More avx2.

formosa-crypto · Jan 29, 2025 · 5fe0667 · 5fe0667
1 parent c3765c8
commit 5fe0667
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 85 deletions.
diff --git a/avx2/common/polynomial.jinc b/avx2/common/polynomial.jinc
@@ -346,6 +346,4 @@ namespace polynomial {
 
         return highbits, lowbits;
     }
-
-
 }
diff --git a/avx2/common/verify.jinc b/avx2/common/verify.jinc
@@ -1,37 +1,34 @@
+// TODO: Ideally, we'd short circuit on failure.
 inline
 fn compare_commitment_hashes(stack u8[COMMITMENT_HASH_SIZE] lhs rhs) -> reg u64 {
-    // TODO: Short circuit on failure
-
-    reg u64 i;
-    reg u8 lhs_byte rhs_byte;
+    reg u128 lhs_bytes rhs_bytes;
+    reg u128 result_vec temp;
 
     reg u64 result;
+    reg u64 offset;
 
-    inline bool condition;
-
-    reg u64 msf = #init_msf();
-
-    result = 0;
+    offset = 0;
 
-    i = 0;
-    while { condition = i < COMMITMENT_HASH_SIZE; } (condition) {
-        msf = #update_msf(condition, msf);
+    lhs_bytes = lhs.[u128 offset];
+    rhs_bytes = rhs.[u128 offset];
+    result_vec = #VPCMPEQ_16u8(lhs_bytes, rhs_bytes);
+    offset += 16;
 
-        lhs_byte = lhs[i];
-        lhs_byte = #protect_8(lhs_byte, msf);
+    while (offset < COMMITMENT_HASH_SIZE) {
+        lhs_bytes = lhs.[u128 offset];
+        rhs_bytes = rhs.[u128 offset];
 
-        rhs_byte = rhs[i];
-        rhs_byte = #protect_8(rhs_byte, msf);
+        temp = #VPCMPEQ_16u8(lhs_bytes, rhs_bytes);
+        result_vec = #VPAND_128(result_vec, temp);
 
-        condition = lhs_byte != rhs_byte;
-        if (condition) {
-            msf = #update_msf(condition, msf);
-            result |= (64u)-1;
-        } else {
-            msf = #update_msf(!condition, msf);
-        }
+        offset += 16;
+    }
 
-        i += 1;
+    result = #VPMOVMSKB_u128u64(result_vec);
+    if (result == 0xFF_FF) {
+        result = 0;
+    } else {
+        result = -1;
     }
 
     return result;

diff --git a/avx2/ml_dsa_65/arithmetic/rounding.jinc b/avx2/ml_dsa_65/arithmetic/rounding.jinc
diff --git a/avx2/ml_dsa_65/ml_dsa.jazz b/avx2/ml_dsa_65/ml_dsa.jazz
@@ -1,9 +1,9 @@
 require "parameters.jinc"
-require "arithmetic/rounding.jinc"
 require "encoding/error_polynomial.jinc"
 require "encoding/gamma1.jinc"
 require "polynomial.jinc"
 
+from Common require "arithmetic/rounding.jinc"
 from Common require "sample/matrix_A.jinc"
 from Common require "sample/challenge.jinc"
 from Common require "sample/mask.jinc"

diff --git a/avx2/ml_dsa_65/polynomial.jinc b/avx2/ml_dsa_65/polynomial.jinc
@@ -1,16 +1,15 @@
-u256[5] CONSTANTS_TABLE = {
-    (8u32)[15, 15, 15, 15, 15, 15, 15, 15],
-    (8u32)[1025, 1025, 1025, 1025, 1025, 1025, 1025, 1025],
-    (8u32)[ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA],
-    (8u32)[127, 127, 127, 127, 127, 127, 127, 127],
-    (8u32)[512, 512, 512, 512, 512, 512, 512, 512]
-};
-
 namespace polynomial {
+    u256[5] CONSTANTS_TABLE = {
+        (8u32)[15, 15, 15, 15, 15, 15, 15, 15],
+        (8u32)[1025, 1025, 1025, 1025, 1025, 1025, 1025, 1025],
+        (8u32)[ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA, ALPHA],
+        (8u32)[127, 127, 127, 127, 127, 127, 127, 127],
+        (8u32)[512, 512, 512, 512, 512, 512, 512, 512]
+    };
     fn decompose (
         reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] polynomial,
-        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] lower_part,
-        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] upper_part
+        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] lows,
+        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] highs
     ) -> reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL],
          reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL]
     {
@@ -57,43 +56,51 @@ namespace polynomial {
             comparisons = #VPAND_256(comparisons, modulus);
             lower = #VPSUB_8u32(lower, comparisons);
 
-            lower_part.[u256 offset] = lower;
-            upper_part.[u256 offset] = upper;
+            lows.[u256 offset] = lower;
+            highs.[u256 offset] = upper;
 
             offset += 32;
         }
 
-        return lower_part, upper_part;
+        return lows, highs;
     }
 
-    // TODO: Ideally, we'd use VBLENDVPS to implement this, but it's not
-    // available in Jasmin yet.
     fn use_hints(
-        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] commitment hints
+        reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL] commitment hint_polynomial
     ) -> reg ptr u32[COEFFICIENTS_IN_POLYNOMIAL]
     {
-        reg u64 i;
-        reg u32 a h;
-        stack u32[COEFFICIENTS_IN_POLYNOMIAL] lower_part higher_part;
+        reg u256 zeros;
+        reg u256 hints;
+        reg u256 coefficients;
+        reg u256 high low;
+        reg u256 mask;
+
+        stack u32[COEFFICIENTS_IN_POLYNOMIAL] highs lows;
+
+        reg u64 offset temp;
 
-        reg u64 msf = #init_msf();
+        temp = 15;
+        mask = (256u)#VMOV(temp);
+        mask = #VPBROADCAST_8u32(mask);
 
-        inline bool b;
+        ?{}, zeros = #set0_256();
 
-        lower_part, higher_part = decompose(commitment, lower_part, higher_part);
+        lows, highs = decompose(commitment, lows, highs);
 
-        i = 0;
-        while { b = i < COEFFICIENTS_IN_POLYNOMIAL; } (b) {
-            msf = #update_msf(b, msf);
+        offset = 0;
+        while (offset < COEFFICIENTS_IN_POLYNOMIAL * 4) {
+            low = lows.[u256 offset];
+            hints = hint_polynomial.[u256 offset];
 
-            h = hints[i];
-            h = #protect_32(h, msf);
+            hints = #VPSIGN_8s32(hints, low);
 
-            a, msf = coefficient::use_hint(lower_part[i], higher_part[i], h, msf);
+            high = highs.[u256 offset];
+            coefficients = #VPADD_8u32(high, hints);
+            coefficients = #VPAND_256(coefficients, mask);
 
-            commitment[i] = a;
+            commitment.[u256 offset] = coefficients;
 
-            i += 1;
+            offset += 32;
         }
 
         return commitment;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -346,6 +346,4 @@ namespace polynomial {

		return highbits, lowbits;
		}


		}