0_10.f9; + ret[10U] = r0_10.f10; + ret[11U] = r11_21.fst; + ret[12U] = r11_21.snd; + ret[13U] = r11_21.thd; + ret[14U] = r11_21.f3; + ret[15U] = r11_21.f4; + ret[16U] = r11_21.f5; + ret[17U] = r11_21.f6; + ret[18U] = r11_21.f7; + ret[19U] = r11_21.f8; + ret[20U] = r11_21.f9; + ret[21U] = r11_21.f10; } /** @@ -361,28 +363,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -390,25 +370,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -952,6 +931,28 @@ static const uint8_t {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U}}; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -968,8 +969,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = - core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } return lhs; } @@ -992,9 +993,8 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = - core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); - lhs.elements[i0] = uu____0; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; } return lhs; } @@ -1012,14 +1012,14 @@ libcrux_ml_kem_vector_portable_sub_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); - v.elements[i0] = uu____0; + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] * c; } - return v; + return vec; } /** @@ -1028,20 +1028,20 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + vec.elements[uu____0] = vec.elements[uu____0] & c; } - return v; + return vec; } /** @@ -1057,16 +1057,16 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) { + if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } } - return v; + return vec; } /** @@ -1119,9 +1119,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - vec.elements[i0] = + int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( vec.elements[i0]); + vec.elements[i0] = vi; } return vec; } @@ -1198,15 +1199,15 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); + vec.elements[i0], c); } - return v; + return vec; } /** @@ -1294,36 +1295,36 @@ libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; + vec->elements[j], zeta); + vec->elements[j] = vec->elements[i] - t; + vec->elements[i] = vec->elements[i] + t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1340,25 +1341,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1374,22 +1375,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1403,38 +1407,39 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { + int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + vec->elements[i] + vec->elements[j]); + int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); + vec->elements[i] = o0; + vec->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1451,25 +1456,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1486,24 +1491,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1516,44 +1522,32 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `Xยฒ - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: aโ‚€, aโ‚, bโ‚€, bโ‚ โˆˆ โ„คq. - Input: ฮณ โˆˆ โ„คq. - Output: cโ‚€, cโ‚ โˆˆ โ„คq. - - cโ‚€ โ† aโ‚€ยทbโ‚€ + aโ‚ยทbโ‚ยทฮณ - cโ‚ โ† aโ‚€ยทbโ‚ + aโ‚ยทbโ‚€ - return cโ‚€, cโ‚ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); + int16_t ai = a->elements[i]; + int16_t bi = b->elements[i]; + int16_t aj = a->elements[j]; + int16_t bj = b->elements[j]; + int32_t ai_bi = (int32_t)ai * (int32_t)bi; + int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; + int16_t aj_bj = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + aj_bj_); + int32_t aj_bj_zeta = (int32_t)aj_bj * (int32_t)zeta; + int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; + int16_t o0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + ai_bi_aj_bj); + int32_t ai_bj = (int32_t)ai * (int32_t)bj; + int32_t aj_bi = (int32_t)aj * (int32_t)bi; + int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); + ai_bj_aj_bi); out->elements[i] = o0; out->elements[j] = o1; } @@ -1563,24 +1557,28 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t nzeta0 = -zeta0; + int16_t nzeta1 = -zeta1; + int16_t nzeta2 = -zeta2; + int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); return out; } @@ -1601,21 +1599,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + uint8_t result0 = (((((((uint32_t)(uint8_t)v.elements[0U] | + (uint32_t)(uint8_t)v.elements[1U] << 1U) | + (uint32_t)(uint8_t)v.elements[2U] << 2U) | + (uint32_t)(uint8_t)v.elements[3U] << 3U) | + (uint32_t)(uint8_t)v.elements[4U] << 4U) | + (uint32_t)(uint8_t)v.elements[5U] << 5U) | + (uint32_t)(uint8_t)v.elements[6U] << 6U) | + (uint32_t)(uint8_t)v.elements[7U] << 7U; + uint8_t result1 = (((((((uint32_t)(uint8_t)v.elements[8U] | + (uint32_t)(uint8_t)v.elements[9U] << 1U) | + (uint32_t)(uint8_t)v.elements[10U] << 2U) | + (uint32_t)(uint8_t)v.elements[11U] << 3U) | + (uint32_t)(uint8_t)v.elements[12U] << 4U) | + (uint32_t)(uint8_t)v.elements[13U] << 5U) | + (uint32_t)(uint8_t)v.elements[14U] << 6U) | + (uint32_t)(uint8_t)v.elements[15U] << 7U; + ret[0U] = result0; + ret[1U] = result1; } /** @@ -1630,24 +1631,86 @@ static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; + int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) & + 1U); + int16_t result1 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result2 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result3 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result4 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result5 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result6 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result7 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 7U & + 1U); + int16_t result8 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) & + 1U); + int16_t result9 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result10 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result11 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result12 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result13 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result14 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result15 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 7U & + 1U); + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = result0; + lit.elements[1U] = result1; + lit.elements[2U] = result2; + lit.elements[3U] = result3; + lit.elements[4U] = result4; + lit.elements[5U] = result5; + lit.elements[6U] = result6; + lit.elements[7U] = result7; + lit.elements[8U] = result8; + lit.elements[9U] = result9; + lit.elements[10U] = result10; + lit.elements[11U] = result11; + lit.elements[12U] = result12; + lit.elements[13U] = result13; + lit.elements[14U] = result14; + lit.elements[15U] = result15; + return lit; } /** @@ -1704,16 +1767,14 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); + ret[0U] = result0_3.fst; + ret[1U] = result0_3.snd; + ret[2U] = result0_3.thd; + ret[3U] = result0_3.f3; + ret[4U] = result4_7.fst; + ret[5U] = result4_7.snd; + ret[6U] = result4_7.thd; + ret[7U] = result4_7.f3; } /** @@ -1773,25 +1834,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1845,18 +1905,16 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; } /** @@ -1927,25 +1985,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2007,28 +2064,26 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; + ret[10U] = r10_14.fst; + ret[11U] = r10_14.snd; + ret[12U] = r10_14.thd; + ret[13U] = r10_14.f3; + ret[14U] = r10_14.f4; + ret[15U] = r15_19.fst; + ret[16U] = r15_19.snd; + ret[17U] = r15_19.thd; + ret[18U] = r15_19.f3; + ret[19U] = r15_19.f4; } /** @@ -2107,25 +2162,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2183,32 +2237,30 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); + ret[0U] = r0_2.fst; + ret[1U] = r0_2.snd; + ret[2U] = r0_2.thd; + ret[3U] = r3_5.fst; + ret[4U] = r3_5.snd; + ret[5U] = r3_5.thd; + ret[6U] = r6_8.fst; + ret[7U] = r6_8.snd; + ret[8U] = r6_8.thd; + ret[9U] = r9_11.fst; + ret[10U] = r9_11.snd; + ret[11U] = r9_11.thd; + ret[12U] = r12_14.fst; + ret[13U] = r12_14.snd; + ret[14U] = r12_14.thd; + ret[15U] = r15_17.fst; + ret[16U] = r15_17.snd; + ret[17U] = r15_17.thd; + ret[18U] = r18_20.fst; + ret[19U] = r18_20.snd; + ret[20U] = r18_20.thd; + ret[21U] = r21_23.fst; + ret[22U] = r21_23.snd; + ret[23U] = r21_23.thd; } /** @@ -2261,25 +2313,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_1.fst; + lit.elements[1U] = v0_1.snd; + lit.elements[2U] = v2_3.fst; + lit.elements[3U] = v2_3.snd; + lit.elements[4U] = v4_5.fst; + lit.elements[5U] = v4_5.snd; + lit.elements[6U] = v6_7.fst; + lit.elements[7U] = v6_7.snd; + lit.elements[8U] = v8_9.fst; + lit.elements[9U] = v8_9.snd; + lit.elements[10U] = v10_11.fst; + lit.elements[11U] = v10_11.snd; + lit.elements[12U] = v12_13.fst; + lit.elements[13U] = v12_13.snd; + lit.elements[14U] = v14_15.fst; + lit.elements[15U] = v14_15.snd; + return lit; } /** @@ -2444,7 +2495,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_9a(void) { +libcrux_ml_kem_polynomial_ZERO_20_1c(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2472,8 +2523,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_c8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_0f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -2483,10 +2534,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2505,12 +2556,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_92( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2523,7 +2574,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2555,8 +2606,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_32(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_99(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -2566,7 +2617,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2591,9 +2642,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( v); } @@ -2604,10 +2655,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2623,7 +2674,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( coefficient); re.coefficients[i0] = uu____0; } @@ -2637,7 +2688,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2662,9 +2713,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( v); } @@ -2675,10 +2726,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_c9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2687,7 +2738,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( coefficient); re.coefficients[i0] = uu____0; } @@ -2701,9 +2752,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_40(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2718,7 +2769,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2732,12 +2783,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2751,7 +2802,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2764,9 +2815,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -2781,7 +2832,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2790,7 +2841,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -2801,7 +2852,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2810,9 +2861,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2823,7 +2873,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2832,13 +2882,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2853,7 +2900,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2871,21 +2918,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U, + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_82(&zeta_i, re, (size_t)3U, + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_8a(&zeta_i, re, (size_t)2U, + (size_t)6U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, + (size_t)7U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -2897,12 +2947,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2922,9 +2972,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_d3(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2938,7 +2988,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2963,9 +3013,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( v); } @@ -2976,10 +3026,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_51( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2988,7 +3038,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( coefficient); re.coefficients[i0] = uu____0; } @@ -3002,7 +3052,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3027,9 +3077,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( v); } @@ -3040,10 +3090,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3052,7 +3102,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3066,9 +3116,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_70(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_51(serialized); } /** @@ -3082,28 +3132,24 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_ff( +libcrux_ml_kem_polynomial_ntt_multiply_20_23( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_multiply_0d( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; @@ -3119,7 +3165,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3143,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3152,13 +3198,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3169,7 +3212,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3178,9 +3221,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3191,7 +3233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3200,7 +3242,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -3213,7 +3255,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3221,7 +3263,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3234,7 +3276,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3249,9 +3291,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -3266,22 +3308,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -3295,7 +3337,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_56( +libcrux_ml_kem_polynomial_subtract_reduce_20_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3321,21 +3363,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_29( +libcrux_ml_kem_matrix_compute_message_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_f5(v, result); return result; } @@ -3345,14 +3387,14 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_53( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_arithmetic_shift_right_58( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; } - return v; + return vec; } /** @@ -3365,9 +3407,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_e7( +libcrux_ml_kem_vector_portable_shift_right_0d_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_53(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_58(v); } /** @@ -3377,10 +3419,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_39( +libcrux_ml_kem_vector_traits_to_unsigned_representative_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_e7(a); + libcrux_ml_kem_vector_portable_shift_right_0d_f1(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3394,13 +3436,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_7d( +libcrux_ml_kem_serialize_compress_then_serialize_message_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3426,20 +3468,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_29(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a9(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_7d(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_f1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3453,11 +3495,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_30(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_74(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_92(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3469,7 +3511,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3483,7 +3525,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3493,7 +3535,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3511,9 +3553,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); } /** @@ -3523,9 +3565,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_2e( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -3535,10 +3577,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3560,12 +3602,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3578,7 +3620,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( ring_element); deserialized_pk[i0] = uu____0; } @@ -3595,8 +3637,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_0f(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -3606,10 +3648,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_44( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a3( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } } @@ -3629,7 +3671,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3662,12 +3704,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( copy_of_input); } @@ -3678,7 +3720,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3702,10 +3744,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( self, ret); } @@ -3758,7 +3800,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3800,7 +3842,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3824,10 +3866,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, ret); } @@ -3880,7 +3922,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3926,9 +3968,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_8d(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_d3(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3949,8 +3991,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_6a(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( +libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3961,7 +4003,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3970,28 +4012,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( copy_of_randomness, sampled_coefficients, out); } } @@ -4001,7 +4043,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_6a(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); } memcpy( ret, ret0, @@ -4015,12 +4057,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0b( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_44(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_a3(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4040,7 +4082,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_61(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_1b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4100,8 +4142,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_49(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_06(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4110,7 +4152,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4132,60 +4174,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v โˆˆ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B โˆˆ ๐”น^{64ฮท}. - Output: array f โˆˆ โ„คโ‚‚โ‚…โ‚†. - - b โ† BytesToBits(B) - for (i โ† 0; i < 256; i++) - x โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + j] - y โ† โˆ‘(j=0 to ฮท - 1) b[2iฮท + ฮท + j] - f[i] โ† xโˆ’y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4193,7 +4186,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4228,7 +4221,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4239,7 +4232,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_af( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4273,7 +4266,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4284,9 +4277,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( randomness); } @@ -4296,7 +4289,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4319,20 +4312,23 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_3e(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_99(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + (size_t)11207U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + (size_t)11207U + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( + &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_82( + &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_8a( + &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f( + &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -4345,11 +4341,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4364,13 +4360,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4395,8 +4391,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_69(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_20(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4409,11 +4405,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4428,11 +4424,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4454,7 +4450,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4472,9 +4468,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); } /** @@ -4484,8 +4480,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_e0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_vector_u_closure_52(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4498,7 +4494,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_fc( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4522,14 +4518,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4550,12 +4546,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_fc(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4574,12 +4570,16 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_5f( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = +libcrux_ml_kem_vector_traits_decompress_1_4c( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); - return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665); + libcrux_ml_kem_vector_portable_vector_type_PortableVector s = + libcrux_ml_kem_vector_portable_sub_0d(z, &vec); + libcrux_ml_kem_vector_portable_vector_type_PortableVector res = + libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + s, (int16_t)1665); + return res; } /** @@ -4589,10 +4589,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4602,7 +4602,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_5f(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_4c(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4619,7 +4619,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4649,22 +4649,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_04( +libcrux_ml_kem_matrix_compute_ring_element_v_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( error_2, message, result); return result; } @@ -4675,7 +4675,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f( +libcrux_ml_kem_vector_portable_compress_compress_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4698,9 +4698,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_73( +libcrux_ml_kem_vector_portable_compress_0d_9a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c(v); } /** @@ -4710,15 +4710,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_51( +libcrux_ml_kem_serialize_compress_then_serialize_10_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_73( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_9a( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4736,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f0( +libcrux_ml_kem_vector_portable_compress_compress_0c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4759,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_730( +libcrux_ml_kem_vector_portable_compress_0d_9a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f0(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c0(v); } /** @@ -4771,15 +4771,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_25( +libcrux_ml_kem_serialize_compress_then_serialize_11_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_730( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_9a0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4799,10 +4799,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_51(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4815,7 +4815,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4831,7 +4831,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4844,7 +4844,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f1( +libcrux_ml_kem_vector_portable_compress_compress_0c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4867,9 +4867,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_731( +libcrux_ml_kem_vector_portable_compress_0d_9a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f1(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c1(v); } /** @@ -4879,7 +4879,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_53( +libcrux_ml_kem_serialize_compress_then_serialize_4_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4888,8 +4888,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_731( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_9a1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4906,7 +4906,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f2( +libcrux_ml_kem_vector_portable_compress_compress_0c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4929,9 +4929,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_732( +libcrux_ml_kem_vector_portable_compress_0d_9a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f2(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c2(v); } /** @@ -4941,7 +4941,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_94( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4950,8 +4950,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_732( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_9a2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4970,9 +4970,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_53(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_55(re, out); } /** @@ -4993,15 +4993,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5011,7 +5011,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5020,33 +5020,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a2(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( + libcrux_ml_kem_matrix_compute_ring_element_v_66( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5070,24 +5070,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_95(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_0b(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5117,7 +5117,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5133,12 +5133,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_85( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -5163,7 +5163,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5181,10 +5181,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5192,7 +5192,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5201,14 +5201,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5216,26 +5216,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de( + libcrux_ml_kem_ind_cca_kdf_43_85( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5259,10 +5257,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); } /** @@ -5275,7 +5273,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( private_key, ciphertext, ret); } @@ -5335,14 +5333,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5353,7 +5351,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5362,17 +5360,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5381,11 +5379,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5421,10 +5419,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33(key_pair, ciphertext, ret); } @@ -5438,7 +5436,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( private_key, ciphertext, ret); } @@ -5452,11 +5450,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -5468,7 +5466,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5492,28 +5490,28 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5522,20 +5520,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5567,14 +5565,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -5591,7 +5589,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( uu____0, copy_of_randomness); } @@ -5614,11 +5612,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5628,7 +5626,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5642,7 +5640,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5652,7 +5650,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5685,7 +5683,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5693,7 +5691,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( uu____0, copy_of_randomness); } @@ -5713,7 +5711,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( uu____0, copy_of_randomness); } @@ -5737,8 +5735,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_39(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -5748,7 +5746,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_d6( +libcrux_ml_kem_vector_traits_to_standard_domain_22( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5765,7 +5763,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5773,7 +5771,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_d6( + libcrux_ml_kem_vector_traits_to_standard_domain_22( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5789,14 +5787,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5818,12 +5816,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5844,10 +5842,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5855,15 +5853,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_0b(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5876,17 +5874,17 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_0e(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5928,14 +5926,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5954,7 +5952,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5972,7 +5970,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5987,14 +5985,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6019,17 +6017,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c0(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6054,7 +6052,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6080,7 +6078,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6110,7 +6108,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6119,13 +6117,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6134,13 +6132,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -6156,12 +6154,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); } /** @@ -6172,7 +6170,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( copy_of_randomness); } @@ -6191,9 +6189,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_53( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -6211,10 +6209,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } } @@ -6229,7 +6227,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_78( +libcrux_ml_kem_polynomial_clone_3a_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6257,7 +6255,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6266,7 +6264,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6274,7 +6272,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6282,7 +6280,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_cc(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6294,20 +6292,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6348,12 +6346,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( copy_of_randomness); } @@ -6366,7 +6364,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( copy_of_randomness); } @@ -6381,24 +6379,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_00( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_44(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6425,7 +6423,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6443,10 +6441,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6454,7 +6452,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6463,14 +6461,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6478,26 +6476,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8( + libcrux_ml_kem_ind_cca_kdf_6c_00( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6525,10 +6521,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); } /** @@ -6541,7 +6537,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( private_key, ciphertext, ret); } @@ -6555,9 +6551,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } /** @@ -6579,28 +6575,28 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6609,20 +6605,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6658,14 +6654,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -6682,7 +6678,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( uu____0, copy_of_randomness); } @@ -6694,16 +6690,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_36( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6721,9 +6717,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); } /** @@ -6734,7 +6730,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 7141feb4f..2b1602161 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_avx2_H @@ -59,7 +59,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_21(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); @@ -70,7 +70,7 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); + uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b)); } /** @@ -222,7 +222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -258,7 +258,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -388,13 +388,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b); } /** @@ -405,7 +405,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_210(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); @@ -418,10 +418,10 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); + return libcrux_sha3_simd_avx2_rotate_left_210(ab); } /** @@ -436,8 +436,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b); } /** @@ -448,7 +448,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_211(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); @@ -462,9 +462,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); + return libcrux_sha3_simd_avx2_rotate_left_211(ab); } /** @@ -479,8 +479,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b); } /** @@ -491,7 +491,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_212(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); @@ -505,9 +505,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); + return libcrux_sha3_simd_avx2_rotate_left_212(ab); } /** @@ -522,8 +522,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b); } /** @@ -534,7 +534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_213(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); @@ -548,9 +548,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); + return libcrux_sha3_simd_avx2_rotate_left_213(ab); } /** @@ -565,8 +565,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b); } /** @@ -577,9 +577,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); + return libcrux_sha3_simd_avx2_rotate_left_21(ab); } /** @@ -594,8 +594,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b); } /** @@ -606,7 +606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_214(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); @@ -620,9 +620,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); + return libcrux_sha3_simd_avx2_rotate_left_214(ab); } /** @@ -637,8 +637,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b); } /** @@ -649,7 +649,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_215(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); @@ -663,9 +663,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); + return libcrux_sha3_simd_avx2_rotate_left_215(ab); } /** @@ -680,8 +680,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b); } /** @@ -692,7 +692,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_216(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); @@ -706,9 +706,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); + return libcrux_sha3_simd_avx2_rotate_left_216(ab); } /** @@ -723,8 +723,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b); } /** @@ -735,7 +735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_217(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); @@ -749,9 +749,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); + return libcrux_sha3_simd_avx2_rotate_left_217(ab); } /** @@ -766,8 +766,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b); } /** @@ -778,7 +778,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_218(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); @@ -792,9 +792,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); + return libcrux_sha3_simd_avx2_rotate_left_218(ab); } /** @@ -809,8 +809,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b); } /** @@ -821,7 +821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_219(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); @@ -835,9 +835,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); + return libcrux_sha3_simd_avx2_rotate_left_219(ab); } /** @@ -852,8 +852,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b); } /** @@ -864,7 +864,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2110(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); @@ -878,9 +878,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); + return libcrux_sha3_simd_avx2_rotate_left_2110(ab); } /** @@ -895,8 +895,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b); } /** @@ -907,7 +907,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2111(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); @@ -921,9 +921,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); + return libcrux_sha3_simd_avx2_rotate_left_2111(ab); } /** @@ -938,8 +938,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b); } /** @@ -950,7 +950,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2112(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); @@ -964,9 +964,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); + return libcrux_sha3_simd_avx2_rotate_left_2112(ab); } /** @@ -981,8 +981,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b); } /** @@ -993,7 +993,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2113(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); @@ -1007,9 +1007,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); + return libcrux_sha3_simd_avx2_rotate_left_2113(ab); } /** @@ -1024,8 +1024,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b); } /** @@ -1036,7 +1036,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2114(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); @@ -1050,9 +1050,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); + return libcrux_sha3_simd_avx2_rotate_left_2114(ab); } /** @@ -1067,8 +1067,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2115(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); @@ -1093,9 +1093,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); + return libcrux_sha3_simd_avx2_rotate_left_2115(ab); } /** @@ -1110,8 +1110,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b); } /** @@ -1122,7 +1122,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2116(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); @@ -1136,9 +1136,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); + return libcrux_sha3_simd_avx2_rotate_left_2116(ab); } /** @@ -1153,8 +1153,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b); } /** @@ -1165,7 +1165,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2117(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); @@ -1179,9 +1179,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); + return libcrux_sha3_simd_avx2_rotate_left_2117(ab); } /** @@ -1196,8 +1196,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b); } /** @@ -1208,7 +1208,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2118(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); @@ -1222,9 +1222,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); + return libcrux_sha3_simd_avx2_rotate_left_2118(ab); } /** @@ -1239,8 +1239,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b); } /** @@ -1251,7 +1251,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2119(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); @@ -1265,9 +1265,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); + return libcrux_sha3_simd_avx2_rotate_left_2119(ab); } /** @@ -1282,8 +1282,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b); } /** @@ -1294,7 +1294,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2120(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); @@ -1308,9 +1308,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); + return libcrux_sha3_simd_avx2_rotate_left_2120(ab); } /** @@ -1325,8 +1325,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b); } /** @@ -1337,7 +1337,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2121(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); @@ -1351,9 +1351,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); + return libcrux_sha3_simd_avx2_rotate_left_2121(ab); } /** @@ -1368,8 +1368,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b); } /** @@ -1380,7 +1380,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2122(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); @@ -1394,9 +1394,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); + return libcrux_sha3_simd_avx2_rotate_left_2122(ab); } /** @@ -1411,8 +1411,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b); } /** @@ -1422,7 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1457,53 +1457,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); __m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1514,7 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1551,7 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1573,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1586,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_3f(s); + libcrux_sha3_generic_keccak_pi_d8(s); + libcrux_sha3_generic_keccak_chi_95(s); + libcrux_sha3_generic_keccak_iota_c9(s, i0); } } @@ -1605,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1620,14 +1620,14 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); + libcrux_sha3_simd_avx2_load_block_fe(s, buf); } /** @@ -1640,13 +1640,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b); } /** @@ -1658,7 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1677,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1687,7 +1687,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1810,7 +1810,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1821,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); + libcrux_sha3_simd_avx2_store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1849,9 +1849,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( __m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); + libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } /** @@ -1863,10 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1892,9 +1892,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); + libcrux_sha3_simd_avx2_store_block_78(a, b); } /** @@ -1905,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -1918,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -1932,11 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_4e(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1961,10 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1985,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -1998,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); } } } @@ -2036,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_1e_fa(); } /** @@ -2057,7 +2057,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2183,14 +2183,14 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); + libcrux_sha3_simd_avx2_load_block_fe0(s, buf); } /** @@ -2203,13 +2203,13 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b); } /** @@ -2221,7 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2240,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -2253,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_800(s, buf); } /** @@ -2262,7 +2262,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2389,9 +2389,9 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); + libcrux_sha3_simd_avx2_store_block_780(a, b); } /** @@ -2402,9 +2402,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2415,10 +2415,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2430,7 +2430,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2438,15 +2438,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); } /** @@ -2458,7 +2458,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); } /** @@ -2470,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); } /** @@ -2482,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2490,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); } /** @@ -2524,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); } /** @@ -2536,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_80(s, buf); } /** @@ -2548,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); } /** @@ -2560,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index b3f8ff4fb..56236f271 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -280,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -291,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -307,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -318,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -329,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -345,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -356,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -367,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -383,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -394,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -405,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -421,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -432,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -448,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -459,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -470,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -486,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -497,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -508,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -524,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -535,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -546,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -562,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -573,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -584,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -600,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -611,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -622,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -638,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -649,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -660,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -676,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -687,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -698,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -714,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -725,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -736,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -752,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -763,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -774,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -790,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -801,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -812,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -828,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -839,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -850,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -866,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -877,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -888,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -904,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -915,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -926,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -942,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -953,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -964,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -980,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -991,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1002,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1018,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1029,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1040,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1056,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1067,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1078,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1094,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1105,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1116,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1132,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1143,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1154,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1170,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1180,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1272,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1308,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1341,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1359,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -1406,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -1486,10 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1526,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1538,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1551,11 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1579,10 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1593,7 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1603,12 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1616,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -1650,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } /** @@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -1673,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -1717,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1764,7 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1832,9 +1832,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -1845,10 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1873,9 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1885,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1897,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1910,11 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1938,10 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1952,7 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1962,12 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1993,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2009,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2024,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -2035,7 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2054,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2066,10 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2080,7 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2090,12 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2103,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2121,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2137,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -2249,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -2257,7 +2257,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2268,7 +2268,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2281,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2297,13 +2297,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2314,7 +2314,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2333,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2344,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); } /** @@ -2352,7 +2352,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2374,9 +2374,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -2386,9 +2386,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2398,10 +2398,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2412,7 +2412,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2420,15 +2420,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); } /** @@ -2438,7 +2438,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -2448,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2494,7 +2494,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2505,7 +2505,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2522,13 +2522,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2538,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2552,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2568,13 +2568,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2585,7 +2585,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2604,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2613,7 +2613,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2631,12 +2631,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2653,9 +2653,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2666,10 +2666,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2694,9 +2694,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2706,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2718,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2731,11 +2731,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2759,10 +2759,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2773,7 +2773,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2783,12 +2783,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2796,7 +2796,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2814,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2830,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2845,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -2853,7 +2853,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2864,7 +2864,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2881,13 +2881,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -2897,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2911,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -2927,13 +2927,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -2944,7 +2944,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2963,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2972,7 +2972,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2990,12 +2990,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3012,9 +3012,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -3025,10 +3025,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3053,9 +3053,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -3065,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3077,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3090,11 +3090,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3118,10 +3118,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3132,7 +3132,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3142,12 +3142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3155,7 +3155,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3173,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -3189,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -3204,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -3295,13 +3295,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -3311,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -3325,12 +3325,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3347,9 +3347,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -3360,10 +3360,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3386,11 +3386,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3414,10 +3414,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3428,7 +3428,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3438,12 +3438,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3451,7 +3451,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3469,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -3485,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -3500,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** @@ -3565,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3573,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); } /** @@ -3605,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -3615,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); } /** @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -3633,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -3643,7 +3643,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 8df66c304..062f62026 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -66,6 +66,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "80", "--interfaces", interface_include, ] @@ -99,6 +101,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "100", "--interfaces", interface_include, ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index b89424665..1bff53934 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constant_time_ops -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 1816f37b4..437691615 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constant_time_ops -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 76d143aad..812c7717d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constants -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index a8bd8c939..b5a8cb0e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index b873275d4..5294a8dc5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index e9cabe1c8..89c8300ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 8037424f4..076ee08eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 723e8e4ee..b0bfe3100 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 7fb183942..5fe17a0d5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 44e9eb957..0f1cea879 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 36027ded7..0fa0378fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 5095ea6f2..7dd84a30d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index b35947909..3fd260dcf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index ae05c29fa..2e6c0ad1a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 3bab36da7..2c6e2ba1c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 4d8f75559..950cb476c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 04608ba6f..2e16c3c1d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 2576b5c73..812549884 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -192,6 +192,8 @@ let validate_public_key in public_key =. public_key_serialized +#push-options "--admit_smt_queries true" + #push-options "--z3rlimit 500" let decapsulate @@ -316,21 +318,18 @@ let decapsulate shared_secret ciphertext in - let shared_secret:t_Array u8 (sz 32) = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (expected_ciphertext <: t_Slice u8) - (shared_secret <: t_Slice u8) - (implicit_rejection_shared_secret <: t_Slice u8) - in - let result:t_Array u8 (sz 32) = shared_secret in - let _:Prims.unit = admit () (* Panic freedom *) in - result + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) + +#pop-options #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 1ff7c7914..69d9a3cbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -206,6 +206,7 @@ let impl: t_Variant t_MlKem = Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) } +/// This code verifies on some machines, runs out of memory on others val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 2ee1ef2b7..f386e8df7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index eb79bb57f..7aff6f7ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -197,6 +197,8 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--z3rlimit 200" + let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -261,6 +263,8 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out +#pop-options + #push-options "--admit_smt_queries true" let deserialize_then_decompress_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ba4b696bc..edacb43f3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 9ebede517..fc12208e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Invert_ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -65,19 +65,10 @@ let invert_ntt_at_layer_1_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_1_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 2 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 3 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 3 <: usize) <: i16) <: v_Vector) } @@ -126,11 +117,8 @@ let invert_ntt_at_layer_2_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_2_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16) <: v_Vector) } @@ -179,7 +167,7 @@ let invert_ntt_at_layer_3_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_3_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) <: v_Vector) } @@ -239,7 +227,7 @@ let invert_ntt_at_layer_4_plus (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index ffe255831..d607a01ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Invert_ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 2333fb3db..d407bc44c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Matrix -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 8eb07756d..ac11905d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Matrix -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index d2ddcca9f..f5a15cc47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 8e4515a33..10bf32a75 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index cd42bf0a3..61b49bfcb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 9e45629cc..6e171d854 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 52862d8b5..d2950b172 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 747dc6b36..6d42b3e47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 89228f7dd..7d832fab7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 04b7b047e..d15ce31bd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index b490657c0..e39107954 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 1b958a6e5..1a2c2f239 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 5dde35c74..7dcbffd48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index b6c6d2655..3696ab7e7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 01b944e04..559752b4d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 00602ea3e..02edf609b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index ff822c32d..522183ced 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index ad9388559..da439bfc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -1,66 +1,41 @@ module Libcrux_ml_kem.Mlkem512 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul -let v_ETA1: usize = sz 3 +let v_C1_BLOCK_SIZE_512_: usize = sz 320 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_512_: usize = sz 640 -let v_ETA2: usize = sz 2 +let v_C2_SIZE_512_: usize = sz 128 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = sz 768 -let v_RANK_512_: usize = sz 2 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = sz 800 -let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = sz 768 -let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = sz 3 -let v_T_AS_NTT_ENCODED_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = sz 192 -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_ETA2: usize = sz 2 -let v_SECRET_KEY_SIZE_512_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = sz 128 -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 800 -let v_C1_BLOCK_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = sz 768 -let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ +let v_RANK_512_: usize = sz 2 -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_SECRET_KEY_SIZE_512_: usize = sz 1632 -let v_C2_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_512_: usize = sz 768 -let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index dbd466b67..b32adb8db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index c1722ce4c..d671b9c1a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 41af82736..e545a7f2f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index c837a5760..30db4218e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index c047942db..3fa0c8aef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 1f5be7a00..574a4c120 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 76724125e..35e4320cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 156654afd..a793a2287 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 139ad22c3..702b82a42 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -62,19 +62,10 @@ let ntt_at_layer_1_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_1_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 3 <: usize) <: i16) <: v_Vector) } @@ -123,11 +114,8 @@ let ntt_at_layer_2_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_2_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16) <: v_Vector) } @@ -176,7 +164,7 @@ let ntt_at_layer_3_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_3_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) <: v_Vector) } @@ -240,7 +228,7 @@ let ntt_at_layer_4_plus (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -353,37 +341,37 @@ let ntt_binomially_sampled_ring_element in let zeta_i:usize = sz 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 11207) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 11207 +! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 11207 +! (sz 2 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in @@ -412,37 +400,37 @@ let ntt_vector_u let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 2 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 4 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3328) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 5 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3328) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 6 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3328) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 7 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 2e535adc9..7c9cce2de 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index df19c569e..002d025eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Polynomial -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -9,6 +9,11 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let get_zeta (i: usize) = + let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in + let _:Prims.unit = admit () (* Panic freedom *) in + result + let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -36,6 +41,7 @@ let impl_1__add_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -86,6 +92,7 @@ let impl_1__add_message_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self message result: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let result:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -142,6 +149,7 @@ let impl_1__add_standard_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -191,6 +199,7 @@ let impl_1__add_to_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) @@ -275,6 +284,7 @@ let impl_1__ntt_multiply Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let out:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -287,46 +297,27 @@ let impl_1__ntt_multiply (fun out i -> let out:t_PolynomialRingElement v_Vector = out in let i:usize = i in - let _:Prims.unit = - assert (64 + 4 * v i < 128); - assert (64 + 4 * v i + 1 < 128); - assert (64 + 4 * v i + 2 < 128); - assert (64 + 4 * v i + 3 < 128) - in - let out:t_PolynomialRingElement v_Vector = - { - out with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector - #FStar.Tactics.Typeclasses.solve - (self.f_coefficients.[ i ] <: v_Vector) - (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 - <: - usize ] - <: - i16) - <: - v_Vector) - } + { + out with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + #FStar.Tactics.Typeclasses.solve + (self.f_coefficients.[ i ] <: v_Vector) + (rhs.f_coefficients.[ i ] <: v_Vector) + (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) + <: + v_Vector) <: - t_PolynomialRingElement v_Vector - in - out) + t_Array v_Vector (sz 16) + } + <: + t_PolynomialRingElement v_Vector) in out @@ -337,6 +328,7 @@ let impl_1__poly_barrett_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -375,6 +367,7 @@ let impl_1__subtract_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self b: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let b:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 98b6cc98d..bca911ebe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Polynomial -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -10,6 +10,7 @@ let _ = () let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = + let _:Prims.unit = assert_norm (pow2 16 == 65536) in let list = [ (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; @@ -28,6 +29,14 @@ let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); Rust_primitives.Hax.array_of_list 128 list +val get_zeta (i: usize) + : Prims.Pure i16 + (requires i <. sz 128) + (ensures + fun result -> + let result:i16 = result in + Spec.Utils.is_i16b 1664 result) + let v_VECTORS_IN_RING_ELEMENT: usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 1a7aefd49..4436feb62 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -144,6 +144,8 @@ let sample_from_uniform_distribution_next <: (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) +#push-options "--z3rlimit 800" + let sample_from_binomial_distribution_2_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -151,6 +153,10 @@ let sample_from_binomial_distribution_2_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length randomness == 128) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) @@ -175,6 +181,10 @@ let sample_from_binomial_distribution_2_ in let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in + let _:Prims.unit = + logand_lemma random_bits_as_u32 1431655765ul; + logand_lemma (random_bits_as_u32 >>! 1l) 1431655765ul + in let coin_toss_outcomes:u32 = even_bits +! odd_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0ul Core.Num.impl__u32__BITS @@ -195,6 +205,15 @@ let sample_from_binomial_distribution_2_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); + assert (v chunk_number <= 31); + assert (v (sz 8 *! chunk_number <: usize) <= 248); + assert (v (cast (outcome_set >>! 2l <: u32) <: usize) <= 7) + in let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s @@ -205,6 +224,10 @@ let sample_from_binomial_distribution_2_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + +#push-options "--z3rlimit 800" + let sample_from_binomial_distribution_3_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -212,6 +235,10 @@ let sample_from_binomial_distribution_3_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length randomness == 192) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) @@ -234,6 +261,11 @@ let sample_from_binomial_distribution_3_ let first_bits:u32 = random_bits_as_u24 &. 2396745ul in let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in + let _:Prims.unit = + logand_lemma random_bits_as_u24 2396745ul; + logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul + in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0l 24l @@ -254,6 +286,15 @@ let sample_from_binomial_distribution_3_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); + assert (v chunk_number <= 63); + assert (v (sz 4 *! chunk_number <: usize) <= 252); + assert (v (cast (outcome_set /! 6l <: i32) <: usize) <= 3) + in let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s @@ -264,6 +305,8 @@ let sample_from_binomial_distribution_3_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + let sample_from_binomial_distribution (v_ETA: usize) (#v_Vector: Type0) @@ -272,6 +315,7 @@ let sample_from_binomial_distribution Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in match cast (v_ETA <: usize) <: u32 with | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness @@ -281,6 +325,8 @@ let sample_from_binomial_distribution <: Rust_primitives.Hax.t_Never) +#push-options "--admit_smt_queries true" + let sample_from_xof (v_K: usize) (#v_Vector #v_Hasher: Type0) @@ -374,3 +420,5 @@ let sample_from_xof t_Slice i16) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index 5f5ac19d3..8d7df649d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -114,7 +114,9 @@ val sample_from_binomial_distribution {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (v_ETA =. sz 2 || v_ETA =. sz 3) && + (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_xof diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 01d461dd8..c0b67d1b7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -9,6 +9,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -68,6 +70,10 @@ let compress_then_serialize_10_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -127,6 +133,10 @@ let compress_then_serialize_11_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_4_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -187,6 +197,10 @@ let compress_then_serialize_4_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_5_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -247,6 +261,10 @@ let compress_then_serialize_5_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -305,6 +323,8 @@ let compress_then_serialize_message in serialized +#pop-options + let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -573,6 +593,8 @@ let deserialize_then_decompress_5_ in re +#push-options "--admit_smt_queries true" + let deserialize_then_decompress_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -625,6 +647,8 @@ let deserialize_then_decompress_message in re +#pop-options + let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -667,6 +691,8 @@ let deserialize_then_decompress_ring_element_v <: Rust_primitives.Hax.t_Never) +#push-options "--admit_smt_queries true" + let deserialize_to_reduced_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -715,6 +741,8 @@ let deserialize_to_reduced_ring_element in re +#pop-options + let deserialize_ring_elements_reduced (v_K: usize) (#v_Vector: Type0) @@ -801,6 +829,8 @@ let deserialize_to_uncompressed_ring_element in re +#push-options "--admit_smt_queries true" + let serialize_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -853,3 +883,5 @@ let serialize_uncompressed_ring_element serialized) in serialized + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index c5c20e382..4f60485f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 186d2dccc..8a875c82a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Types -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 4216d3c89..bdc6f41fb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Types -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 6ee03cd7f..2ee26ba5e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Utils -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index 2184222c0..c87b2d316 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Utils -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 0728445b5..ac2d0d4c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -1,64 +1,118 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul +let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) + (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) + v (get_lane rhs i)))) + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = () + let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i)) + in result let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = + let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector cv + in + let _:Prims.unit = + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x &. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) in - let _:Prims.unit = admit () (* Panic freedom *) in result +let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) + (ensures (v (mul_mod (get_lane lhs i) c) == + (v (get_lane lhs i) * v c))) + [SMTPat (v (mul_mod (get_lane lhs i) c))] = () + let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = + let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector cv + in + let _:Prims.unit = + Seq.lemma_eq_intro (vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x *. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane vector i *. constant); + assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); + assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant) in - let _:Prims.unit = admit () (* Panic freedom *) in result let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + in result +let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) + (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) - v (get_lane rhs i)))) + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = () + let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i)) + in result +#push-options "--z3rlimit 100" + let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t + let _:Prims.unit = + assert (forall i. + get_lane t0 i == + (cast (((cast (get_lane vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) + <: + i16)) + in + let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. 512s) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t1 + in + let _:Prims.unit = + assert (forall i. get_lane quotient i == (((get_lane t1 i) <: i16) >>! (10l <: i32))) in let quotient_times_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 quotient @@ -66,38 +120,83 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus + let _:Prims.unit = + assert (forall i. + get_lane quotient_times_field_modulus i == + get_lane quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus + in + let _:Prims.unit = + assert (forall i. + get_lane result i == get_lane vector i -. get_lane quotient_times_field_modulus i); + assert (forall i. get_lane result i == Spec.Utils.barrett_red (get_lane vector i)); + assert (forall i. v (get_lane result i) % 3329 == v (get_lane vector i) % 3329); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)) + in + result + +#pop-options + +#push-options "--z3rlimit 100" let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in + let _:Prims.unit = assert (forall i. get_lane field_modulus i == 3329s) in let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in + let _:Prims.unit = + assert (forall i. get_lane vv_minus_field_modulus i == get_lane vector i -. 3329s) + in let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus in + let _:Prims.unit = + assert (forall i. get_lane sign_mask i == (get_lane vv_minus_field_modulus i >>! 15l)) + in let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in + let _:Prims.unit = + assert (forall i. get_lane conditional_add_field_modulus i == (get_lane sign_mask i &. 3329s)) + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + assert (forall i. + get_lane result i == + (get_lane vv_minus_field_modulus i +. get_lane conditional_add_field_modulus i)); + assert (forall i. get_lane result i == Spec.Utils.cond_sub (get_lane vector i)); + assert (forall i. + get_lane result i == + (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i)) + in result +#pop-options + +#push-options "--z3rlimit 100" + let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = - let constant:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + let vec_constant:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant in + let _:Prims.unit = assert (forall i. get_lane vec_constant i == constant) in let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector constant + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector vec_constant in + let _:Prims.unit = assert (forall i. get_lane value_low i == get_lane vector i *. constant) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R @@ -108,20 +207,64 @@ let montgomery_multiply_by_constant <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); + assert (forall i. + get_lane k_times_modulus i == + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector constant + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector vec_constant + in + let _:Prims.unit = + assert (forall i. + get_lane value_high i == + (cast (((cast (get_lane vector i) <: i32) *. (cast (get_lane vec_constant i) <: i32)) >>! + 16l) + <: + i16)) in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + in + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); + assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vector i) constant); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. + v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329)) + in + result -let montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +#pop-options + +#push-options "--z3rlimit 100" + +let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. get_lane value_low i == get_lane vec i *. get_lane constants i) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low @@ -133,20 +276,65 @@ let montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); + assert (forall i. + get_lane k_times_modulus i == + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vec constants in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + let _:Prims.unit = + assert (forall i. + get_lane value_high i == + (cast (((cast (get_lane vec i) <: i32) *. (cast (get_lane constants i) <: i32)) >>! 16l) + <: + i16)) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + in + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); + assert (forall i. + get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vec i) (get_lane constants i)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. + v (get_lane result i) % 3329 == + ((v (get_lane vec i) * v (get_lane constants i) * 169) % 3329)) + in + result -let montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) = +#pop-options + +#push-options "--z3rlimit 100" + +let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec128) = let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. get_lane128 value_low i == get_lane128 vec i *. get_lane128 constants i) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 value_low @@ -158,20 +346,63 @@ let montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in + let _:Prims.unit = assert (forall i. get_lane128 k i == get_lane128 value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane128 modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) + Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 modulus)); + assert (forall i. + get_lane128 k_times_modulus i == + (cast (((cast (get_lane128 k i) <: i32) *. (cast (get_lane128 modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 vec constants in - Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 value_high k_times_modulus + let _:Prims.unit = + assert (forall i. + get_lane128 value_high i == + (cast (((cast (get_lane128 vec i) <: i32) *. (cast (get_lane128 constants i) <: i32)) >>! + 16l) + <: + i16)) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 value_high k_times_modulus + in + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. + get_lane128 result i == (get_lane128 value_high i) -. (get_lane128 k_times_modulus i)); + assert (forall i. + get_lane128 result i == + Spec.Utils.mont_mul_red_i16 (get_lane128 vec i) (get_lane128 constants i)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 result i)); + assert (forall (i: nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result)); + assert (forall i. + v (get_lane128 result i) % 3329 == + ((v (get_lane128 vec i) * v (get_lane128 constants i) * 169) % 3329)) + in + result -let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +#pop-options + +let montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vec (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) @@ -191,7 +422,7 @@ let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l v + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l vec in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus @@ -199,4 +430,8 @@ let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result in - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 5d121123a..9bc156305 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -1,20 +1,21 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul let v_BARRETT_MULTIPLIER: i16 = 20159s +open Libcrux_intrinsics.Avx2_extract + val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( +. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane lhs i) + v (get_lane rhs i))) val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -28,13 +29,12 @@ val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane vector i) * v constant)) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map_array (fun x -> x *. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane vector i) * v constant)) val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -49,40 +49,91 @@ val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( -. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane lhs i) - v (get_lane rhs i))) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. val barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. i < 16 ==> v (get_lane result i) % 3329 == (v (get_lane vector i) % 3329))) val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + Spec.Utils.is_i16b_array (pow2 12 - 1) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + forall i. + i < 16 ==> + get_lane result i == + (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i + )) val montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 1664 constant) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. + i < 16 ==> + v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329))) -val montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 constants)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. + i < 16 ==> + v (get_lane result i) % 3329 == + ((v (get_lane vec i) * v (get_lane constants i) * 169) % 3329))) -val montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 + (requires + Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 constants)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec128 = result in + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result) /\ + (forall i. + i < 8 ==> + v (get_lane128 result i) % 3329 == + ((v (get_lane128 vec i) * v (get_lane128 constants i) * 169) % 3329))) -val montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array (3328 * pow2 16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vec)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (Spec.Utils.is_i16b_array (3328 * pow2 15) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vec) ==> + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)) /\ + (forall i. i < 16 ==> v (get_lane result i) % 3329 == ((v (get_lane vec i) * 169) % 3329)) + ) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst index f8d253a4c..87c17cd2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti index 4a83ff83f..7487aa930 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index 26d37b945..7fb1ccee4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -1,8 +1,10 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let inv_ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) @@ -35,6 +37,8 @@ let inv_ntt_layer_1_step in Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 204l sum sum_times_zetas +#pop-options + let inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 245l vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 5b5ee2e40..b7f8a6c7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index a85e363da..a36ffa505 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -1,8 +1,10 @@ module Libcrux_ml_kem.Vector.Avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS @@ -91,3 +93,5 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti index 361ba6196..d75884373 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -1,7 +1,14 @@ module Libcrux_ml_kem.Vector.Avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul val rejection_sample (input: t_Slice u8) (output: t_Slice i16) - : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16 & usize) + (requires + (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 output <: usize) =. sz 16) + (ensures + fun temp_0_ -> + let output_future, res:(t_Slice i16 & usize) = temp_0_ in + Seq.length output_future == Seq.length output /\ v res <= 16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index f10ac8ca3..2ebd27fbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 159f03750..259bbee63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 6377b1311..d65ff8ae2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 2aa6f7ab9..9c2b8909f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -72,37 +72,61 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); - f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_add_pre + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i))); f_add_post = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == + v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i))); f_add = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); - f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_sub_pre + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i))); f_sub_post = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == + v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i))); f_sub = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); - f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); + f_multiply_by_constant_pre + = + (fun (vec: t_SIMD256Vector) (c: i16) -> + forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr vec) i) * v c)); f_multiply_by_constant_post = - (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); + (fun (vec: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) -> + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == v (Seq.index (impl.f_repr vec) i) * v c)); f_multiply_by_constant = - (fun (v: t_SIMD256Vector) (c: i16) -> - { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant v.f_elements c } + (fun (vec: t_SIMD256Vector) (c: i16) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant vec.f_elements c } <: t_SIMD256Vector); f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); @@ -138,7 +162,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); + f_cond_subtract_3329_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector)); f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> @@ -162,7 +188,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_montgomery_multiply_by_constant_pre = - (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 3328 constant); + (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 1664 constant); f_montgomery_multiply_by_constant_post = (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); @@ -231,7 +257,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr vector)); f_ntt_layer_1_step_post = (fun @@ -242,7 +269,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out)); f_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> @@ -256,10 +283,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr vector)); f_ntt_layer_2_step_post = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out)); f_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> @@ -270,10 +299,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_ntt_layer_3_step_pre = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr vector)); f_ntt_layer_3_step_post = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out)); f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> @@ -284,7 +316,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr vector)); f_inv_ntt_layer_1_step_post = (fun @@ -295,7 +328,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> @@ -313,10 +346,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr vector)); f_inv_ntt_layer_2_step_post = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> @@ -329,10 +364,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_inv_ntt_layer_3_step_pre = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr vector)); f_inv_ntt_layer_3_step_post = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> @@ -350,7 +387,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -362,7 +401,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_ntt_multiply = (fun @@ -525,10 +564,15 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); - f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); + f_rej_sample_pre + = + (fun (input: t_Slice u8) (output: t_Slice i16) -> + (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 output <: usize) =. sz 16); f_rej_sample_post = - (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); + (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) -> + Seq.length output_future == Seq.length output /\ v result <= 16); f_rej_sample = fun (input: t_Slice u8) (output: t_Slice i16) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index 37938e8f6..5c9bfdbfc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti index aa297220e..9429a66de 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index e039518f2..692b153dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti index 84e59e0c0..2afa05a7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index dc8d03610..d3a6b63b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti index 46ca8d3df..94a9867ce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index aa783010c..27e5827cd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 309df9740..5e9cf2737 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 9df16f186..116acadf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index a665f64ac..c5dd6b6ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst index b05106d98..f41cefe46 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti index 8093d76b3..f3280f83e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index bcafbb1c6..bcb88d903 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -105,7 +105,7 @@ let montgomery_reduce_element (value: i32) = assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); - assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); + Spec.Utils.lemma_div_at_percent (v value) (pow2 16); assert (v value_high == (v value / pow2 16)); assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert (Spec.Utils.is_i16b 3328 value_high) @@ -113,7 +113,7 @@ let montgomery_reduce_element (value: i32) = let res:i16 = value_high -! c in let _:Prims.unit = assert (Spec.Utils.is_i16b (3328 + 1665) res) in let _:Prims.unit = - assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res) + assert (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res) in let _:Prims.unit = calc ( == ) { @@ -164,47 +164,59 @@ let montgomery_reduce_element (value: i32) = #push-options "--z3rlimit 300" let montgomery_multiply_fe_by_fer (fe fer: i16) = - let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer in let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in montgomery_reduce_element product #pop-options +#push-options "--z3rlimit 150" + let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_add (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + assert (forall i. + v (Seq.index lhs.f_elements i) == + v (Seq.index v__lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) + in + lhs + +#pop-options + +#push-options "--z3rlimit 150" let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -214,12 +226,24 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length vec.f_elements == Seq.length v__vec0.f_elements /\ - (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j))) + (forall j. + j < v i ==> + (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ + v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index v__vec0.f_elements j) % 3329) + )) /\ + (forall j. + j >= v i ==> + (Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j /\ + Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j)))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in + let vi:i16 = + barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -228,79 +252,95 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ - i ] - <: - i16) - <: - i16) + vi } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert (Spec.Utils.is_i16b 3328 vi); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)) + in vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in - let _:Prims.unit = admit () (* Panic freedom *) in - result + vec + +#pop-options let bitwise_and_with_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c <: i16) + (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j &. c) + ) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j) + ) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) + in + vec -let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length v.f_elements == Seq.length v__vec0.f_elements) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (forall j. + j < v i ==> + Seq.index vec.f_elements j == + (let x = Seq.index v__vec0.f_elements j in + if x >=. 3329s then x -! 3329s else x)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in if - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s <: bool + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + <: + bool then { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s <: i16) <: @@ -308,37 +348,45 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - else v) + else vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) + in + vec #push-options "--z3rlimit 150" let montgomery_multiply_by_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + (forall j. + j < v i ==> + (let vecj = Seq.index vec.f_elements j in + (Spec.Utils.is_i16b 3328 vecj /\ + v vecj % 3329 == (v (Seq.index v__vec0.f_elements j) * v c * 169) % 3329))) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (montgomery_multiply_fe_by_fer (v + (montgomery_multiply_fe_by_fer (vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) @@ -351,110 +399,125 @@ let montgomery_multiply_by_constant <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - v + vec #pop-options -let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_mul (v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - c - <: - i16) + (forall j. + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *! c) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index v__vec0.f_elements i) * v c) + in + vec -let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! v_SHIFT_BY - <: - i16) + (forall j. + j < v i ==> + Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j >>! v_SHIFT_BY)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! + v_SHIFT_BY + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) + in + vec let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_sub (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + assert (forall i. + v (Seq.index lhs.f_elements i) == + v (Seq.index v__lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) + in + lhs diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index d4bb456f7..92516558b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -51,7 +51,7 @@ val montgomery_reduce_element (value: i32) fun result -> let result:i16 = result in Spec.Utils.is_i16b (3328 + 1665) result /\ - (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\ + (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\ v result % 3329 == (v value * 169) % 3329) /// If `fe` is some field element \'x\' of the Kyber field and `fer` is congruent to @@ -62,19 +62,26 @@ val montgomery_reduce_element (value: i32) /// `x ยท y ยท MONTGOMERY_R * MONTGOMERY_R^{-1} โ‰ก x ยท y (mod FIELD_MODULUS)`. val montgomery_multiply_fe_by_fer (fe fer: i16) : Prims.Pure i16 - (requires Spec.Utils.is_i16b 3328 fer) + (requires Spec.Utils.is_i16b 1664 fer) (ensures fun result -> let result:i16 = result in - Spec.Utils.is_i16b (3328 + 1665) result /\ v result % 3329 == (v fe * v fer * 169) % 3329) + Spec.Utils.is_i16b 3328 result /\ v result % 3329 == (v fe * v fer * 169) % 3329) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map2 ( +. ) (lhs.f_elements) (rhs.f_elements)) + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))) val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -83,56 +90,76 @@ val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in Spec.Utils.is_i16b_array 3328 result.f_elements /\ - Spec.MLKEM.Math.to_spec_array result.f_elements == - Spec.MLKEM.Math.to_spec_array vec.f_elements) + (forall i. + (v (Seq.index result.f_elements i) % 3329) == (v (Seq.index vec.f_elements i) % 3329)) + ) val bitwise_and_with_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (v.f_elements)) + result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (vec.f_elements)) -val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +/// Note: This function is not secret independent +/// Only use with public values. +val cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b_array (pow2 12 - 1) vec.f_elements) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in result.f_elements == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (v.f_elements)) + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (vec.f_elements)) val montgomery_multiply_by_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 3328 c) - (fun _ -> Prims.l_True) + (requires Spec.Utils.is_i16b 1664 c) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements /\ + (forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) % 3329 == + (v (Seq.index vec.f_elements i) * v c * 169) % 3329))) -val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) +val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c) + ) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map_array (fun x -> x *. c) (v.f_elements)) + forall i. + i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c)) -val shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> - result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (v.f_elements)) + result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec.f_elements)) val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map2 ( -. ) (lhs.f_elements) (rhs.f_elements)) + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index 4a470d7d1..1d8993c9e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 8a078f1b0..4a89ca30f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 99ab0e5b0..16b31ced7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -1,144 +1,179 @@ module Libcrux_ml_kem.Vector.Portable.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul let inv_ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) = let a_minus_b:i16 = - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let o0:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) +! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) + <: + i16) + in + let o1:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) +! - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i16) - <: - i16) + o0 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - (Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta - <: - i16) + o1 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - v + vec + +#push-options "--z3rlimit 200" let inv_ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 0) (sz 2) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 1) (sz 3) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 4) (sz 6) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 5) (sz 7) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta2 (sz 8) (sz 10) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta2 (sz 9) (sz 11) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta3 (sz 12) (sz 14) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta3 (sz 13) (sz 15) - in - v + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 0) (sz 2) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 1) (sz 3) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 4) (sz 6) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 5) (sz 7) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta2 (sz 8) (sz 10) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta2 (sz 9) (sz 11) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta3 (sz 12) (sz 14) + in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta3 (sz 13) (sz 15) + in + let _:Prims.unit = + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 13)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 15)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 12)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 14)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 9)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 11)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 8)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 10)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 5)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 7)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 4)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 6)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 1)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 3)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 0)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 2)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements i)) + in + vec + +#pop-options + +#push-options "--z3rlimit 100" let inv_ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 0) (sz 4) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 0) (sz 4) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 1) (sz 5) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 1) (sz 5) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 2) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 2) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 3) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 3) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 8) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 8) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 9) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 9) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 10) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 10) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 11) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 11) (sz 15) in - v + vec + +#pop-options + +#push-options "--z3rlimit 100" let inv_ntt_layer_3_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 0) (sz 8) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 0) (sz 8) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 1) (sz 9) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 1) (sz 9) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 2) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 2) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 3) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 3) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 4) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 4) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 5) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 5) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 6) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 6) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 7) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 7) (sz 15) in - v + vec + +#pop-options + +#push-options "--z3rlimit 200 --split_queries always --query_stats" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -146,54 +181,66 @@ let ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let o0:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - <: - i32) +! - ((cast (Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i32) - <: - i32) - <: - i16) - <: - i32) *! - (cast (zeta <: i16) <: i32) - <: - i32) - <: - i32) - in - let o1:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) - <: - i32) +! - ((cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - <: - i32) - <: - i32) + let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in + let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in + let aj:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in + let bj:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in + let _:Prims.unit = + assert (Spec.Utils.is_i16b 3328 ai); + assert (Spec.Utils.is_i16b 3328 bi); + assert (Spec.Utils.is_i16b 3328 aj); + assert (Spec.Utils.is_i16b 3328 bj); + assert_norm (3328 * 3328 < pow2 31) + in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bi in + let ai_bi:i32 = (cast (ai <: i16) <: i32) *! (cast (bi <: i16) <: i32) in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bj in + let aj_bj___:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let _:Prims.unit = assert_norm (3328 * 3328 <= 3328 * pow2 15) in + let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj___ in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in + let aj_bj_zeta:i32 = (cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) in + let ai_bi_aj_bj:i32 = ai_bi +! aj_bj_zeta in + let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) ai_bi_aj_bj) in + let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15) in + let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bi_aj_bj in + let _:Prims.unit = + calc ( == ) { + v o0 % 3329; + ( == ) { () } + (v ai_bi_aj_bj * 169) % 3329; + ( == ) { assert (v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } + ((v ai_bi + v aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } + (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } + ((((v ai * v bi) + (v aj_bj * v zeta)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj_bj * v zeta) 3329 } + ((((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } + ((((v ai * v bi) + (((v aj_bj % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj % 3329 == (v aj_bj___ * 169) % 3329) } + ((((v ai * v bi) + ((((v aj_bj___ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj___ == v aj * v bj) } + ((((v ai * v bi) + ((((v aj * v bj * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } + ((((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj * v bj * 169 * v zeta) 3329 } + ((((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) + 169 + 3329 } + (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) * 169) % 3329; + } in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bj in + let ai_bj:i32 = (cast (ai <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bi in + let aj_bi:i32 = (cast (aj <: i16) <: i32) *! (cast (bi <: i16) <: i32) in + let ai_bj_aj_bi:i32 = ai_bj +! aj_bi in + let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi) in + let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in + let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -220,139 +267,168 @@ let ntt_multiply_binomials <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = admit () in out +#pop-options + +#push-options "--admit_smt_queries true" + let ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) = let t:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer (v + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer (vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) zeta in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - v + vec + +#pop-options + +#push-options "--z3rlimit 100" let ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 0) (sz 2) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 0) (sz 2) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 1) (sz 3) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 1) (sz 3) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 4) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 4) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 5) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 5) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta2 (sz 8) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta2 (sz 8) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta2 (sz 9) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta2 (sz 9) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta3 (sz 12) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta3 (sz 12) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta3 (sz 13) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta3 (sz 13) (sz 15) in - v + vec + +#pop-options + +#push-options "--z3rlimit 100" let ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 0) (sz 4) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 0) (sz 4) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 1) (sz 5) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 1) (sz 5) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 2) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 2) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 3) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 3) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 8) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 8) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 9) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 9) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 10) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 10) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 11) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 11) (sz 15) in - v + vec -let ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 0) (sz 8) +#pop-options + +#push-options "--z3rlimit 100" + +let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 0) (sz 8) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 1) (sz 9) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 1) (sz 9) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 2) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 2) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 3) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 3) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 4) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 4) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 5) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 5) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 6) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 6) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 7) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 7) (sz 15) in - v + vec + +#pop-options + +#push-options "--z3rlimit 100" let ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = + let nzeta0:i16 = Core.Ops.Arith.Neg.neg zeta0 in + let nzeta1:i16 = Core.Ops.Arith.Neg.neg zeta1 in + let nzeta2:i16 = Core.Ops.Arith.Neg.neg zeta2 in + let nzeta3:i16 = Core.Ops.Arith.Neg.neg zeta3 in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta0) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta1) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta2) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta3) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in @@ -360,24 +436,27 @@ let ntt_multiply ntt_multiply_binomials lhs rhs zeta0 (sz 0) (sz 1) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta0 <: i16) (sz 2) (sz 3) out + ntt_multiply_binomials lhs rhs nzeta0 (sz 2) (sz 3) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta1 (sz 4) (sz 5) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta1 <: i16) (sz 6) (sz 7) out + ntt_multiply_binomials lhs rhs nzeta1 (sz 6) (sz 7) out in + let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta2 (sz 8) (sz 9) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta2 <: i16) (sz 10) (sz 11) out + ntt_multiply_binomials lhs rhs nzeta2 (sz 10) (sz 11) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta3 (sz 12) (sz 13) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta3 <: i16) (sz 14) (sz 15) out + ntt_multiply_binomials lhs rhs nzeta3 (sz 14) (sz 15) out in out + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 3c826a279..344545f74 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -1,36 +1,60 @@ module Libcrux_ml_kem.Vector.Portable.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul val inv_ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) + (ensures + fun vec_future -> + let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in + Spec.Utils.is_i16b_array (4 * 3328) vec_future.f_elements /\ + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ + (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)))) val inv_ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements) val inv_ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements) val inv_ntt_layer_3_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements) /// Compute the product of two Kyber binomials with respect to the /// modulus `Xยฒ - zeta`. @@ -44,7 +68,7 @@ val inv_ntt_layer_3_step /// cโ‚ โ† aโ‚€ยทbโ‚ + aโ‚ยทbโ‚€ /// return cโ‚€, cโ‚ /// ``` -/// We say "almost" because the coefficients output by this function are in +/// We say \"almost\" because the coefficients output by this function are in /// the Montgomery domain (unlike in the specification). /// The NIST FIPS 203 standard can be found at /// . @@ -54,39 +78,93 @@ val ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array 3228 a.f_elements /\ Spec.Utils.is_i16b_array 3228 b.f_elements) + (ensures + fun out_future -> + let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in + Spec.Utils.is_i16b_array 3328 out.f_elements /\ + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ + (let ai = Seq.index a.f_elements (v i) in + let aj = Seq.index a.f_elements (v j) in + let bi = Seq.index b.f_elements (v i) in + let bj = Seq.index b.f_elements (v j) in + let oi = Seq.index out_future.f_elements (v i) in + let oj = Seq.index out_future.f_elements (v j) in + let x, y = + Spec.MLKEM.Math.poly_base_case_multiply (v ai % 3329) + (v aj % 3329) + (v bi % 3329) + (v bj % 3329) + ((v zeta * 169) % 3329) + in + ((x * 169) % 3329 == v oi % 3329) /\ (y * 169) % 3329 == v oj % 3329)) val ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) + (ensures + fun vec_future -> + let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ + (forall b. + (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ + Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> + (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ + Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ]))) val ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 6 * 3328) result.f_elements) val ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 5 * 3328) result.f_elements) -val ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) +val ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 4 * 3328) result.f_elements) val ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 lhs.f_elements /\ Spec.Utils.is_i16b_array 3228 rhs.f_elements + ) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index aec49a64f..b9c0febd3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -1,8 +1,10 @@ module Libcrux_ml_kem.Vector.Portable.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = @@ -40,3 +42,5 @@ let rej_sample (a: t_Slice u8) (result: t_Slice i16) = in let hax_temp_output:usize = sampled in result, hax_temp_output <: (t_Slice i16 & usize) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti index fc5f15276..cbbc36deb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti @@ -1,7 +1,14 @@ module Libcrux_ml_kem.Vector.Portable.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul val rej_sample (a: t_Slice u8) (result: t_Slice i16) - : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16 & usize) + (requires + (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 result <: usize) =. sz 16) + (ensures + fun temp_0_ -> + let result_future, res:(t_Slice i16 & usize) = temp_0_ in + Seq.length result_future == Seq.length result /\ v res <= 16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 4f479ac21..eed6ec9d6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 1456b37d8..16fd7000e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst index 962c322cf..948ac409c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index fcbb04325..7f42fe833 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 00d0a1e3d..d7a0d3f21 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 300 --split_queries always" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -30,6 +30,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } +#push-options "--admit_smt_queries true" + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -73,15 +75,21 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))); f_add_post = (fun (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))); f_add = (fun @@ -95,15 +103,21 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))); f_sub_post = (fun (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))); f_sub = (fun @@ -113,19 +127,22 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.sub lhs rhs); f_multiply_by_constant_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true); + (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c) + ); f_multiply_by_constant_post = (fun - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); + forall i. + i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c)); f_multiply_by_constant = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> - Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant v c); + (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> + Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant vec c); f_bitwise_and_with_constant_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true); @@ -160,7 +177,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.shift_right v_SHIFT_BY v); f_cond_subtract_3329_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr v)); f_cond_subtract_3329_post = (fun @@ -191,7 +209,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_montgomery_multiply_by_constant_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> - Spec.Utils.is_i16b 3328 r); + Spec.Utils.is_i16b 1664 r); f_montgomery_multiply_by_constant_post = (fun @@ -274,7 +292,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr a)); f_ntt_layer_1_step_post = (fun @@ -285,7 +305,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out)); f_ntt_layer_1_step = (fun @@ -303,7 +323,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr a)); f_ntt_layer_2_step_post = (fun @@ -312,7 +333,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta1: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out)); f_ntt_layer_2_step = (fun @@ -323,7 +344,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_2_step a zeta0 zeta1); f_ntt_layer_3_step_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr a)); f_ntt_layer_3_step_post = (fun @@ -331,7 +353,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out)); f_ntt_layer_3_step = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> @@ -345,7 +367,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr a)); f_inv_ntt_layer_1_step_post = (fun @@ -356,7 +380,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_1_step = (fun @@ -374,7 +398,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr a)); f_inv_ntt_layer_2_step_post = (fun @@ -383,7 +408,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta1: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_2_step = (fun @@ -394,7 +419,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_2_step a zeta0 zeta1); f_inv_ntt_layer_3_step_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr a)); f_inv_ntt_layer_3_step_post = (fun @@ -402,7 +428,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_3_step = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> @@ -417,7 +443,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -429,7 +458,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_ntt_multiply = (fun @@ -456,6 +485,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = + assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) + in let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); @@ -483,6 +515,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = + assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) + in let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); @@ -591,10 +626,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); - f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); + f_rej_sample_pre + = + (fun (a: t_Slice u8) (out: t_Slice i16) -> + (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 out <: usize) =. sz 16); f_rej_sample_post = - (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true); + (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) -> + Seq.length out_future == Seq.length out /\ v result <= 16); f_rej_sample = fun (a: t_Slice u8) (out: t_Slice i16) -> @@ -605,3 +645,5 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i16 & usize) } + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti index ce3906fea..f1aa1ee53 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Rej_sample_table -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index be631a15d..1c6967d6d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -1,23 +1,40 @@ module Libcrux_ml_kem.Vector.Traits -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul +#push-options "--z3rlimit 100" + let decompress_1_ (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) - (v: v_T) + (vec: v_T) = - let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s) in - f_bitwise_and_with_constant #v_T - #FStar.Tactics.Typeclasses.solve - (f_sub #v_T - #FStar.Tactics.Typeclasses.solve - (f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () <: v_T) - v - <: - v_T) - 1665s + let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in + let _:Prims.unit = + assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) + in + let _:Prims.unit = + assert (forall i. + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + ((0 - v x) == 0 \/ (0 - v x) == - 1)) + in + let _:Prims.unit = + assert (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) + in + let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in + let _:Prims.unit = + assert (forall i. + Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) + in + let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s + +#pop-options let montgomery_multiply_fe (#v_T: Type0) @@ -36,6 +53,10 @@ let to_standard_domain v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS +#push-options "--z3rlimit 100" + +#push-options "--admit_smt_queries true" + let to_unsigned_representative (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -46,3 +67,7 @@ let to_unsigned_representative f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in f_add #v_T #FStar.Tactics.Typeclasses.solve a fm + +#pop-options + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index a1de0f9af..222c69504 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Traits -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -42,19 +42,54 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; + f_add_pre:lhs: v_Self -> rhs: v_Self + -> pred: + Type0 + { (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (f_repr lhs) i) + v (Seq.index (f_repr rhs) i))) ==> + pred }; f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( +. ) (f_repr lhs) (f_repr rhs)}; + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> + (v (Seq.index (f_repr result) i) == + v (Seq.index (f_repr lhs) i) + v (Seq.index (f_repr rhs) i))) }; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; + f_sub_pre:lhs: v_Self -> rhs: v_Self + -> pred: + Type0 + { (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (f_repr lhs) i) - v (Seq.index (f_repr rhs) i))) ==> + pred }; f_sub_post:lhs: v_Self -> rhs: v_Self -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( -. ) (f_repr lhs) (f_repr rhs)}; + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> + (v (Seq.index (f_repr result) i) == + v (Seq.index (f_repr lhs) i) - v (Seq.index (f_repr rhs) i))) }; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_multiply_by_constant_post:v: v_Self -> c: i16 -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x *. c) (f_repr v)}; + f_multiply_by_constant_pre:vec: v_Self -> c: i16 + -> pred: + Type0 + { (forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr vec) i) * v c)) ==> + pred }; + f_multiply_by_constant_post:vec: v_Self -> c: i16 -> result: v_Self + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> (v (Seq.index (f_repr result) i) == v (Seq.index (f_repr vec) i) * v c)) }; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) @@ -78,7 +113,8 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v: v_Self -> pred: Type0{true ==> pred}; + f_cond_subtract_3329_pre:v: v_Self + -> pred: Type0{Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr v) ==> pred}; f_cond_subtract_3329_post:v: v_Self -> result: v_Self -> pred: Type0 @@ -95,7 +131,7 @@ class t_Operations (v_Self: Type0) = { f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 - -> pred: Type0{Spec.Utils.is_i16b 3328 c ==> pred}; + -> pred: Type0{Spec.Utils.is_i16b 1664 c ==> pred}; f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self @@ -131,23 +167,40 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> pred }; - f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_ntt_layer_1_step_post: + a: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; - f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> + pred }; + f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; - f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> + pred }; + f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -156,23 +209,38 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> pred }; - f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_inv_ntt_layer_1_step_post: + a: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; - f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (f_repr a) ==> + pred }; + f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; - f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; + -> pred: + Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; + f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) @@ -187,9 +255,18 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3228 (f_repr rhs) ==> pred }; - f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_ntt_multiply_post: + lhs: v_Self -> + rhs: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) @@ -288,8 +365,18 @@ class t_Operations (v_Self: Type0) = { {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; - f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; + f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 + -> pred: + Type0 + { (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 out <: usize) =. sz 16 ==> + pred }; + f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) + -> pred: + Type0 + { pred ==> + (let out_future, result:(t_Slice i16 & usize) = x in + Seq.length out_future == Seq.length out /\ v result <= 16) }; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) @@ -318,14 +405,27 @@ let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209ul let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = 1353s -val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) +val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) + : Prims.Pure v_T + (requires + forall i. + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + (x == 0s \/ x == 1s)) + (fun _ -> Prims.l_True) val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) - : Prims.Pure v_T (requires Spec.Utils.is_i16b 3328 fer) (fun _ -> Prims.l_True) + : Prims.Pure v_T (requires Spec.Utils.is_i16b 1664 fer) (fun _ -> Prims.l_True) val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure v_T + (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) + (ensures + fun result -> + let result:v_T = result in + forall i. + (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in + (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 5886525fd..d8a390871 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,14 +3,13 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Sampling.fst \ - Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Vector.Portable.fsti \ + Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index dabcb0f5c..0fba37313 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -1,5 +1,5 @@ module Spec.MLKEM.Math -#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open FStar.Mul open Core @@ -94,6 +94,7 @@ let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let a = field_add a t in (a,b) +#push-options "--split_queries always" let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (128 / len) - 1 in @@ -103,6 +104,7 @@ let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in if idx < len then a_ntt else b_ntt) +#pop-options val poly_ntt: polynomial -> polynomial let poly_ntt p = diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 714882751..bfa2fcd9a 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -1,9 +1,8 @@ module Spec.Utils #set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Spec.SHA3 open FStar.Mul open Core - + (** Utils *) let map_slice #a #b (f:(x:a -> b)) @@ -15,14 +14,92 @@ let map_array #a #b #len (s: t_Array a len): t_Array b len = createi (length s) (fun i -> f (Seq.index s (v i))) -let map2 #a #b #c (#len:usize{v len < pow2 32}) +let map2 #a #b #c #len (f:a -> b -> c) (x: t_Array a len) (y: t_Array b len): t_Array c len - = Lib.Sequence.map2 #a #b #c #(v len) f x y + = createi (length x) (fun i -> f (Seq.index x (v i)) (Seq.index y (v i))) + +let create len c = createi len (fun i -> c) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 + +let createL len l = Rust_primitives.Hax.array_of_list len l + +let create16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 = + let l = [v15; v14; v13; v12; v11; v10; v9; v8; v7; v6; v5; v4; v3; v2; v1; v0] in + assert_norm (List.Tot.length l == 16); + createL 16 l + + +val lemma_createL_index #a len l i : + Lemma (Seq.index (createL #a len l) i == List.Tot.index l i) + [SMTPat (Seq.index (createL #a len l) i)] +let lemma_createL_index #a len l i = () + +val lemma_create16_index #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 i : + Lemma (Seq.index (create16 #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) i == + (if i = 0 then v15 else + if i = 1 then v14 else + if i = 2 then v13 else + if i = 3 then v12 else + if i = 4 then v11 else + if i = 5 then v10 else + if i = 6 then v9 else + if i = 7 then v8 else + if i = 8 then v7 else + if i = 9 then v6 else + if i = 10 then v5 else + if i = 11 then v4 else + if i = 12 then v3 else + if i = 13 then v2 else + if i = 14 then v1 else + if i = 15 then v0)) + [SMTPat (Seq.index (create16 #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) i)] +let lemma_create16_index #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 i = + let l = [v15; v14; v13; v12; v11; v10; v9; v8; v7; v6; v5; v4; v3; v2; v1; v0] in + assert_norm (List.Tot.index l 0 == v15); + assert_norm (List.Tot.index l 1 == v14); + assert_norm (List.Tot.index l 2 == v13); + assert_norm (List.Tot.index l 3 == v12); + assert_norm (List.Tot.index l 4 == v11); + assert_norm (List.Tot.index l 5 == v10); + assert_norm (List.Tot.index l 6 == v9); + assert_norm (List.Tot.index l 7 == v8); + assert_norm (List.Tot.index l 8 == v7); + assert_norm (List.Tot.index l 9 == v6); + assert_norm (List.Tot.index l 10 == v5); + assert_norm (List.Tot.index l 11 == v4); + assert_norm (List.Tot.index l 12 == v3); + assert_norm (List.Tot.index l 13 == v2); + assert_norm (List.Tot.index l 14 == v1); + assert_norm (List.Tot.index l 15 == v0) + + +val lemma_createi_index #a len f i : + Lemma (Seq.index (createi #a len f) i == f (sz i)) + [SMTPat (Seq.index (createi #a len f) i)] +let lemma_createi_index #a len f i = () + +val lemma_create_index #a len c i: + Lemma (Seq.index (create #a len c) i == c) + [SMTPat (Seq.index (create #a len c) i)] +let lemma_create_index #a len c i = () + +val lemma_map_index #a #b #len f x i: + Lemma (Seq.index (map_array #a #b #len f x) i == f (Seq.index x i)) + [SMTPat (Seq.index (map_array #a #b #len f x) i)] +let lemma_map_index #a #b #len f x i = () + +val lemma_map2_index #a #b #c #len f x y i: + Lemma (Seq.index (map2 #a #b #c #len f x y) i == f (Seq.index x i) (Seq.index y i)) + [SMTPat (Seq.index (map2 #a #b #c #len f x y) i)] +let lemma_map2_index #a #b #c #len f x y i = () -#push-options "--z3rlimit 500" +let lemma_bitand_properties #t (x:int_t t) : + Lemma ((x &. ones) == x /\ (x &. mk_int #t 0) == mk_int #t 0 /\ (ones #t &. x) == x /\ (mk_int #t 0 &. x) == mk_int #t 0) = + logand_lemma #t x x + +#push-options "--z3rlimit 250" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) (x: t_Array (t_Array t m) n) @@ -37,6 +114,8 @@ type t_Result a b = | Err: b -> t_Result a b (** Hash Function *) +open Spec.SHA3 + val v_G (input: t_Slice u8) : t_Array u8 (sz 64) let v_G input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_512 (Seq.length input) (map_slice Lib.IntTypes.secret input)) @@ -71,22 +150,47 @@ let update_at_range_lemma #n with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) - + /// Bounded integers -let is_i16b (l:nat) (x:i16) = (v x <= l) && (v x >= -l) +let is_intb (l:nat) (x:int) = (x <= l) && (x >= -l) +let is_i16b (l:nat) (x:i16) = is_intb l (v x) let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i) let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) -let is_i32b (l:nat) (x:i32) = (v x <= l) && (v x >= -l) +let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 -let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) +val lemma_intb_le b b' + : Lemma (requires (b <= b')) + (ensures (forall n. is_intb b n ==> is_intb b' n)) +let lemma_intb_le b b' = () + +#push-options "--z3rlimit 200" +val lemma_mul_intb (b1 b2: nat) (n1 n2: int) + : Lemma (requires (is_intb b1 n1 /\ is_intb b2 n2)) + (ensures (is_intb (b1 * b2) (n1 * n2))) +let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = + if n1 = 0 || n2 = 0 + then () + else + let open FStar.Math.Lemmas in + lemma_abs_bound n1 b1; + lemma_abs_bound n2 b2; + lemma_abs_mul n1 n2; + lemma_mult_le_left (abs n1) (abs n2) b2; + lemma_mult_le_right b2 (abs n1) b1; + lemma_abs_bound (n1 * n2) (b1 * b2) +#pop-options + +val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) - (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) = + (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) + +let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = if v n1 = 0 || v n2 = 0 then () else @@ -98,9 +202,269 @@ let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) lemma_mult_le_right b2 (abs (v n1)) b1; lemma_abs_bound (v n1 * v n2) (b1 * b2) -let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : +val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) (ensures (range (v n1 + v n2) i16_inttype /\ is_i16b (b1 + b2) (n1 +! n2))) - = () +let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () + + +#push-options "--z3rlimit 100 --split_queries always" +let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): + Lemma (v @% p == v) = + let m = v % p in + if v < 0 then ( + Math.Lemmas.lemma_mod_plus v 1 p; + assert ((v + p) % p == v % p); + assert (v + p >= 0); + assert (v + p < p); + Math.Lemmas.modulo_lemma (v+p) p; + assert (m == v + p); + assert (m >= p/2); + assert (v @% p == m - p); + assert (v @% p == v)) + else ( + assert (v >= 0 /\ v < p); + Math.Lemmas.modulo_lemma v p; + assert (v % p == v); + assert (m < p/2); + assert (v @% p == v) + ) +#pop-options + +val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : + Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) + (ensures (range (v n1 - v n2) i16_inttype /\ + is_i16b (b1 + b2) (n1 -. n2) /\ + v (n1 -. n2) == v n1 - v n2)) +let lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) = () + +let mont_mul_red_i16 (x:i16) (y:i16) : i16= + let vlow = x *. y in + let k = vlow *. (neg 3327s) in + let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + vhigh -. k_times_modulus + +let mont_red_i32 (x:i32) : i16 = + let vlow = cast x <: i16 in + let k = vlow *. (neg 3327s) in + let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in + let vhigh = cast (x >>! 16l) <: i16 in + vhigh -. k_times_modulus + +#push-options "--z3rlimit 100" +let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): + Lemma ((v @% p) % p == v % p) = + let m = v % p in + assert (m >= 0 /\ m < p); + if m >= p/2 then ( + assert ((v @%p) % p == (m - p) %p); + Math.Lemmas.lemma_mod_plus m (-1) p; + assert ((v @%p) % p == m %p); + Math.Lemmas.lemma_mod_mod m v p; + assert ((v @%p) % p == v % p) + ) else ( + assert ((v @%p) % p == m%p); + Math.Lemmas.lemma_mod_mod m v p; + assert ((v @%p) % p == v % p) + ) +#pop-options + +let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): + Lemma ((v / p) @% p == v / p) = + lemma_range_at_percent (v/p) p + +val lemma_mont_red_i32 (x:i32): Lemma + (requires (is_i32b (3328 * pow2 16) x)) + (ensures ( + let result:i16 = mont_red_i32 x in + is_i16b (3328 + 1665) result /\ + (is_i32b (3328 * pow2 15) x ==> is_i16b 3328 result) /\ + v result % 3329 == (v x * 169) % 3329)) + +let lemma_mont_red_i32 (x:i32) = + let vlow = cast x <: i16 in + assert (v vlow == v x @% pow2 16); + let k = vlow *. (neg 3327s) in + assert (v k == ((v x @% pow2 16) * (- 3327)) @% pow2 16); + let k_times_modulus = (cast k <: i32) *. 3329l in + assert (v k_times_modulus == (v k * 3329)); + let c = cast (k_times_modulus >>! 16l) <: i16 in + assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + lemma_div_at_percent (v k * 3329) (pow2 16); + assert (v c == (((v k * 3329) / pow2 16))); + assert (is_i16b 1665 c); + let vhigh = cast (x >>! 16l) <: i16 in + lemma_div_at_percent (v x) (pow2 16); + assert (v vhigh == v x / pow2 16); + assert (is_i16b 3328 vhigh); + let result = vhigh -. c in + lemma_sub_i16b 3328 1665 vhigh c; + assert (is_i16b (3328 + 1665) result); + assert (v result = v vhigh - v c); + assert (is_i16b (3328 + 1665) result); + assert (is_i32b (3328 * pow2 15) x ==> is_i16b 3328 result); + calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { assert (v k_times_modulus == v k * 3329) } + (v k * 3329) % pow2 16; + ( == ) { assert (v k = ((v x @% pow2 16) * (-3327)) @% pow2 16) } + ((((v x @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((v x @% pow2 16) * (-3327)) @% pow2 16) 3329 (pow2 16) } + (((((v x @% pow2 16) * (-3327)) @% pow2 16) % pow2 16) * 3329) % pow2 16; + ( == ) { lemma_at_percent_mod ((v x @% pow2 16) * (-3327)) (pow2 16)} + ((((v x @% pow2 16) * (-3327)) % pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v x @% pow2 16) * (-3327)) 3329 (pow2 16) } + (((v x @% pow2 16) * (-3327)) * 3329) % pow2 16; + ( == ) { } + ((v x @% pow2 16) * (-3327 * 3329)) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v x @% pow2 16) (-3327 * 3329) (pow2 16) } + ((v x @% pow2 16) % pow2 16); + ( == ) { lemma_at_percent_mod (v x) (pow2 16) } + (v x) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v x) (v k_times_modulus); + assert ((v x - v k_times_modulus) % pow2 16 == 0); + calc ( == ) { + v result % 3329; + ( == ) { } + (v x / pow2 16 - v k_times_modulus / pow2 16) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } + ((v x - v k_times_modulus) / pow2 16) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + (((v x - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v x - v k_times_modulus) / pow2 16) + (pow2 16 * 169) + 3329 } + (((v x - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } + ((v x - v k_times_modulus) * 169) % 3329; + ( == ) { assert (v k_times_modulus == v k * 3329) } + ((v x * 169) - (v k * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v x * 169) 3329 (v k * 169) } + (v x * 169) % 3329; + } + +val lemma_mont_mul_red_i16_int (x y:i16): Lemma + (requires (is_intb (3326 * pow2 15) (v x * v y))) + (ensures ( + let result:i16 = mont_mul_red_i16 x y in + is_i16b 3328 result /\ + v result % 3329 == (v x * v y * 169) % 3329)) + +let lemma_mont_mul_red_i16_int (x y:i16) = + let vlow = x *. y in + let prod = v x * v y in + assert (v vlow == prod @% pow2 16); + let k = vlow *. (neg 3327s) in + assert (v k == (((prod) @% pow2 16) * (- 3327)) @% pow2 16); + let k_times_modulus = (cast k <: i32) *. 3329l in + assert (v k_times_modulus == (v k * 3329)); + let c = cast (k_times_modulus >>! 16l) <: i16 in + assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + lemma_div_at_percent (v k * 3329) (pow2 16); + assert (v c == (((v k * 3329) / pow2 16))); + assert (is_i16b 1665 c); + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + assert (v x @% pow2 32 == v x); + assert (v y @% pow2 32 == v y); + assert (v ((cast x <: i32) *. (cast y <: i32)) == (v x * v y) @% pow2 32); + assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); + assert_norm (pow2 15 * 3326 < pow2 31); + lemma_range_at_percent prod (pow2 32); + assert (v vhigh == (prod / pow2 16) @% pow2 16); + lemma_div_at_percent prod (pow2 16); + assert (v vhigh == prod / pow2 16); + let result = vhigh -. c in + assert (is_i16b 1663 vhigh); + lemma_sub_i16b 1663 1665 vhigh c; + assert (is_i16b 3328 result); + assert (v result = v vhigh - v c); + calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { assert (v k_times_modulus == v k * 3329) } + (v k * 3329) % pow2 16; + ( == ) { assert (v k = ((prod @% pow2 16) * (-3327)) @% pow2 16) } + ((((prod @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((prod @% pow2 16) * (-3327)) @% pow2 16) 3329 (pow2 16) } + (((((prod @% pow2 16) * (-3327)) @% pow2 16) % pow2 16) * 3329) % pow2 16; + ( == ) { lemma_at_percent_mod ((prod @% pow2 16) * (-3327)) (pow2 16)} + ((((prod @% pow2 16) * (-3327)) % pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((prod @% pow2 16) * (-3327)) 3329 (pow2 16) } + (((prod @% pow2 16) * (-3327)) * 3329) % pow2 16; + ( == ) { } + ((prod @% pow2 16) * (-3327 * 3329)) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (prod @% pow2 16) (-3327 * 3329) (pow2 16) } + ((prod @% pow2 16) % pow2 16); + ( == ) { lemma_at_percent_mod (prod) (pow2 16) } + (prod) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) ((prod)) (v k_times_modulus); + assert (((prod) - v k_times_modulus) % pow2 16 == 0); + calc ( == ) { + v result % 3329; + ( == ) { } + (((prod) / pow2 16) - ((v k * 3329) / pow2 16)) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - (v k * 3329)) (pow2 16) } + ((prod - (v k * 3329)) / pow2 16) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + (((prod - (v k * 3329)) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((prod) - (v k * 3329)) / pow2 16) + (pow2 16 * 169) + 3329 } + ((((prod) - (v k * 3329)) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - (v k * 3329)) (pow2 16) } + (((prod) - (v k * 3329)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub ((prod) * 169) 3329 (v k * 169)} + ((prod) * 169) % 3329; + } + + +val lemma_mont_mul_red_i16 (x y:i16): Lemma + (requires (is_i16b 1664 y \/ is_intb (3326 * pow2 15) (v x * v y))) + (ensures ( + let result:i16 = mont_mul_red_i16 x y in + is_i16b 3328 result /\ + v result % 3329 == (v x * v y * 169) % 3329)) + [SMTPat (mont_mul_red_i16 x y)] +let lemma_mont_mul_red_i16 x y = + if is_i16b 1664 y then ( + lemma_mul_intb (pow2 15) 1664 (v x) (v y); + assert(is_intb (3326 * pow2 15) (v x * v y)); + lemma_mont_mul_red_i16_int x y) + else lemma_mont_mul_red_i16_int x y + +let barrett_red (x:i16) = + let t1 = cast (((cast x <: i32) *. (cast 20159s <: i32)) >>! 16l) <: i16 in + let t2 = t1 +. 512s in + let q = t2 >>! 10l in + let qm = q *. 3329s in + x -. qm + +let lemma_barrett_red (x:i16) : Lemma + (requires (is_i16b 28296 x)) + (ensures (let result = barrett_red x in + is_i16b 3328 result /\ + v result % 3329 == v x % 3329)) + [SMTPat (barrett_red x)] + = admit() + +let cond_sub (x:i16) = + let xm = x -. 3329s in + let mask = xm >>! 15l in + let mm = mask &. 3329s in + xm +. mm + +let lemma_cond_sub x: + Lemma (let r = cond_sub x in + if x >=. 3329s then r == x -! 3329s else r == x) + [SMTPat (cond_sub x)] + = admit() + +let lemma_shift_right_15_i16 (x:i16): + Lemma (if v x >= 0 then (x >>! 15l) == 0s else (x >>! 15l) == -1s) = + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s; + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s); + () diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index a709a62e7..2199a9412 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -231,8 +231,9 @@ fn encapsulate< (ciphertext, shared_secret_array) } +/// This code verifies on some machines, runs out of memory on others #[hax_lib::fstar::options("--z3rlimit 500")] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index fe0749390..4673dca06 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -291,6 +291,7 @@ pub(crate) fn generate_keypair< /// Call [`compress_then_serialize_ring_element_u`] on each ring element. #[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 12b60f3cf..6693e3343 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -1,6 +1,6 @@ use crate::{ hax_utils::hax_debug_assert, - polynomial::{PolynomialRingElement, ZETAS_TIMES_MONTGOMERY_R}, + polynomial::{PolynomialRingElement, get_zeta}, vector::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}, }; @@ -16,10 +16,10 @@ pub(crate) fn invert_ntt_at_layer_1( *zeta_i -= 1; re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 1], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 2], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 3], + get_zeta (*zeta_i), + get_zeta (*zeta_i - 1), + get_zeta (*zeta_i - 2), + get_zeta (*zeta_i - 3), ); *zeta_i -= 3; } @@ -38,8 +38,8 @@ pub(crate) fn invert_ntt_at_layer_2( *zeta_i -= 1; re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 1], + get_zeta (*zeta_i), + get_zeta (*zeta_i - 1), ); *zeta_i -= 1; } @@ -57,7 +57,7 @@ pub(crate) fn invert_ntt_at_layer_3( for round in 0..16 { *zeta_i -= 1; re.coefficients[round] = - Vector::inv_ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); + Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); } () } @@ -94,7 +94,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], + get_zeta (*zeta_i), ); re.coefficients[j] = x; re.coefficients[j + step_vec] = y; diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 88916a625..98f4ceeda 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -9,34 +9,31 @@ use super::{ // Kyber 512 parameters const RANK_512: usize = 2; -const RANKED_BYTES_PER_RING_ELEMENT_512: usize = RANK_512 * BITS_PER_RING_ELEMENT / 8; -const T_AS_NTT_ENCODED_SIZE_512: usize = - (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; +const RANKED_BYTES_PER_RING_ELEMENT_512: usize = 768; +const T_AS_NTT_ENCODED_SIZE_512: usize = 768; const VECTOR_U_COMPRESSION_FACTOR_512: usize = 10; // [hax]: hacspec/hacspec-v2#27 stealing error // block_len::() -const C1_BLOCK_SIZE_512: usize = - (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8; +const C1_BLOCK_SIZE_512: usize = 320; // [hax]: hacspec/hacspec-v2#27 stealing error // serialized_len::() -const C1_SIZE_512: usize = C1_BLOCK_SIZE_512 * RANK_512; +const C1_SIZE_512: usize = 640; const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4; // [hax]: hacspec/hacspec-v2#27 stealing error // block_len::() -const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8; -const CPA_PKE_SECRET_KEY_SIZE_512: usize = - (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; -const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512; -pub(crate) const SECRET_KEY_SIZE_512: usize = - CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; +const C2_SIZE_512: usize = 128; +const CPA_PKE_SECRET_KEY_SIZE_512: usize = 768; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = 800; +const CPA_PKE_CIPHERTEXT_SIZE_512: usize = 768; + +pub(crate) const SECRET_KEY_SIZE_512: usize = 1632; const ETA1: usize = 3; -const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64; +const ETA1_RANDOMNESS_SIZE: usize = 192; const ETA2: usize = 2; -const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64; +const ETA2_RANDOMNESS_SIZE: usize = 128; -const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_512; +const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = 800; // Kyber 512 types /// An ML-KEM 512 Ciphertext diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index d33d9c077..aadcf07ac 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -1,6 +1,6 @@ use crate::{ hax_utils::hax_debug_assert, - polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, ZETAS_TIMES_MONTGOMERY_R}, + polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, get_zeta}, vector::{montgomery_multiply_fe, Operations}, }; @@ -17,10 +17,10 @@ pub(crate) fn ntt_at_layer_1( *zeta_i += 1; re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 1], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 2], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 3], + get_zeta (*zeta_i), + get_zeta (*zeta_i + 1), + get_zeta (*zeta_i + 2), + get_zeta (*zeta_i + 3), ); *zeta_i += 3; } @@ -40,8 +40,8 @@ pub(crate) fn ntt_at_layer_2( *zeta_i += 1; re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 1], + get_zeta (*zeta_i), + get_zeta (*zeta_i + 1), ); *zeta_i += 1; } @@ -60,7 +60,7 @@ pub(crate) fn ntt_at_layer_3( for round in 0..16 { *zeta_i += 1; re.coefficients[round] = - Vector::ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); + Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); } () } @@ -99,7 +99,7 @@ pub(crate) fn ntt_at_layer_4_plus( let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], + get_zeta (*zeta_i), ); re.coefficients[j] = x; re.coefficients[j + step_vec] = y; @@ -130,12 +130,12 @@ pub(crate) fn ntt_binomially_sampled_ring_element( ntt_at_layer_7(re); let mut zeta_i = 1; - ntt_at_layer_4_plus(&mut zeta_i, re, 6, 3); - ntt_at_layer_4_plus(&mut zeta_i, re, 5, 3); - ntt_at_layer_4_plus(&mut zeta_i, re, 4, 3); - ntt_at_layer_3(&mut zeta_i, re, 3, 3); - ntt_at_layer_2(&mut zeta_i, re, 2, 3); - ntt_at_layer_1(&mut zeta_i, re, 1, 3); + ntt_at_layer_4_plus(&mut zeta_i, re, 6, 11207); + ntt_at_layer_4_plus(&mut zeta_i, re, 5, 11207+3328); + ntt_at_layer_4_plus(&mut zeta_i, re, 4, 11207+2*3328); + ntt_at_layer_3(&mut zeta_i, re, 3, 11207+3*3328); + ntt_at_layer_2(&mut zeta_i, re, 2, 11207+4*3328); + ntt_at_layer_1(&mut zeta_i, re, 1, 11207+5*3328); re.poly_barrett_reduce() } @@ -151,12 +151,12 @@ pub(crate) fn ntt_vector_u i16 { + ZETAS_TIMES_MONTGOMERY_R[i] +} pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; @@ -56,6 +65,7 @@ impl PolynomialRingElement { /// sum of their constituent coefficients. #[inline(always)] pub(crate) fn add_to_ring_element(&mut self, rhs: &Self) { + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..self.coefficients.len() { @@ -66,6 +76,8 @@ impl PolynomialRingElement { #[inline(always)] pub fn poly_barrett_reduce(&mut self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { @@ -76,6 +88,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn subtract_reduce(&self, mut b: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441); @@ -87,6 +101,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); @@ -116,6 +132,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -132,6 +150,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_standard_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -187,6 +207,8 @@ impl PolynomialRingElement { // ))))] #[inline(always)] pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // hax_debug_debug_assert!(lhs // .coefficients // .into_iter() @@ -195,21 +217,13 @@ impl PolynomialRingElement { let mut out = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { - // hax_lib::assert!(64 + 4 * i < 128); - // hax_lib::assert!(64 + 4 * i + 1 < 128); - // hax_lib::assert!(64 + 4 * i + 2 < 128); - // hax_lib::assert!(64 + 4 * i + 3 < 128); - hax_lib::fstar!("assert(64 + 4 * v $i < 128); - assert(64 + 4 * v $i + 1 < 128); - assert(64 + 4 * v $i + 2 < 128); - assert(64 + 4 * v $i + 3 < 128)"); out.coefficients[i] = Vector::ntt_multiply( &self.coefficients[i], &rhs.coefficients[i], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 1], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 2], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 3], + get_zeta (64 + 4 * i), + get_zeta (64 + 4 * i + 1), + get_zeta (64 + 4 * i + 2), + get_zeta (64 + 4 * i + 3), ); } diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 81d126afa..094334c58 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -1,5 +1,5 @@ use crate::{ - constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, hax_utils::hax_debug_assert, + constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, helper::cloop, polynomial::PolynomialRingElement, vector::Operations, }; @@ -71,6 +71,7 @@ fn sample_from_uniform_distribution_next>( seeds: [[u8; 34]; K], ) -> [PolynomialRingElement; K] { @@ -151,16 +152,19 @@ pub(super) fn sample_from_xof. -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 2 * 64))] +#[hax_lib::requires(randomness.len() == 2 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 2 // ))))] #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 800")] fn sample_from_binomial_distribution_2( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length $randomness == 128)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -172,12 +176,21 @@ fn sample_from_binomial_distribution_2( let even_bits = random_bits_as_u32 & 0x55555555; let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555; + hax_lib::fstar!("logand_lemma $random_bits_as_u32 1431655765ul; + logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul"); let coin_toss_outcomes = even_bits + odd_bits; cloop! { for outcome_set in (0..u32::BITS).step_by(4) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 3); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 3); + assert (v $chunk_number <= 31); + assert (v (sz 8 *! $chunk_number <: usize) <= 248); + assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"); let offset = (outcome_set >> 2) as usize; sampled_i16s[8 * chunk_number + offset] = outcome_1 - outcome_2; @@ -188,16 +201,19 @@ fn sample_from_binomial_distribution_2( PolynomialRingElement::from_i16_array(&sampled_i16s) } -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 3 * 64))] +#[hax_lib::requires(randomness.len() == 3 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3 // ))))] #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 800")] fn sample_from_binomial_distribution_3( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length $randomness == 192)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -208,6 +224,9 @@ fn sample_from_binomial_distribution_3( let first_bits = random_bits_as_u24 & 0x00249249; let second_bits = (random_bits_as_u24 >> 1) & 0x00249249; let third_bits = (random_bits_as_u24 >> 2) & 0x00249249; + hax_lib::fstar!("logand_lemma $random_bits_as_u24 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul"); let coin_toss_outcomes = first_bits + second_bits + third_bits; @@ -215,6 +234,13 @@ fn sample_from_binomial_distribution_3( for outcome_set in (0..24).step_by(6) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 7); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 7); + assert (v $chunk_number <= 63); + assert (v (sz 4 *! $chunk_number <: usize) <= 252); + assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"); let offset = (outcome_set / 6) as usize; sampled_i16s[4 * chunk_number + offset] = outcome_1 - outcome_2; @@ -226,11 +252,13 @@ fn sample_from_binomial_distribution_3( } #[inline(always)] +#[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)] pub(super) fn sample_from_binomial_distribution( randomness: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(randomness.len() == ETA * 64); - + hax_lib::fstar!("assert ( + (v (cast $ETA <: u32) == 2) \\/ + (v (cast $ETA <: u32) == 3))"); match ETA as u32 { 2 => sample_from_binomial_distribution_2(randomness), 3 => sample_from_binomial_distribution_3(randomness), diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 57f05368a..020103722 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -6,6 +6,7 @@ use crate::{ }; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn compress_then_serialize_message( re: PolynomialRingElement, ) -> [u8; SHARED_SECRET_SIZE] { @@ -21,6 +22,7 @@ pub(super) fn compress_then_serialize_message( serialized } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn deserialize_then_decompress_message( serialized: [u8; SHARED_SECRET_SIZE], ) -> PolynomialRingElement { @@ -33,6 +35,7 @@ pub(super) fn deserialize_then_decompress_message( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn serialize_uncompressed_ring_element( re: &PolynomialRingElement, ) -> [u8; BYTES_PER_RING_ELEMENT] { @@ -69,6 +72,7 @@ pub(super) fn deserialize_to_uncompressed_ring_element( /// /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == BYTES_PER_RING_ELEMENT )] @@ -115,6 +119,7 @@ pub(super) fn deserialize_ring_elements_reduced< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 320 )] @@ -133,6 +138,7 @@ fn compress_then_serialize_10( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 352 )] @@ -173,6 +179,7 @@ pub(super) fn compress_then_serialize_ring_element_u< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 128 )] @@ -195,6 +202,7 @@ fn compress_then_serialize_4( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 160 )] diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index e5a205174..2649ab808 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -69,24 +69,36 @@ impl Operations for SIMD256Vector { vec_to_i16_array(x) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] fn add(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::add(lhs.elements, rhs.elements), } } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] fn sub(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::sub(lhs.elements, rhs.elements), } } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self { + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self { Self { - elements: arithmetic::multiply_by_constant(v.elements, c), + elements: arithmetic::multiply_by_constant(vec.elements, c), } } @@ -105,7 +117,7 @@ impl Operations for SIMD256Vector { } } - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"))] #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { Self { @@ -120,7 +132,7 @@ impl Operations for SIMD256Vector { } } - #[requires(fstar!("Spec.Utils.is_i16b 3328 $constant"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 $constant"))] fn montgomery_multiply_by_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::montgomery_multiply_by_constant(vector.elements, constant), @@ -153,49 +165,67 @@ impl Operations for SIMD256Vector { } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::ntt_layer_3_step(vector.elements, zeta), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, rhs: &Self, @@ -303,6 +333,10 @@ impl Operations for SIMD256Vector { } } + #[requires(input.len() == 24 && output.len() == 16)] + #[ensures(|result| + fstar!("Seq.length $output_future == Seq.length $output /\\ v $result <= 16") + )] fn rej_sample(input: &[u8], output: &mut [i16]) -> usize { sampling::rejection_sample(input, output) } diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index e080f5553..3dd5be929 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,45 +3,87 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] +#[hax_lib::fstar::before(interface,"open Libcrux_intrinsics.Avx2_extract")] +#[hax_lib::fstar::before(" +let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) + (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) + v (get_lane rhs i)))) + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (get_lane $result i) == (v (get_lane $lhs i) + v (get_lane $rhs i))"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { - mm256_add_epi16(lhs, rhs) + let result = mm256_add_epi16(lhs, rhs); + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i))"); + result } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (-.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] +#[hax_lib::fstar::before(" +let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) + (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) - v (get_lane rhs i)))) + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (get_lane $result i) == (v (get_lane $lhs i) - v (get_lane $rhs i))"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { - mm256_sub_epi16(lhs, rhs) + let result = mm256_sub_epi16(lhs, rhs); + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i))"); + result } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] +#[hax_lib::fstar::before(" +let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) + (ensures (v (mul_mod (get_lane lhs i) c) == + (v (get_lane lhs i) * v c))) + [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()")] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (get_lane $result i) == (v (get_lane $vector i) * v constant)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { - mm256_mullo_epi16(vector, mm256_set1_epi16(constant)) + let cv = mm256_set1_epi16(constant); + let result = mm256_mullo_epi16(vector, cv); + hax_lib::fstar!("Seq.lemma_eq_intro (vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane vector i *. constant); + assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); + assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)"); + result } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 { - mm256_and_si256(vector, mm256_set1_epi16(constant)) + let cv = mm256_set1_epi16(constant); + let result = mm256_and_si256(vector, cv); + hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + result } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { - mm256_srai_epi16::<{ SHIFT_BY }>(vector) + let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector); + hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + result } // #[inline(always)] @@ -50,20 +92,32 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { // } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + get_lane $result i == + (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - + hax_lib::fstar!("assert (forall i. get_lane $field_modulus i == 3329s)"); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + hax_lib::fstar!("assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)"); + let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); + hax_lib::fstar!("assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))"); // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); - mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus) + hax_lib::fstar!("assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. 3329s))"); + + let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); + hax_lib::fstar!("assert (forall i. get_lane $result i == (get_lane $v_minus_field_modulus i +. get_lane $conditional_add_field_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.cond_sub (get_lane $vector i)); + assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i))"); + + result } const BARRETT_MULTIPLIER: i16 = 20159; @@ -71,57 +125,138 @@ const BARRETT_MULTIPLIER: i16 = 20159; /// See Section 3.2 of the implementation notes document for an explanation /// of this code. #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + (v (get_lane $vector i) % 3329))")))] pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { - let t = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); - let t = mm256_add_epi16(t, mm256_set1_epi16(512)); - - let quotient = mm256_srai_epi16::<10>(t); - + let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); + hax_lib::fstar!("assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"); + let t1 = mm256_add_epi16(t0, mm256_set1_epi16(512)); + hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"); + let quotient = mm256_srai_epi16::<10>(t1); + hax_lib::fstar!("assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))"); let quotient_times_field_modulus = mm256_mullo_epi16(quotient, mm256_set1_epi16(FIELD_MODULUS)); - - mm256_sub_epi16(vector, quotient_times_field_modulus) + hax_lib::fstar!("assert (forall i. get_lane $quotient_times_field_modulus i == + get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)"); + let result = mm256_sub_epi16(vector, quotient_times_field_modulus); + hax_lib::fstar!("assert (forall i. get_lane $result i == + get_lane $vector i -. get_lane $quotient_times_field_modulus i); + assert (forall i. get_lane $result i == Spec.Utils.barrett_red (get_lane $vector i)); + assert (forall i. v (get_lane $result i) % 3329 == v (get_lane $vector i) % 3329); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result))"); + result } #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vector i) * v constant * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { - let constant = mm256_set1_epi16(constant); - let value_low = mm256_mullo_epi16(vector, constant); - + let vec_constant = mm256_set1_epi16(constant); + hax_lib::fstar!("assert (forall i. get_lane $vec_constant i == $constant)"); + let value_low = mm256_mullo_epi16(vector, vec_constant); + hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vector i *. $constant)"); let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi16(FIELD_MODULUS)); + hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); + let modulus = mm256_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); + let k_times_modulus = mm256_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); + assert (forall i. get_lane $k_times_modulus i == + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); + + let value_high = mm256_mulhi_epi16(vector, vec_constant); + hax_lib::fstar!("assert (forall i. get_lane $value_high i == + (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm256_mulhi_epi16(vector, constant); - - mm256_sub_epi16(value_high, k_times_modulus) + let result = mm256_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vector i) $constant); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v $constant * 169) % 3329))"); + result } #[inline(always)] -pub(crate) fn montgomery_multiply_by_constants(v: Vec256, c: Vec256) -> Vec256 { - let value_low = mm256_mullo_epi16(v, c); - +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))] +pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 { + let value_low = mm256_mullo_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)"); + let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi16(FIELD_MODULUS)); + hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); + + let modulus = mm256_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); - let value_high = mm256_mulhi_epi16(v, c); + let k_times_modulus = mm256_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); + assert (forall i. get_lane $k_times_modulus i == + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); - mm256_sub_epi16(value_high, k_times_modulus) + + let value_high = mm256_mulhi_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane $value_high i == + (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"); + + let result = mm256_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vec i) (get_lane $constants i)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); + result } #[inline(always)] -pub(crate) fn montgomery_reduce_i32s(v: Vec256) -> Vec256 { +#[hax_lib::fstar::verification_status(panic_free)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (3328 * pow2 16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (Spec.Utils.is_i16b_array (3328 * pow2 15) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec) ==> + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vec i) * 169) % 3329))")))] +pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 { let k = mm256_mullo_epi16( - v, + vec, mm256_set1_epi32(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32), ); let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi32(FIELD_MODULUS as i32)); - let value_high = mm256_srli_epi32::<16>(v); + let value_high = mm256_srli_epi32::<16>(vec); let result = mm256_sub_epi16(value_high, k_times_modulus); @@ -131,16 +266,49 @@ pub(crate) fn montgomery_reduce_i32s(v: Vec256) -> Vec256 { } #[inline(always)] -pub(crate) fn montgomery_multiply_m128i_by_constants(v: Vec128, c: Vec128) -> Vec128 { - let value_low = mm_mullo_epi16(v, c); +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\\ + (forall i. i < 8 ==> v (get_lane128 $result i) % 3329 == + ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))")))] +pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 { + let value_low = mm_mullo_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)"); + let k = mm_mullo_epi16( value_low, mm_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm_mulhi_epi16(k, mm_set1_epi16(FIELD_MODULUS)); - - let value_high = mm_mulhi_epi16(v, c); - - mm_sub_epi16(value_high, k_times_modulus) + hax_lib::fstar!("assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))"); + + let modulus = mm_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane128 $modulus i == 3329s)"); + + let k_times_modulus = mm_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $modulus)); + assert (forall i. get_lane128 $k_times_modulus i == + (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"); + + + let value_high = mm_mulhi_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane128 $value_high i == + (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"); + + let result = mm_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane128 $result i == (get_lane128 $value_high i) -. (get_lane128 $k_times_modulus i)); + assert (forall i. get_lane128 $result i == Spec.Utils.mont_mul_red_i16 (get_lane128 $vec i) (get_lane128 $constants i)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i)); + assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); + assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); + + result } diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index 8ad12720d..437c6a473 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -56,6 +56,7 @@ pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn inv_ntt_layer_1_step( vector: Vec256, diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index 2fd73a55b..1f3565b40 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -5,6 +5,11 @@ use super::{ }; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(input.len() == 24 && output.len() == 16)] +#[hax_lib::ensures(|res| + fstar!("Seq.length $output_future == Seq.length $output /\\ v $res <= 16") + )] pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 1b34df9bc..6f9ca5d53 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -22,8 +22,9 @@ impl crate::vector::traits::Repr for PortableVector { } } -#[hax_lib::attributes] -#[hax_lib::fstar::options("--z3rlimit 300")] +#[hax_lib::fstar::before(interface, r#"#push-options "--admit_smt_queries true""#)] +#[hax_lib::fstar::after(interface, r#"#pop-options"#)] +#[hax_lib::attributes] impl Operations for PortableVector { #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { @@ -41,19 +42,31 @@ impl Operations for PortableVector { to_i16_array(x) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] fn sub(lhs: Self, rhs: &Self) -> Self { sub(lhs, rhs) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self { - multiply_by_constant(v, c) + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${vec}.f_elements i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self { + multiply_by_constant(vec, c) } #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] @@ -67,7 +80,7 @@ impl Operations for PortableVector { shift_right::<{ SHIFT_BY }>(v) } - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $v)"))] #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) @@ -78,7 +91,7 @@ impl Operations for PortableVector { barrett_reduce(v) } - #[requires(fstar!("Spec.Utils.is_i16b 3328 $r"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 $r"))] fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self { montgomery_multiply_by_constant(v, r) } @@ -99,30 +112,56 @@ impl Operations for PortableVector { decompress_ciphertext_coefficient::(v) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { ntt_layer_2_step(a, zeta0, zeta1) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self { ntt_layer_3_step(a, zeta) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { inv_ntt_layer_2_step(a, zeta0, zeta1) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self { inv_ntt_layer_3_step(a, zeta) } + + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, rhs: &Self, @@ -137,6 +176,7 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } @@ -151,6 +191,7 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); serialize_4(a) } @@ -208,6 +249,10 @@ impl Operations for PortableVector { deserialize_12(a) } + #[requires(a.len() == 24 && out.len() == 16)] + #[ensures(|result| + fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16") + )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { rej_sample(a, out) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 00e5bf81f..54a7b150f 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -40,82 +40,119 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] +#[hax_lib::fstar::options("--z3rlimit 150")] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == + (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\\ + (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); + lhs.elements[i] += rhs.elements[i]; } - + hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) == + v (Seq.index ${_lhs0}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"); lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == + (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\\ + (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); + lhs.elements[i] -= rhs.elements[i]; } - + hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) == + v (Seq.index ${_lhs0}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"); lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${v}.f_elements)"))] -pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${vec}.f_elements i) * v c)"))] +pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i].wrapping_mul(c); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == + (Seq.index ${_vec0}.f_elements j) *! c) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); + vec.elements[i] *= c; } - - v + hax_lib::fstar!("assert (forall i. v (Seq.index ${vec}.f_elements i) == + v (Seq.index ${_vec0}.f_elements i) * v c)"); + vec } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${v}.f_elements)"))] -pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${vec}.f_elements)"))] +pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] &= c; + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (Seq.index ${_vec0}.f_elements j &. c)) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + vec.elements[i] &= c; } - - v + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)"); + vec } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] -#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${v}.f_elements)"))] -pub fn shift_right(mut v: PortableVector) -> PortableVector { +#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> + ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"))] +pub fn shift_right(mut vec: PortableVector) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i] >> SHIFT_BY; + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + vec.elements[i] = vec.elements[i] >> SHIFT_BY; } - - v + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)"); + vec } -// #[inline(always)] -// pub fn shift_left(mut lhs: PortableVector) -> PortableVector { -// for i in 0..FIELD_ELEMENTS_IN_VECTOR { -// lhs.elements[i] = lhs.elements[i] << SHIFT_BY; -// } - -// lhs -// } - +/// Note: This function is not secret independent +/// Only use with public values. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${v}.f_elements)"))] - pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { - let _vec0 = v; +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array + (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))] +pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${v}.f_elements == Seq.length ${_vec0}.f_elements")}); - if v.elements[i] >= 3329 { - v.elements[i] -= 3329 + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (let x = Seq.index ${_vec0}.f_elements j in + if x >=. 3329s then x -! 3329s else x)) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + if vec.elements[i] >= 3329 { + vec.elements[i] -= 3329 } } - v + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array + (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"); + vec } /// Signed Barrett Reduction @@ -159,16 +196,26 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 vec.f_elements")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 result.f_elements /\\ - Spec.MLKEM.Math.to_spec_array result.f_elements == Spec.MLKEM.Math.to_spec_array vec.f_elements")))] +#[hax_lib::fstar::options("--z3rlimit 150")] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 ${vec}.f_elements")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ + (forall i. (v (Seq.index ${result}.f_elements i) % 3329) == + (v (Seq.index ${vec}.f_elements i) % 3329))")))] pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${vec}.f_elements == Seq.length ${_vec0}.f_elements /\\ - (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j))") }); - vec.elements[i] = barrett_reduce_element(vec.elements[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\ + v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\ + Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))") }); + let vi = barrett_reduce_element(vec.elements[i]); + vec.elements[i] = vi; + hax_lib::fstar!("assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert(Spec.Utils.is_i16b 3328 vi); + assert(Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j))"); } vec } @@ -189,7 +236,7 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { #[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ - (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\\ + (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\\ v result % 3329 == (v value * 169) % 3329")))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code @@ -217,13 +264,13 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { hax_lib::fstar!("assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); - assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); + Spec.Utils.lemma_div_at_percent (v value) (pow2 16); assert (v value_high == (v value / pow2 16)); assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert(Spec.Utils.is_i16b 3328 value_high)"); let res = value_high - c; hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)"); - hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res)"); + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res)"); hax_lib::fstar!("calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } @@ -271,24 +318,36 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { /// `x ยท y ยท MONTGOMERY_R * MONTGOMERY_R^{-1} โ‰ก x ยท y (mod FIELD_MODULUS)`. #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 300")] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 fer")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\ v result % 3329 == (v fe * v fer * 169) % 3329")))] pub(crate) fn montgomery_multiply_fe_by_fer( fe: FieldElement, fer: FieldElementTimesMontgomeryR, ) -> FieldElement { - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer"); let product = (fe as i32) * (fer as i32); montgomery_reduce_element(product) } #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 150")] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 c")))] -pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 c")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(" +Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ +(forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) % 3329 == + (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))")))] +pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = montgomery_multiply_fe_by_fer(v.elements[i], c) + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> + (let vecj = Seq.index ${vec}.f_elements j in + (Spec.Utils.is_i16b 3328 vecj /\\ + v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); + vec.elements[i] = montgomery_multiply_fe_by_fer(vec.elements[i], c) } - v + vec } diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index d6eb66396..096c9fb7b 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -2,111 +2,172 @@ use super::arithmetic::*; use super::vector_type::*; #[inline(always)] -pub(crate) fn ntt_step(v: &mut PortableVector, zeta: i16, i: usize, j: usize) { - let t = montgomery_multiply_fe_by_fer(v.elements[j], zeta); - v.elements[j] = v.elements[i] - t; - v.elements[i] = v.elements[i] + t; +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==> + Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ + (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ + Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> + (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ + Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j]))"))] +pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { + let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); + vec.elements[j] = vec.elements[i] - t; + vec.elements[i] = vec.elements[i] + t; } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) ${result}.f_elements"))] pub(crate) fn ntt_layer_1_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, ) -> PortableVector { - ntt_step(&mut v, zeta0, 0, 2); - ntt_step(&mut v, zeta0, 1, 3); - ntt_step(&mut v, zeta1, 4, 6); - ntt_step(&mut v, zeta1, 5, 7); - ntt_step(&mut v, zeta2, 8, 10); - ntt_step(&mut v, zeta2, 9, 11); - ntt_step(&mut v, zeta3, 12, 14); - ntt_step(&mut v, zeta3, 13, 15); - v + ntt_step(&mut vec, zeta0, 0, 2); + ntt_step(&mut vec, zeta0, 1, 3); + ntt_step(&mut vec, zeta1, 4, 6); + ntt_step(&mut vec, zeta1, 5, 7); + ntt_step(&mut vec, zeta2, 8, 10); + ntt_step(&mut vec, zeta2, 9, 11); + ntt_step(&mut vec, zeta3, 12, 14); + ntt_step(&mut vec, zeta3, 13, 15); + vec } #[inline(always)] -pub(crate) fn ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { - ntt_step(&mut v, zeta0, 0, 4); - ntt_step(&mut v, zeta0, 1, 5); - ntt_step(&mut v, zeta0, 2, 6); - ntt_step(&mut v, zeta0, 3, 7); - ntt_step(&mut v, zeta1, 8, 12); - ntt_step(&mut v, zeta1, 9, 13); - ntt_step(&mut v, zeta1, 10, 14); - ntt_step(&mut v, zeta1, 11, 15); - v +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) ${result}.f_elements"))] +pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { + ntt_step(&mut vec, zeta0, 0, 4); + ntt_step(&mut vec, zeta0, 1, 5); + ntt_step(&mut vec, zeta0, 2, 6); + ntt_step(&mut vec, zeta0, 3, 7); + ntt_step(&mut vec, zeta1, 8, 12); + ntt_step(&mut vec, zeta1, 9, 13); + ntt_step(&mut vec, zeta1, 10, 14); + ntt_step(&mut vec, zeta1, 11, 15); + vec } #[inline(always)] -pub(crate) fn ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - ntt_step(&mut v, zeta, 0, 8); - ntt_step(&mut v, zeta, 1, 9); - ntt_step(&mut v, zeta, 2, 10); - ntt_step(&mut v, zeta, 3, 11); - ntt_step(&mut v, zeta, 4, 12); - ntt_step(&mut v, zeta, 5, 13); - ntt_step(&mut v, zeta, 6, 14); - ntt_step(&mut v, zeta, 7, 15); - v +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) ${result}.f_elements"))] +pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { + ntt_step(&mut vec, zeta, 0, 8); + ntt_step(&mut vec, zeta, 1, 9); + ntt_step(&mut vec, zeta, 2, 10); + ntt_step(&mut vec, zeta, 3, 11); + ntt_step(&mut vec, zeta, 4, 12); + ntt_step(&mut vec, zeta, 5, 13); + ntt_step(&mut vec, zeta, 6, 14); + ntt_step(&mut vec, zeta, 7, 15); + vec } #[inline(always)] -pub(crate) fn inv_ntt_step(v: &mut PortableVector, zeta: i16, i: usize, j: usize) { - let a_minus_b = v.elements[j] - v.elements[i]; - v.elements[i] = barrett_reduce_element(v.elements[i] + v.elements[j]); - v.elements[j] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ + (forall k. (k <> v i /\\ k <> v j) ==> + Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ + (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)))"))] +pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { + let a_minus_b = vec.elements[j] - vec.elements[i]; + let o0 = barrett_reduce_element(vec.elements[i] + vec.elements[j]); + let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + vec.elements[i] = o0; + vec.elements[j] = o1; } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_1_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, ) -> PortableVector { - inv_ntt_step(&mut v, zeta0, 0, 2); - inv_ntt_step(&mut v, zeta0, 1, 3); - inv_ntt_step(&mut v, zeta1, 4, 6); - inv_ntt_step(&mut v, zeta1, 5, 7); - inv_ntt_step(&mut v, zeta2, 8, 10); - inv_ntt_step(&mut v, zeta2, 9, 11); - inv_ntt_step(&mut v, zeta3, 12, 14); - inv_ntt_step(&mut v, zeta3, 13, 15); - v + inv_ntt_step(&mut vec, zeta0, 0, 2); + inv_ntt_step(&mut vec, zeta0, 1, 3); + inv_ntt_step(&mut vec, zeta1, 4, 6); + inv_ntt_step(&mut vec, zeta1, 5, 7); + inv_ntt_step(&mut vec, zeta2, 8, 10); + inv_ntt_step(&mut vec, zeta2, 9, 11); + inv_ntt_step(&mut vec, zeta3, 12, 14); + inv_ntt_step(&mut vec, zeta3, 13, 15); + hax_lib::fstar!( + "assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 13)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 15)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 12)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 14)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 9)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 11)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 8)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 10)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 5)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 7)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 4)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 6)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 1)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 3)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 0)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 2)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))"); + vec } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_2_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, ) -> PortableVector { - inv_ntt_step(&mut v, zeta0, 0, 4); - inv_ntt_step(&mut v, zeta0, 1, 5); - inv_ntt_step(&mut v, zeta0, 2, 6); - inv_ntt_step(&mut v, zeta0, 3, 7); - inv_ntt_step(&mut v, zeta1, 8, 12); - inv_ntt_step(&mut v, zeta1, 9, 13); - inv_ntt_step(&mut v, zeta1, 10, 14); - inv_ntt_step(&mut v, zeta1, 11, 15); - v + inv_ntt_step(&mut vec, zeta0, 0, 4); + inv_ntt_step(&mut vec, zeta0, 1, 5); + inv_ntt_step(&mut vec, zeta0, 2, 6); + inv_ntt_step(&mut vec, zeta0, 3, 7); + inv_ntt_step(&mut vec, zeta1, 8, 12); + inv_ntt_step(&mut vec, zeta1, 9, 13); + inv_ntt_step(&mut vec, zeta1, 10, 14); + inv_ntt_step(&mut vec, zeta1, 11, 15); + vec } #[inline(always)] -pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - inv_ntt_step(&mut v, zeta, 0, 8); - inv_ntt_step(&mut v, zeta, 1, 9); - inv_ntt_step(&mut v, zeta, 2, 10); - inv_ntt_step(&mut v, zeta, 3, 11); - inv_ntt_step(&mut v, zeta, 4, 12); - inv_ntt_step(&mut v, zeta, 5, 13); - inv_ntt_step(&mut v, zeta, 6, 14); - inv_ntt_step(&mut v, zeta, 7, 15); - v +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] +pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { + inv_ntt_step(&mut vec, zeta, 0, 8); + inv_ntt_step(&mut vec, zeta, 1, 9); + inv_ntt_step(&mut vec, zeta, 2, 10); + inv_ntt_step(&mut vec, zeta, 3, 11); + inv_ntt_step(&mut vec, zeta, 4, 12); + inv_ntt_step(&mut vec, zeta, 5, 13); + inv_ntt_step(&mut vec, zeta, 6, 14); + inv_ntt_step(&mut vec, zeta, 7, 15); + vec } /// Compute the product of two Kyber binomials with respect to the @@ -130,6 +191,29 @@ pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> Portable /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always --query_stats")] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ + Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] +#[hax_lib::ensures(|()| fstar!(" + Spec.Utils.is_i16b_array 3328 ${out}.f_elements /\\ + (forall k. (k <> v $i /\\ k <> v $j) ==> + Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ + (let ai = Seq.index ${a}.f_elements (v $i) in + let aj = Seq.index ${a}.f_elements (v $j) in + let bi = Seq.index ${b}.f_elements (v $i) in + let bj = Seq.index ${b}.f_elements (v $j) in + let oi = Seq.index out_future.f_elements (v $i) in + let oj = Seq.index out_future.f_elements (v $j) in + let (x,y) = + Spec.MLKEM.Math.poly_base_case_multiply + (v ai % 3329) + (v aj % 3329) + (v bi % 3329) + (v bj % 3329) + ((v zeta * 169) % 3329) in + ((x * 169) % 3329 == v oi % 3329) /\\ + (y * 169) % 3329 == v oj % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, @@ -138,17 +222,64 @@ pub(crate) fn ntt_multiply_binomials( j: usize, out: &mut PortableVector, ) { - let o0 = montgomery_reduce_element( - (a.elements[i] as i32) * (b.elements[i] as i32) - + (montgomery_reduce_element((a.elements[j] as i32) * (b.elements[j] as i32)) as i32) - * (zeta as i32), - ); - let o1 = montgomery_reduce_element( - (a.elements[i] as i32) * (b.elements[j] as i32) - + (a.elements[j] as i32) * (b.elements[i] as i32), - ); + let ai = a.elements[i]; + let bi = b.elements[i]; + let aj = a.elements[j]; + let bj = b.elements[j]; + hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai); + assert(Spec.Utils.is_i16b 3328 $bi); + assert(Spec.Utils.is_i16b 3328 $aj); + assert(Spec.Utils.is_i16b 3328 $bj); + assert_norm (3328 * 3328 < pow2 31)"); + + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi"); + let ai_bi = (ai as i32) * (bi as i32); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj"); + let aj_bj_ = (aj as i32) * (bj as i32); + hax_lib::fstar!("assert_norm (3328 * 3328 <= 3328 * pow2 15)"); + let aj_bj = montgomery_reduce_element(aj_bj_); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"); + let aj_bj_zeta = (aj_bj as i32) * (zeta as i32); + let ai_bi_aj_bj = ai_bi + aj_bj_zeta; + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj)"); + hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15)"); + let o0 = montgomery_reduce_element(ai_bi_aj_bj); + hax_lib::fstar!("calc ( == ) { + v $o0 % 3329; + ( == ) { () } + (v $ai_bi_aj_bj * 169) % 3329; + ( == ) { assert(v $ai_bi_aj_bj == v $ai_bi + v $aj_bj_zeta) } + ((v $ai_bi + v $aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v $aj_bj_zeta == v $aj_bj * v $zeta) } + (((v $ai * v $bi) + (v $aj_bj * v $zeta)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } + ((((v $ai * v $bi) + (v $aj_bj * v $zeta)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj_bj * v zeta) 3329 } + (((v $ai * v $bi) + ((v $aj_bj * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } + (((v $ai * v $bi) + ((v $aj_bj % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v aj_bj % 3329 == (v $aj_bj_ * 169) % 3329) } + (((v $ai * v $bi) + (((v $aj_bj_ * 169) % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v $aj_bj_ == v $aj * v $bj) } + (((v $ai * v $bi) + (((v $aj * v $bj * 169) % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v $aj * v $bj * 169) (v $zeta) 3329 } + (((v $ai * v $bi) + (((v $aj * v $bj * 169 * v $zeta) % 3329))) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v $ai * v $bi) (v $aj * v $bj * 169 * v $zeta) 3329 } + (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) 169 3329 } + (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) * 169) % 3329; + }"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj"); + let ai_bj = (ai as i32) * (bj as i32); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi"); + let aj_bi = (aj as i32) * (bi as i32); + let ai_bj_aj_bi = ai_bj + aj_bi; + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) "); + hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); + let o1 = montgomery_reduce_element(ai_bj_aj_bi); out.elements[i] = o0; out.elements[j] = o1; + hax_lib::fstar!("admit()"); } // #[inline(always)] @@ -167,6 +298,14 @@ pub(crate) fn ntt_multiply_binomials( // } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\ + Spec.Utils.is_i16b 1664 $zeta1 /\\ + Spec.Utils.is_i16b 1664 $zeta2 /\\ + Spec.Utils.is_i16b 1664 $zeta3 /\\ + Spec.Utils.is_i16b_array 3228 ${lhs}.f_elements /\\ + Spec.Utils.is_i16b_array 3228 ${rhs}.f_elements "))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, rhs: &PortableVector, @@ -175,14 +314,23 @@ pub(crate) fn ntt_multiply( zeta2: i16, zeta3: i16, ) -> PortableVector { + let nzeta0 = -zeta0; + let nzeta1 = -zeta1; + let nzeta2 = -zeta2; + let nzeta3 = -zeta3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta0)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta1)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)"); let mut out = zero(); ntt_multiply_binomials(lhs, rhs, zeta0, 0, 1, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta0, 2, 3, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta0, 2, 3, &mut out); ntt_multiply_binomials(lhs, rhs, zeta1, 4, 5, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta1, 6, 7, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta1, 6, 7, &mut out); + hax_lib::fstar!("admit()"); ntt_multiply_binomials(lhs, rhs, zeta2, 8, 9, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta2, 10, 11, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta2, 10, 11, &mut out); ntt_multiply_binomials(lhs, rhs, zeta3, 12, 13, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta3, 14, 15, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta3, 14, 15, &mut out); out } diff --git a/libcrux-ml-kem/src/vector/portable/sampling.rs b/libcrux-ml-kem/src/vector/portable/sampling.rs index 87dacce97..13f6f9f33 100644 --- a/libcrux-ml-kem/src/vector/portable/sampling.rs +++ b/libcrux-ml-kem/src/vector/portable/sampling.rs @@ -1,6 +1,11 @@ use crate::vector::FIELD_MODULUS; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(a.len() == 24 && result.len() == 16)] +#[hax_lib::ensures(|res| + fstar!("Seq.length $result_future == Seq.length $result /\\ v $res <= 16") + )] pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { let mut sampled = 0; for i in 0..a.len() / 3 { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index f11137c50..32effc445 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -29,17 +29,26 @@ pub trait Operations: Copy + Clone + Repr { fn to_i16_array(x: Self) -> [i16; 16]; // Basic arithmetic - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (+.) (f_repr $lhs) (f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] fn add(lhs: Self, rhs: &Self) -> Self; - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (-.) (f_repr $lhs) (f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] fn sub(lhs: Self, rhs: &Self) -> Self; - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> x *. c) (f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self; + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${vec}) i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${vec}) i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self; // Bitwise operations #[requires(true)] @@ -52,14 +61,14 @@ pub trait Operations: Copy + Clone + Repr { // fn shift_left(v: Self) -> Self; // Modular operations - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (f_repr $v)"))] #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self; #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (f_repr $vector)"))] fn barrett_reduce(vector: Self) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 3328 c"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 c"))] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression @@ -73,21 +82,39 @@ pub trait Operations: Copy + Clone + Repr { fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (f_repr ${rhs}) "))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; @@ -128,7 +155,10 @@ pub trait Operations: Copy + Clone + Repr { #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"))] fn deserialize_12(a: &[u8]) -> Self; - #[requires(true)] + #[requires(a.len() == 24 && out.len() == 16)] + #[ensures(|result| + fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16") + )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } @@ -173,7 +203,7 @@ pub trait Operations: Copy + Clone { } // hax does not support trait with default implementations, so we use the following pattern -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $fer"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $fer"))] pub fn montgomery_multiply_fe(v: T, fer: i16) -> T { T::montgomery_multiply_by_constant(v, fer) } @@ -182,15 +212,37 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] +#[hax_lib::ensures(|result| fstar!("forall i. + (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in + (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); T::add(a, &fm) } -pub fn decompress_1(v: T) -> T { - hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s)"); // No idea why, but this helps F* typeclass inference - T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + (x == 0s \\/ x == 1s)"))] +pub fn decompress_1(vec: T) -> T { + let z = T::ZERO(); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + ((0 - v x) == 0 \\/ (0 - v x) == -1))"); + hax_lib::fstar!("assert(forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); + + let s = T::sub(z, &vec); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); + hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); + let res = T::bitwise_and_with_constant(s, 1665); + res } /// Internal vectors. diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..968a5585c 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.X86 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True)