Skip to content

Commit

Permalink
mlkem: sync with changes from formosa-crypto/formosa-mlkem#24
Browse files Browse the repository at this point in the history
  • Loading branch information
@tfaoliveira
tfaoliveira committed Feb 21, 2024
1 parent b545079 commit 71cc40b
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 33 deletions.
2 changes: 1 addition & 1 deletion src/crypto_kem/mlkem/mlkem768/amd64/avx2/keccakf1600.jinc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ inline fn __keccakf1600(reg ptr u64[25] a) -> reg ptr u64[25]
e = s_e;

c = 0;
while (c < KECCAK_ROUNDS)
while (c < KECCAK_ROUNDS - 1)
{
rc = RC[(int) c];
e = keccakf1600_round(e, a, rc);
Expand Down
2 changes: 1 addition & 1 deletion src/crypto_kem/mlkem/mlkem768/amd64/ref/fips202.jinc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ inline fn __keccakf1600(reg ptr u64[25] a) -> reg ptr u64[25]
e = s_e;

c = 0;
while (c < KECCAK_ROUNDS)
while (c < KECCAK_ROUNDS - 1)
{
rc = RC[(int) c];
e = keccakf1600_round(e, a, rc);
Expand Down
42 changes: 14 additions & 28 deletions src/crypto_kem/mlkem/mlkem768/amd64/ref/indcpa.jinc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,33 +113,26 @@ fn __indcpa_enc(stack u64 sctp, reg ptr u8[32] msgp, reg u64 pkp, reg ptr u8[MLK

aat = __gen_matrix(publicseed, 1);

noiseseed = s_noiseseed;
nonce = 0;
sp[0:MLKEM_N] = _poly_getnoise(sp[0:MLKEM_N], noiseseed, nonce);
sp[0:MLKEM_N] = _poly_getnoise(sp[0:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 1;
sp[MLKEM_N:MLKEM_N] = _poly_getnoise(sp[MLKEM_N:MLKEM_N], noiseseed, nonce);
sp[MLKEM_N:MLKEM_N] = _poly_getnoise(sp[MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 2;
sp[2*MLKEM_N:MLKEM_N] = _poly_getnoise(sp[2*MLKEM_N:MLKEM_N], noiseseed, nonce);
sp[2*MLKEM_N:MLKEM_N] = _poly_getnoise(sp[2*MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 3;
ep[0:MLKEM_N] = _poly_getnoise(ep[0:MLKEM_N], noiseseed, nonce);
ep[0:MLKEM_N] = _poly_getnoise(ep[0:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 4;
ep[MLKEM_N:MLKEM_N] = _poly_getnoise(ep[MLKEM_N:MLKEM_N], noiseseed, nonce);
ep[MLKEM_N:MLKEM_N] = _poly_getnoise(ep[MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 5;
ep[2*MLKEM_N:MLKEM_N] = _poly_getnoise(ep[2*MLKEM_N:MLKEM_N], noiseseed, nonce);
ep[2*MLKEM_N:MLKEM_N] = _poly_getnoise(ep[2*MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 6;
epp = _poly_getnoise(epp, noiseseed, nonce);
epp = _poly_getnoise(epp, s_noiseseed, nonce);

sp = __polyvec_ntt(sp);

Expand Down Expand Up @@ -195,33 +188,26 @@ fn __iindcpa_enc(reg ptr u8[MLKEM_CT_LEN] ctp, reg ptr u8[32] msgp, reg u64 pkp,

aat = __gen_matrix(publicseed, 1);

noiseseed = s_noiseseed;
nonce = 0;
sp[0:MLKEM_N] = _poly_getnoise(sp[0:MLKEM_N], noiseseed, nonce);
sp[0:MLKEM_N] = _poly_getnoise(sp[0:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 1;
sp[MLKEM_N:MLKEM_N] = _poly_getnoise(sp[MLKEM_N:MLKEM_N], noiseseed, nonce);
sp[MLKEM_N:MLKEM_N] = _poly_getnoise(sp[MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 2;
sp[2*MLKEM_N:MLKEM_N] = _poly_getnoise(sp[2*MLKEM_N:MLKEM_N], noiseseed, nonce);
sp[2*MLKEM_N:MLKEM_N] = _poly_getnoise(sp[2*MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 3;
ep[0:MLKEM_N] = _poly_getnoise(ep[0:MLKEM_N], noiseseed, nonce);
ep[0:MLKEM_N] = _poly_getnoise(ep[0:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 4;
ep[MLKEM_N:MLKEM_N] = _poly_getnoise(ep[MLKEM_N:MLKEM_N], noiseseed, nonce);
ep[MLKEM_N:MLKEM_N] = _poly_getnoise(ep[MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 5;
ep[2*MLKEM_N:MLKEM_N] = _poly_getnoise(ep[2*MLKEM_N:MLKEM_N], noiseseed, nonce);
ep[2*MLKEM_N:MLKEM_N] = _poly_getnoise(ep[2*MLKEM_N:MLKEM_N], s_noiseseed, nonce);

noiseseed = s_noiseseed;
nonce = 6;
epp = _poly_getnoise(epp, noiseseed, nonce);
epp = _poly_getnoise(epp, s_noiseseed, nonce);

sp = __polyvec_ntt(sp);

Expand Down
6 changes: 3 additions & 3 deletions src/crypto_kem/mlkem/mlkem768/amd64/ref/polyvec.jinc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ fn __polyvec_compress(reg u64 rp, stack u16[MLKEM_VECN] a)

aa = __polyvec_csubq(a);

while (i < MLKEM_VECN)
while (i < MLKEM_VECN - 3)
{
for k = 0 to 4
{
Expand Down Expand Up @@ -98,7 +98,7 @@ fn __i_polyvec_compress(reg ptr u8[MLKEM_POLYVECCOMPRESSEDBYTES] rp, stack u16[M

aa = __polyvec_csubq(a);

while (i < MLKEM_VECN)
while (i < MLKEM_VECN - 3)
{
for k = 0 to 4
{
Expand Down Expand Up @@ -161,7 +161,7 @@ fn __polyvec_decompress(reg u64 ap) -> stack u16[MLKEM_VECN]
i = 0;
j = 0;

while (i < MLKEM_VECN)
while (i < MLKEM_VECN - 3)
{
for k = 0 to 5
{
Expand Down

0 comments on commit 71cc40b

Please sign in to comment.