diff --git a/Cargo.lock b/Cargo.lock
index e09691d28..1384219f6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -702,7 +702,7 @@ dependencies = [
[[package]]
name = "hax-lib"
version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617"
+source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
dependencies = [
"hax-lib-macros",
"num-bigint",
@@ -712,7 +712,7 @@ dependencies = [
[[package]]
name = "hax-lib-macros"
version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617"
+source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
dependencies = [
"hax-lib-macros-types",
"paste",
@@ -725,7 +725,7 @@ dependencies = [
[[package]]
name = "hax-lib-macros-types"
version = "0.1.0-pre.1"
-source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617"
+source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72"
dependencies = [
"proc-macro2",
"quote",
@@ -889,9 +889,9 @@ dependencies = [
[[package]]
name = "libc"
-version = "0.2.158"
+version = "0.2.159"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439"
+checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5"
[[package]]
name = "libcrux"
diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt
index 7599cb2f1..d393ef31c 100644
--- a/libcrux-ml-kem/c/code_gen.txt
+++ b/libcrux-ml-kem/c/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h
index 31a212a7c..9c0e8828e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_core.h
+++ b/libcrux-ml-kem/c/internal/libcrux_core.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __internal_libcrux_core_H
@@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 1568
*/
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1(
uint8_t value[1568U]);
/**
@@ -82,7 +82,7 @@ with const generics
- PRIVATE_KEY_SIZE= 3168
- PUBLIC_KEY_SIZE= 1568
*/
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781(
libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
libcrux_ml_kem_types_MlKemPublicKey_1f pk);
@@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 3168
*/
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61(
uint8_t value[3168U]);
/**
@@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 1184
*/
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0(
uint8_t value[1184U]);
/**
@@ -120,7 +120,7 @@ with const generics
- PRIVATE_KEY_SIZE= 2400
- PUBLIC_KEY_SIZE= 1184
*/
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780(
libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
libcrux_ml_kem_types_MlKemPublicKey_15 pk);
@@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 2400
*/
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60(
uint8_t value[2400U]);
/**
@@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 800
*/
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af(
uint8_t value[800U]);
/**
@@ -158,7 +158,7 @@ with const generics
- PRIVATE_KEY_SIZE= 1632
- PUBLIC_KEY_SIZE= 800
*/
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78(
libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
libcrux_ml_kem_types_MlKemPublicKey_be pk);
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 1632
*/
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6(
uint8_t value[1632U]);
/**
@@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 1184
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_121(
libcrux_ml_kem_types_MlKemPublicKey_15 *self);
/**
@@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 1088
*/
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1(
uint8_t value[1088U]);
/**
@@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 1088
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1(
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self);
/**
@@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 800
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_120(
libcrux_ml_kem_types_MlKemPublicKey_be *self);
/**
@@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 768
*/
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0(
uint8_t value[768U]);
/**
@@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 768
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0(
libcrux_ml_kem_types_MlKemCiphertext_e8 *self);
/**
@@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 1568
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_12(
libcrux_ml_kem_types_MlKemPublicKey_1f *self);
/**
@@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 1568
*/
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b(
uint8_t value[1568U]);
/**
@@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 1568
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae(
libcrux_ml_kem_types_MlKemCiphertext_1f *self);
/**
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
index c4c213b73..cd446e37c 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __internal_libcrux_mlkem_avx2_H
@@ -41,7 +41,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -51,7 +51,7 @@ with const generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_701(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e11(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
@@ -69,7 +69,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -90,7 +90,7 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]);
@@ -116,7 +116,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f1(
+void libcrux_ml_kem_ind_cca_decapsulate_6f1(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
@@ -128,7 +128,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -138,7 +138,7 @@ with const generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_700(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e10(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
@@ -156,7 +156,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -177,7 +177,7 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]);
@@ -203,7 +203,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f0(
+void libcrux_ml_kem_ind_cca_decapsulate_6f0(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
@@ -215,7 +215,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -225,7 +225,7 @@ with const generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_70(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e1(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
@@ -242,7 +242,7 @@ with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
uint8_t randomness[64U]);
/**
@@ -264,7 +264,7 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]);
@@ -290,7 +290,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f(
+void libcrux_ml_kem_ind_cca_decapsulate_6f(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
index def86cf8e..c67068ba0 100644
--- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __internal_libcrux_mlkem_portable_H
@@ -46,7 +46,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -56,7 +56,7 @@ with const generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
+bool libcrux_ml_kem_ind_cca_validate_private_key_c0(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext);
@@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]);
@@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-void libcrux_ml_kem_ind_cca_decapsulate_191(
+void libcrux_ml_kem_ind_cca_decapsulate_811(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]);
@@ -133,7 +133,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -143,7 +143,7 @@ with const generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
+bool libcrux_ml_kem_ind_cca_validate_private_key_90(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext);
@@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 192
*/
libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]);
@@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-void libcrux_ml_kem_ind_cca_decapsulate_190(
+void libcrux_ml_kem_ind_cca_decapsulate_810(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]);
@@ -220,7 +220,7 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key);
+bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key
@@ -230,7 +230,7 @@ with const generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_33(
+bool libcrux_ml_kem_ind_cca_validate_private_key_94(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext);
@@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]);
+libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]);
/**
A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate
@@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]);
@@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-void libcrux_ml_kem_ind_cca_decapsulate_19(
+void libcrux_ml_kem_ind_cca_decapsulate_81(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]);
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
index 95df92565..2f2a3e44e 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __internal_libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
index a57bfa85c..6ee3decbd 100644
--- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __internal_libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c
index bad4aa323..1cbf9e303 100644
--- a/libcrux-ml-kem/c/libcrux_core.c
+++ b/libcrux-ml-kem/c/libcrux_core.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "internal/libcrux_core.h"
@@ -80,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 1568
*/
-libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671(
+libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1(
uint8_t value[1568U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1568U];
@@ -100,7 +100,7 @@ with const generics
- PRIVATE_KEY_SIZE= 3168
- PUBLIC_KEY_SIZE= 1568
*/
-libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1(
+libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781(
libcrux_ml_kem_types_MlKemPrivateKey_95 sk,
libcrux_ml_kem_types_MlKemPublicKey_1f pk) {
return (
@@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 3168
*/
-libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1(
+libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61(
uint8_t value[3168U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[3168U];
@@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 1184
*/
-libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670(
+libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0(
uint8_t value[1184U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1184U];
@@ -155,7 +155,7 @@ with const generics
- PRIVATE_KEY_SIZE= 2400
- PUBLIC_KEY_SIZE= 1184
*/
-libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0(
+libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780(
libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
return (
@@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 2400
*/
-libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0(
+libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60(
uint8_t value[2400U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[2400U];
@@ -190,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a
with const generics
- SIZE= 800
*/
-libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67(
+libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af(
uint8_t value[800U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[800U];
@@ -210,7 +210,7 @@ with const generics
- PRIVATE_KEY_SIZE= 1632
- PUBLIC_KEY_SIZE= 800
*/
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78(
libcrux_ml_kem_types_MlKemPrivateKey_5e sk,
libcrux_ml_kem_types_MlKemPublicKey_be pk) {
return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk});
@@ -225,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f
with const generics
- SIZE= 1632
*/
-libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af(
+libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6(
uint8_t value[1632U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1632U];
@@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 1184
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_121(
libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
return self->value;
}
@@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 1088
*/
-libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451(
+libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1(
uint8_t value[1088U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1088U];
@@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 1088
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_401(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1(
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
}
@@ -308,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 800
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_120(
libcrux_ml_kem_types_MlKemPublicKey_be *self) {
return self->value;
}
@@ -322,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 768
*/
-libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450(
+libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0(
uint8_t value[768U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[768U];
@@ -341,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 768
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_400(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0(
libcrux_ml_kem_types_MlKemCiphertext_e8 *self) {
return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t);
}
@@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 1568
*/
-uint8_t *libcrux_ml_kem_types_as_slice_fd_fe(
+uint8_t *libcrux_ml_kem_types_as_slice_fd_12(
libcrux_ml_kem_types_MlKemPublicKey_1f *self) {
return self->value;
}
@@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01
with const generics
- SIZE= 1568
*/
-libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45(
+libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b(
uint8_t value[1568U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1568U];
@@ -465,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 1568
*/
-Eurydice_slice libcrux_ml_kem_types_as_ref_00_40(
+Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae(
libcrux_ml_kem_types_MlKemCiphertext_1f *self) {
return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t);
}
diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h
index bc1f587a2..788f288e4 100644
--- a/libcrux-ml-kem/c/libcrux_core.h
+++ b/libcrux-ml-kem/c/libcrux_core.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_core_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h
index 63a7ab056..cdea86609 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem1024_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
index 1028b5ac1..a62e4b058 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem1024_avx2.h"
@@ -35,10 +35,10 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-static void decapsulate_0c0(
+static void decapsulate_150(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_0c0(
void libcrux_ml_kem_mlkem1024_avx2_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
- decapsulate_0c0(private_key, ciphertext, ret);
+ decapsulate_150(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_21 encapsulate_ae0(
+static tuple_21 encapsulate_9e0(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_ae0(uu____0, copy_of_randomness);
+ return encapsulate_9e0(uu____0, copy_of_randomness);
}
/**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_5a0(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_010(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness);
}
/**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_5a0(copy_of_randomness);
+ return generate_keypair_010(copy_of_randomness);
}
/**
@@ -136,10 +136,10 @@ generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-static KRML_MUSTINLINE bool validate_private_key_080(
+static KRML_MUSTINLINE bool validate_private_key_840(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key,
ciphertext);
}
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_080(
bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
- return validate_private_key_080(private_key, ciphertext);
+ return validate_private_key_840(private_key, ciphertext);
}
/**
@@ -162,8 +162,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e30(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key);
}
/**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
- return validate_public_key_f60(public_key->value);
+ return validate_public_key_e30(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
index dede724bf..037013ac3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem1024_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
index bed205e56..96788b0a9 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem1024_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-static void decapsulate_831(
+static void decapsulate_e51(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_831(
void libcrux_ml_kem_mlkem1024_portable_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
- decapsulate_831(private_key, ciphertext, ret);
+ decapsulate_e51(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_21 encapsulate_951(
+static tuple_21 encapsulate_1f1(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_8a1(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_951(uu____0, copy_of_randomness);
+ return encapsulate_1f1(uu____0, copy_of_randomness);
}
/**
@@ -110,12 +110,12 @@ generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11(
+static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e31(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_281(copy_of_randomness);
}
/**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_d11(copy_of_randomness);
+ return generate_keypair_e31(copy_of_randomness);
}
/**
@@ -137,10 +137,10 @@ generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-static KRML_MUSTINLINE bool validate_private_key_da1(
+static KRML_MUSTINLINE bool validate_private_key_a41(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_c0(private_key,
ciphertext);
}
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da1(
bool libcrux_ml_kem_mlkem1024_portable_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) {
- return validate_private_key_da1(private_key, ciphertext);
+ return validate_private_key_a41(private_key, ciphertext);
}
/**
@@ -163,8 +163,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key);
+static KRML_MUSTINLINE bool validate_public_key_101(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_071(public_key);
}
/**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem1024_portable_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) {
- return validate_public_key_e91(public_key->value);
+ return validate_public_key_101(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
index 87b018021..9a9d19aa3 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem1024_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h
index 157226146..bc9966b87 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem512_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
index 8008c0304..92728c869 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem512_avx2.h"
@@ -35,10 +35,10 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
+static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext,
uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
void libcrux_ml_kem_mlkem512_avx2_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
- decapsulate_0c(private_key, ciphertext, ret);
+ decapsulate_15(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_ec encapsulate_ae(
+static tuple_ec encapsulate_9e(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_ae(uu____0, copy_of_randomness);
+ return encapsulate_9e(uu____0, copy_of_randomness);
}
/**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_5a(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_01(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness);
}
/**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_5a(copy_of_randomness);
+ return generate_keypair_01(copy_of_randomness);
}
/**
@@ -136,10 +136,10 @@ generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-static KRML_MUSTINLINE bool validate_private_key_08(
+static KRML_MUSTINLINE bool validate_private_key_84(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key,
ciphertext);
}
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_08(
bool libcrux_ml_kem_mlkem512_avx2_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
- return validate_private_key_08(private_key, ciphertext);
+ return validate_private_key_84(private_key, ciphertext);
}
/**
@@ -162,8 +162,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e3(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key);
}
/**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem512_avx2_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
- return validate_public_key_f6(public_key->value);
+ return validate_public_key_e3(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
index 8a66b75c4..9a569226e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem512_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
index 2fc5a3251..b8c676f21 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem512_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-static void decapsulate_830(
+static void decapsulate_e50(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_830(
void libcrux_ml_kem_mlkem512_portable_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
- decapsulate_830(private_key, ciphertext, ret);
+ decapsulate_e50(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_ec encapsulate_950(
+static tuple_ec encapsulate_1f0(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_950(uu____0, copy_of_randomness);
+ return encapsulate_1f0(uu____0, copy_of_randomness);
}
/**
@@ -110,12 +110,12 @@ generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10(
+static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e30(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness);
}
/**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_d10(copy_of_randomness);
+ return generate_keypair_e30(copy_of_randomness);
}
/**
@@ -137,10 +137,10 @@ generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-static KRML_MUSTINLINE bool validate_private_key_da0(
+static KRML_MUSTINLINE bool validate_private_key_a40(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_90(private_key,
ciphertext);
}
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da0(
bool libcrux_ml_kem_mlkem512_portable_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) {
- return validate_private_key_da0(private_key, ciphertext);
+ return validate_private_key_a40(private_key, ciphertext);
}
/**
@@ -163,8 +163,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key);
+static KRML_MUSTINLINE bool validate_public_key_100(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_070(public_key);
}
/**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem512_portable_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key) {
- return validate_public_key_e90(public_key->value);
+ return validate_public_key_100(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
index 66032c07f..d77580778 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem512_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h
index 85985206f..a6116f34c 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
index 3fd65a30d..e40e70dc4 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem768_avx2.h"
@@ -35,10 +35,10 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-static void decapsulate_0c1(
+static void decapsulate_151(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_0c1(
void libcrux_ml_kem_mlkem768_avx2_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- decapsulate_0c1(private_key, ciphertext, ret);
+ decapsulate_151(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_3c encapsulate_ae1(
+static tuple_3c encapsulate_9e1(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_ae1(uu____0, copy_of_randomness);
+ return encapsulate_9e1(uu____0, copy_of_randomness);
}
/**
@@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_5a1(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_011(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_d21(copy_of_randomness);
}
/**
@@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_5a1(copy_of_randomness);
+ return generate_keypair_011(copy_of_randomness);
}
/**
@@ -136,10 +136,10 @@ generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE bool validate_private_key_081(
+static KRML_MUSTINLINE bool validate_private_key_841(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key,
ciphertext);
}
@@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_081(
bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return validate_private_key_081(private_key, ciphertext);
+ return validate_private_key_841(private_key, ciphertext);
}
/**
@@ -162,8 +162,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key);
+static KRML_MUSTINLINE bool validate_public_key_e31(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key);
}
/**
@@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
- return validate_public_key_f61(public_key->value);
+ return validate_public_key_e31(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
index af5edca86..aaf21051e 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
index 1794e74b4..5b18705f9 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_mlkem768_portable.h"
@@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-static void decapsulate_83(
+static void decapsulate_e5(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret);
}
/**
@@ -51,7 +51,7 @@ static void decapsulate_83(
void libcrux_ml_kem_mlkem768_portable_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- decapsulate_83(private_key, ciphertext, ret);
+ decapsulate_e5(private_key, ciphertext, ret);
}
/**
@@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static tuple_3c encapsulate_95(
+static tuple_3c encapsulate_1f(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness);
}
/**
@@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return encapsulate_95(uu____0, copy_of_randomness);
+ return encapsulate_1f(uu____0, copy_of_randomness);
}
/**
@@ -110,12 +110,12 @@ generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1(
+static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e3(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness);
}
/**
@@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return generate_keypair_d1(copy_of_randomness);
+ return generate_keypair_e3(copy_of_randomness);
}
/**
@@ -137,10 +137,10 @@ generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE bool validate_private_key_da(
+static KRML_MUSTINLINE bool validate_private_key_a4(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_94(private_key,
ciphertext);
}
@@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da(
bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return validate_private_key_da(private_key, ciphertext);
+ return validate_private_key_a4(private_key, ciphertext);
}
/**
@@ -163,8 +163,8 @@ generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key);
+static KRML_MUSTINLINE bool validate_public_key_10(uint8_t *public_key) {
+ return libcrux_ml_kem_ind_cca_validate_public_key_07(public_key);
}
/**
@@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) {
*/
bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
- return validate_public_key_e9(public_key->value);
+ return validate_public_key_10(public_key->value);
}
diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
index 4e8116617..3e1a2fe82 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_portable_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
index 05520bf99..4893a5ab2 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "internal/libcrux_mlkem_avx2.h"
@@ -1140,7 +1140,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_d7(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -1160,7 +1160,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -1174,7 +1174,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_reduced_ring_element_dc(ring_element);
+ deserialize_to_reduced_ring_element_d7(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -1185,15 +1185,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_001(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_05(););
- deserialize_ring_elements_reduced_531(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_e71(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -1202,7 +1206,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right
with const generics
- SHIFT_BY= 15
*/
-static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) {
+static KRML_MUSTINLINE __m256i shift_right_1f(__m256i vector) {
return mm256_srai_epi16((int32_t)15, vector, __m256i);
}
@@ -1215,8 +1219,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09
with const generics
- SHIFT_BY= 15
*/
-static __m256i shift_right_09_85(__m256i vector) {
- return shift_right_65(vector);
+static __m256i shift_right_09_c7(__m256i vector) {
+ return shift_right_1f(vector);
}
/**
@@ -1225,8 +1229,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
-static __m256i to_unsigned_representative_3f(__m256i a) {
- __m256i t = shift_right_09_85(a);
+static __m256i to_unsigned_representative_b5(__m256i a) {
+ __m256i t = shift_right_09_c7(a);
__m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -1238,8 +1242,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) {
- return to_unsigned_representative_3f(a);
+static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) {
+ return to_unsigned_representative_b5(a);
}
/**
@@ -1248,13 +1252,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
uint8_t serialized[384U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]);
+ __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]);
uint8_t bytes[24U];
libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -1274,7 +1278,7 @@ with const generics
- K= 3
- OUT_LEN= 1152
*/
-static KRML_MUSTINLINE void serialize_secret_key_991(
+static KRML_MUSTINLINE void serialize_secret_key_051(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
uint8_t ret[1152U]) {
uint8_t out[1152U] = {0U};
@@ -1292,11 +1296,13 @@ static KRML_MUSTINLINE void serialize_secret_key_991(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_2c(&re, ret0);
+ serialize_uncompressed_ring_element_b8(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
+ uint8_t result[1152U];
+ memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
}
/**
@@ -1307,13 +1313,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_6c1(
+static KRML_MUSTINLINE void serialize_public_key_mut_071(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1152U, uint8_t);
uint8_t ret[1152U];
- serialize_secret_key_991(t_as_ntt, ret);
+ serialize_secret_key_051(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -1330,11 +1336,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void serialize_public_key_ca1(
+static KRML_MUSTINLINE void serialize_public_key_e51(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
uint8_t public_key_serialized[1184U] = {0U};
- serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_071(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[1184U];
memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
@@ -1348,15 +1354,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
- deserialize_ring_elements_reduced_out_cc1(
+ deserialize_ring_elements_reduced_out_001(
Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1184U];
- serialize_public_key_ca1(
+ serialize_public_key_e51(
uu____0,
Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
@@ -1386,7 +1392,7 @@ with const generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_701(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e11(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
uint8_t t[32U];
@@ -1498,7 +1504,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_751(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_101(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -2161,7 +2167,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_3_ba(
+static KRML_MUSTINLINE void ntt_at_layer_3_bc(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2177,7 +2183,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_2_89(
+static KRML_MUSTINLINE void ntt_at_layer_2_c2(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2195,7 +2201,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_1_d7(
+static KRML_MUSTINLINE void ntt_at_layer_1_09(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2220,7 +2226,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_dc(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2236,17 +2242,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_44(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
ntt_at_layer_7_13(re);
size_t zeta_i = (size_t)1U;
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_ba(&zeta_i, re);
- ntt_at_layer_2_89(&zeta_i, re);
- ntt_at_layer_1_d7(&zeta_i, re);
- poly_barrett_reduce_ef_a9(re);
+ ntt_at_layer_3_bc(&zeta_i, re);
+ ntt_at_layer_2_c2(&zeta_i, re);
+ ntt_at_layer_1_09(&zeta_i, re);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -2257,7 +2263,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -2276,7 +2282,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01(
i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
return domain_separator;
}
@@ -2299,7 +2305,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811(
+static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -2308,7 +2314,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_081(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
memcpy(
@@ -2334,7 +2340,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05();
for (size_t i = (size_t)0U;
@@ -2364,7 +2370,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f1(
+static KRML_MUSTINLINE void add_to_ring_element_ef_311(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
for (size_t i = (size_t)0U;
@@ -2384,7 +2390,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static __m256i to_standard_domain_79(__m256i v) {
+static __m256i to_standard_domain_c1(__m256i v) {
return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
}
@@ -2400,14 +2406,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_34(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t j = i;
__m256i coefficient_normal_form =
- to_standard_domain_79(self->coefficients[j]);
+ to_standard_domain_c1(self->coefficients[j]);
self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
&error->coefficients[j]));
@@ -2420,7 +2426,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void compute_As_plus_e_2d1(
+static KRML_MUSTINLINE void compute_As_plus_e_671(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -2447,10 +2453,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d1(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_311(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -2463,12 +2469,12 @@ with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static void generate_keypair_unpacked_a41(
+static void generate_keypair_unpacked_4a1(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_a0 *private_key,
IndCpaPublicKeyUnpacked_a0 *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_751(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_101(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -2488,17 +2494,17 @@ static void generate_keypair_unpacked_a41(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_081(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_671(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -2519,18 +2525,18 @@ with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1();
IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891();
- generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- serialize_public_key_ca1(
+ serialize_public_key_e51(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -2554,7 +2560,7 @@ with const generics
- K= 3
- SERIALIZED_KEY_LEN= 2400
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f1(
+static KRML_MUSTINLINE void serialize_kem_secret_key_711(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
uint8_t out[2400U] = {0U};
@@ -2610,7 +2616,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -2619,13 +2625,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- generate_keypair_6a1(ind_cpa_keypair_randomness);
+ generate_keypair_471(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- serialize_kem_secret_key_1f1(
+ serialize_kem_secret_key_711(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -2634,13 +2640,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee0(
- uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_780(
+ uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key));
}
/**
@@ -2653,7 +2659,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_c51(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -2738,7 +2744,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_a3(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2759,7 +2765,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_98(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -2778,7 +2784,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_d7(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
zeta_i[0U] = zeta_i[0U] - (size_t)1U;
@@ -2795,7 +2801,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) {
+inv_ntt_layer_int_vec_step_reduce_2d(__m256i a, __m256i b, int16_t zeta_r) {
__m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
a = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
libcrux_ml_kem_vector_avx2_add_09(a, &b));
@@ -2810,7 +2816,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t layer) {
size_t step = (size_t)1U << (uint32_t)layer;
@@ -2825,7 +2831,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc(
for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
size_t j = i;
libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
- inv_ntt_layer_int_vec_step_reduce_75(
+ inv_ntt_layer_int_vec_step_reduce_2d(
re->coefficients[j], re->coefficients[j + step_vec],
libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
__m256i x = uu____0.fst;
@@ -2842,18 +2848,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f1(
+static KRML_MUSTINLINE void invert_ntt_montgomery_801(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_f7(&zeta_i, re);
- invert_ntt_at_layer_2_98(&zeta_i, re);
- invert_ntt_at_layer_3_fe(&zeta_i, re);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_a9(re);
+ invert_ntt_at_layer_1_a3(&zeta_i, re);
+ invert_ntt_at_layer_2_cd(&zeta_i, re);
+ invert_ntt_at_layer_3_d7(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -2867,7 +2873,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void add_error_reduce_ef_dd(
+static KRML_MUSTINLINE void add_error_reduce_ef_05(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
for (size_t i = (size_t)0U;
@@ -2888,14 +2894,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void compute_vector_u_dd1(
+static KRML_MUSTINLINE void compute_vector_u_3c1(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
- result0[i] = ZERO_ef_05(););
+ result[i] = ZERO_ef_05(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -2915,16 +2921,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd1(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_4f1(&result0[i1], &product);
+ ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_311(&result[i1], &product);
}
- invert_ntt_montgomery_8f1(&result0[i1]);
- add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_801(&result[i1]);
+ add_error_reduce_ef_05(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
- memcpy(
- result, result0,
- (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -2936,7 +2938,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static __m256i decompress_1_08(__m256i vec) {
+static __m256i decompress_1_20(__m256i vec) {
__m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
__m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s,
@@ -2950,7 +2952,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_message_d3(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_12(uint8_t serialized[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -2959,7 +2961,7 @@ deserialize_then_decompress_message_d3(uint8_t serialized[32U]) {
Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
(size_t)2U * i0 + (size_t)2U,
uint8_t));
- re.coefficients[i0] = decompress_1_08(coefficient_compressed););
+ re.coefficients[i0] = decompress_1_20(coefficient_compressed););
return re;
}
@@ -2975,7 +2977,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-add_message_error_reduce_ef_79(
+add_message_error_reduce_ef_b9(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3002,7 +3004,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_771(
+compute_ring_element_v_511(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3010,10 +3012,10 @@ compute_ring_element_v_771(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_4f1(&result, &product););
- invert_ntt_montgomery_8f1(&result);
- result = add_message_error_reduce_ef_79(error_2, message, result);
+ ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_311(&result, &product););
+ invert_ntt_montgomery_801(&result);
+ result = add_message_error_reduce_ef_b9(error_2, message, result);
return result;
}
@@ -3024,7 +3026,7 @@ generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a(__m256i vector) {
+compress_ciphertext_coefficient_76(__m256i vector) {
__m256i field_modulus_halved = mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
(int32_t)2);
@@ -3071,8 +3073,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
with const generics
- COEFFICIENT_BITS= 10
*/
-static __m256i compress_09_74(__m256i vector) {
- return compress_ciphertext_coefficient_1a(vector);
+static __m256i compress_09_70(__m256i vector) {
+ return compress_ciphertext_coefficient_76(vector);
}
/**
@@ -3081,14 +3083,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- OUT_LEN= 320
*/
-static KRML_MUSTINLINE void compress_then_serialize_10_2b0(
+static KRML_MUSTINLINE void compress_then_serialize_10_170(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
__m256i coefficient =
- compress_09_74(to_unsigned_field_modulus_7b(re->coefficients[i0]));
+ compress_09_70(to_unsigned_field_modulus_88(re->coefficients[i0]));
uint8_t bytes[20U];
libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -3108,7 +3110,7 @@ generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a0(__m256i vector) {
+compress_ciphertext_coefficient_760(__m256i vector) {
__m256i field_modulus_halved = mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
(int32_t)2);
@@ -3155,8 +3157,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
with const generics
- COEFFICIENT_BITS= 11
*/
-static __m256i compress_09_740(__m256i vector) {
- return compress_ciphertext_coefficient_1a0(vector);
+static __m256i compress_09_700(__m256i vector) {
+ return compress_ciphertext_coefficient_760(vector);
}
/**
@@ -3166,10 +3168,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 10
- OUT_LEN= 320
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b00(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
uint8_t uu____0[320U];
- compress_then_serialize_10_2b0(re, uu____0);
+ compress_then_serialize_10_170(re, uu____0);
memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
}
@@ -3182,7 +3184,7 @@ with const generics
- COMPRESSION_FACTOR= 10
- BLOCK_LEN= 320
*/
-static void compress_then_serialize_u_421(
+static void compress_then_serialize_u_e81(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -3198,7 +3200,7 @@ static void compress_then_serialize_u_421(
out, i0 * ((size_t)960U / (size_t)3U),
(i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
uint8_t ret[320U];
- compress_then_serialize_ring_element_u_9e0(&re, ret);
+ compress_then_serialize_ring_element_u_b00(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
}
@@ -3211,7 +3213,7 @@ generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a1(__m256i vector) {
+compress_ciphertext_coefficient_761(__m256i vector) {
__m256i field_modulus_halved = mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
(int32_t)2);
@@ -3258,8 +3260,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
with const generics
- COEFFICIENT_BITS= 4
*/
-static __m256i compress_09_741(__m256i vector) {
- return compress_ciphertext_coefficient_1a1(vector);
+static __m256i compress_09_701(__m256i vector) {
+ return compress_ciphertext_coefficient_761(vector);
}
/**
@@ -3268,14 +3270,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_4_a4(
+static KRML_MUSTINLINE void compress_then_serialize_4_06(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
__m256i coefficient =
- compress_09_741(to_unsigned_field_modulus_7b(re.coefficients[i0]));
+ compress_09_701(to_unsigned_field_modulus_88(re.coefficients[i0]));
uint8_t bytes[8U];
libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
Eurydice_slice_copy(
@@ -3292,7 +3294,7 @@ generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE __m256i
-compress_ciphertext_coefficient_1a2(__m256i vector) {
+compress_ciphertext_coefficient_762(__m256i vector) {
__m256i field_modulus_halved = mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
(int32_t)2);
@@ -3339,8 +3341,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09
with const generics
- COEFFICIENT_BITS= 5
*/
-static __m256i compress_09_742(__m256i vector) {
- return compress_ciphertext_coefficient_1a2(vector);
+static __m256i compress_09_702(__m256i vector) {
+ return compress_ciphertext_coefficient_762(vector);
}
/**
@@ -3349,14 +3351,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_5_03(
+static KRML_MUSTINLINE void compress_then_serialize_5_7a(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
__m256i coefficients =
- compress_09_742(to_unsigned_representative_3f(re.coefficients[i0]));
+ compress_09_702(to_unsigned_representative_b5(re.coefficients[i0]));
uint8_t bytes[10U];
libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
Eurydice_slice_copy(
@@ -3373,9 +3375,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 4
- OUT_LEN= 128
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f20(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
- compress_then_serialize_4_a4(re, out);
+ compress_then_serialize_4_06(re, out);
}
/**
@@ -3395,7 +3397,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key,
+static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key,
uint8_t message[32U],
Eurydice_slice randomness,
uint8_t ret[1088U]) {
@@ -3404,7 +3406,7 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key,
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U);
+ tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -3428,25 +3430,25 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key,
sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
- compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_3c1(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
- deserialize_then_decompress_message_d3(copy_of_message);
+ deserialize_then_decompress_message_12(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_511(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[1088U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
memcpy(
uu____5, u,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compress_then_serialize_u_421(
+ compress_then_serialize_u_e81(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
- compress_then_serialize_ring_element_v_d10(
+ compress_then_serialize_ring_element_v_f20(
uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -3469,10 +3471,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[1088U]) {
IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891();
- deserialize_ring_elements_reduced_531(
+ deserialize_ring_elements_reduced_e71(
Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -3487,7 +3489,7 @@ static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1088U];
- encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_031(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
}
@@ -3502,7 +3504,7 @@ with const generics
- K= 3
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_dc1(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3529,11 +3531,11 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_641(
+ entropy_preprocess_d8_c51(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -3543,7 +3545,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
size_t);
uint8_t ret[32U];
H_a9_411(Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -3557,19 +3559,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_161(shared_secret, shared_secret_array);
+ kdf_d8_dc1(shared_secret, shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -3588,7 +3590,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_fe(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -3606,7 +3608,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_secret_key_541(
+static KRML_MUSTINLINE void deserialize_secret_key_0d1(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -3623,7 +3625,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_541(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+ deserialize_to_uncompressed_ring_element_fe(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
@@ -3642,7 +3644,7 @@ generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e(__m256i vector) {
+decompress_ciphertext_coefficient_6c(__m256i vector) {
__m256i field_modulus =
mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
__m256i two_pow_coefficient_bits =
@@ -3686,8 +3688,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
generics
- COEFFICIENT_BITS= 10
*/
-static __m256i decompress_ciphertext_coefficient_09_70(__m256i vector) {
- return decompress_ciphertext_coefficient_8e(vector);
+static __m256i decompress_ciphertext_coefficient_09_0f(__m256i vector) {
+ return decompress_ciphertext_coefficient_6c(vector);
}
/**
@@ -3697,7 +3699,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_10_c7(Eurydice_slice serialized) {
+deserialize_then_decompress_10_47(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
LowStar_Ignore_ignore(
Eurydice_slice_len(
@@ -3710,7 +3712,7 @@ deserialize_then_decompress_10_c7(Eurydice_slice serialized) {
Eurydice_slice bytes = Eurydice_slice_subslice2(
serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
- re.coefficients[i0] = decompress_ciphertext_coefficient_09_70(coefficient);
+ re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f(coefficient);
}
return re;
}
@@ -3722,7 +3724,7 @@ generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e0(__m256i vector) {
+decompress_ciphertext_coefficient_6c0(__m256i vector) {
__m256i field_modulus =
mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
__m256i two_pow_coefficient_bits =
@@ -3766,8 +3768,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
generics
- COEFFICIENT_BITS= 11
*/
-static __m256i decompress_ciphertext_coefficient_09_700(__m256i vector) {
- return decompress_ciphertext_coefficient_8e0(vector);
+static __m256i decompress_ciphertext_coefficient_09_0f0(__m256i vector) {
+ return decompress_ciphertext_coefficient_6c0(vector);
}
/**
@@ -3777,7 +3779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_11_d5(Eurydice_slice serialized) {
+deserialize_then_decompress_11_a8(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -3785,7 +3787,7 @@ deserialize_then_decompress_11_d5(Eurydice_slice serialized) {
Eurydice_slice bytes = Eurydice_slice_subslice2(
serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
- re.coefficients[i0] = decompress_ciphertext_coefficient_09_700(coefficient);
+ re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f0(coefficient);
}
return re;
}
@@ -3797,8 +3799,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) {
- return deserialize_then_decompress_10_c7(serialized);
+deserialize_then_decompress_ring_element_u_d30(Eurydice_slice serialized) {
+ return deserialize_then_decompress_10_47(serialized);
}
/**
@@ -3807,17 +3809,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- VECTOR_U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void ntt_vector_u_b70(
+static KRML_MUSTINLINE void ntt_vector_u_090(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i = (size_t)0U;
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_ba(&zeta_i, re);
- ntt_at_layer_2_89(&zeta_i, re);
- ntt_at_layer_1_d7(&zeta_i, re);
- poly_barrett_reduce_ef_a9(re);
+ ntt_at_layer_3_bc(&zeta_i, re);
+ ntt_at_layer_2_c2(&zeta_i, re);
+ ntt_at_layer_1_09(&zeta_i, re);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -3828,7 +3830,7 @@ with const generics
- CIPHERTEXT_SIZE= 1088
- U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_251(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_411(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -3851,11 +3853,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_251(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)10U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
- ntt_vector_u_b70(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes);
+ ntt_vector_u_090(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
memcpy(
- ret, u_as_ntt,
+ result, u_as_ntt,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -3866,7 +3872,7 @@ generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e1(__m256i vector) {
+decompress_ciphertext_coefficient_6c1(__m256i vector) {
__m256i field_modulus =
mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
__m256i two_pow_coefficient_bits =
@@ -3910,8 +3916,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
generics
- COEFFICIENT_BITS= 4
*/
-static __m256i decompress_ciphertext_coefficient_09_701(__m256i vector) {
- return decompress_ciphertext_coefficient_8e1(vector);
+static __m256i decompress_ciphertext_coefficient_09_0f1(__m256i vector) {
+ return decompress_ciphertext_coefficient_6c1(vector);
}
/**
@@ -3921,7 +3927,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_4_75(Eurydice_slice serialized) {
+deserialize_then_decompress_4_98(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -3929,7 +3935,7 @@ deserialize_then_decompress_4_75(Eurydice_slice serialized) {
Eurydice_slice bytes = Eurydice_slice_subslice2(
serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
- re.coefficients[i0] = decompress_ciphertext_coefficient_09_701(coefficient);
+ re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f1(coefficient);
}
return re;
}
@@ -3941,7 +3947,7 @@ generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE __m256i
-decompress_ciphertext_coefficient_8e2(__m256i vector) {
+decompress_ciphertext_coefficient_6c2(__m256i vector) {
__m256i field_modulus =
mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
__m256i two_pow_coefficient_bits =
@@ -3985,8 +3991,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const
generics
- COEFFICIENT_BITS= 5
*/
-static __m256i decompress_ciphertext_coefficient_09_702(__m256i vector) {
- return decompress_ciphertext_coefficient_8e2(vector);
+static __m256i decompress_ciphertext_coefficient_09_0f2(__m256i vector) {
+ return decompress_ciphertext_coefficient_6c2(vector);
}
/**
@@ -3996,7 +4002,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_5_f8(Eurydice_slice serialized) {
+deserialize_then_decompress_5_45(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -4005,7 +4011,7 @@ deserialize_then_decompress_5_f8(Eurydice_slice serialized) {
serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
re.coefficients[i0] =
- decompress_ciphertext_coefficient_09_702(re.coefficients[i0]);
+ decompress_ciphertext_coefficient_09_0f2(re.coefficients[i0]);
}
return re;
}
@@ -4017,8 +4023,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) {
- return deserialize_then_decompress_4_75(serialized);
+deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) {
+ return deserialize_then_decompress_4_98(serialized);
}
/**
@@ -4033,7 +4039,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
+subtract_reduce_ef_73(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -4055,17 +4061,17 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d1(
+compute_message_7e1(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_4f1(&result, &product););
- invert_ntt_montgomery_8f1(&result);
- result = subtract_reduce_ef_da(v, result);
+ ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_311(&result, &product););
+ invert_ntt_montgomery_801(&result);
+ result = subtract_reduce_ef_73(v, result);
return result;
}
@@ -4075,12 +4081,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_message_dd(
+static KRML_MUSTINLINE void compress_then_serialize_message_83(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
uint8_t serialized[32U] = {0U};
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
- __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]);
+ __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]);
__m256i coefficient_compressed =
libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
uint8_t bytes[2U];
@@ -4105,18 +4111,18 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key,
+static void decrypt_unpacked_461(IndCpaPrivateKeyUnpacked_a0 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
- deserialize_then_decompress_u_251(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_411(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- deserialize_then_decompress_ring_element_v_b90(
+ deserialize_then_decompress_ring_element_v_860(
Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
- compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_dd(message, ret0);
+ compress_then_serialize_message_83(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -4130,10 +4136,10 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
- deserialize_secret_key_541(secret_key, secret_as_ntt);
+ deserialize_secret_key_0d1(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
memcpy(
@@ -4144,7 +4150,7 @@ static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
uint8_t result[32U];
- decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_461(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -4196,7 +4202,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f1(
+void libcrux_ml_kem_ind_cca_decapsulate_6f1(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4214,7 +4220,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -4236,7 +4242,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -4246,17 +4252,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness,
+ encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness,
expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_161(Eurydice_array_to_slice(
+ kdf_d8_dc1(Eurydice_array_to_slice(
(size_t)32U, implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_161(shared_secret0, shared_secret1);
+ kdf_d8_dc1(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4271,7 +4277,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -4285,7 +4291,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_reduced_ring_element_dc(ring_element);
+ deserialize_to_reduced_ring_element_d7(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -4296,15 +4302,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_000(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_05(););
- deserialize_ring_elements_reduced_53(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_e7(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -4315,7 +4325,7 @@ with const generics
- K= 4
- OUT_LEN= 1536
*/
-static KRML_MUSTINLINE void serialize_secret_key_99(
+static KRML_MUSTINLINE void serialize_secret_key_05(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
uint8_t ret[1536U]) {
uint8_t out[1536U] = {0U};
@@ -4333,11 +4343,13 @@ static KRML_MUSTINLINE void serialize_secret_key_99(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_2c(&re, ret0);
+ serialize_uncompressed_ring_element_b8(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
+ uint8_t result[1536U];
+ memcpy(result, out, (size_t)1536U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1536U * sizeof(uint8_t));
}
/**
@@ -4348,13 +4360,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_6c(
+static KRML_MUSTINLINE void serialize_public_key_mut_07(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1536U, uint8_t);
uint8_t ret[1536U];
- serialize_secret_key_99(t_as_ntt, ret);
+ serialize_secret_key_05(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -4371,11 +4383,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE void serialize_public_key_ca(
+static KRML_MUSTINLINE void serialize_public_key_e5(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
uint8_t public_key_serialized[1568U] = {0U};
- serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[1568U];
memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
@@ -4389,15 +4401,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U];
- deserialize_ring_elements_reduced_out_cc0(
+ deserialize_ring_elements_reduced_out_000(
Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1568U];
- serialize_public_key_ca(
+ serialize_public_key_e5(
uu____0,
Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
uint8_t, size_t),
@@ -4427,7 +4439,7 @@ with const generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_700(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e10(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
uint8_t t[32U];
@@ -4547,7 +4559,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_75(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_10(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -5017,7 +5029,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -5036,7 +5048,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0(
i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
return domain_separator;
}
@@ -5059,7 +5071,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81(
+static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -5068,7 +5080,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_08(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U];
memcpy(
@@ -5093,7 +5105,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f(
+static KRML_MUSTINLINE void add_to_ring_element_ef_31(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
for (size_t i = (size_t)0U;
@@ -5113,7 +5125,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void compute_As_plus_e_2d(
+static KRML_MUSTINLINE void compute_As_plus_e_67(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -5140,10 +5152,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_4f(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_31(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -5156,12 +5168,12 @@ with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static void generate_keypair_unpacked_a4(
+static void generate_keypair_unpacked_4a(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_01 *private_key,
IndCpaPublicKeyUnpacked_01 *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_75(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_10(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5181,17 +5193,17 @@ static void generate_keypair_unpacked_a4(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_08(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator)
.fst,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_67(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -5212,18 +5224,18 @@ with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c();
IndCpaPublicKeyUnpacked_01 public_key = default_8d_89();
- generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1568U];
- serialize_public_key_ca(
+ serialize_public_key_e5(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1536U];
- serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1536U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -5247,7 +5259,7 @@ with const generics
- K= 4
- SERIALIZED_KEY_LEN= 3168
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_710(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
uint8_t out[3168U] = {0U};
@@ -5303,7 +5315,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5312,13 +5324,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
- generate_keypair_6a0(ind_cpa_keypair_randomness);
+ generate_keypair_470(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1536U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
uint8_t public_key[1568U];
memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
uint8_t secret_key_serialized[3168U];
- serialize_kem_secret_key_1f0(
+ serialize_kem_secret_key_710(
Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -5327,13 +5339,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)3168U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
- libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1568U];
memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee1(
- uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_781(
+ uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key));
}
/**
@@ -5346,7 +5358,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_c50(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5419,18 +5431,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f(
+static KRML_MUSTINLINE void invert_ntt_montgomery_80(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_f7(&zeta_i, re);
- invert_ntt_at_layer_2_98(&zeta_i, re);
- invert_ntt_at_layer_3_fe(&zeta_i, re);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_a9(re);
+ invert_ntt_at_layer_1_a3(&zeta_i, re);
+ invert_ntt_at_layer_2_cd(&zeta_i, re);
+ invert_ntt_at_layer_3_d7(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -5439,14 +5451,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void compute_vector_u_dd(
+static KRML_MUSTINLINE void compute_vector_u_3c(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
- result0[i] = ZERO_ef_05(););
+ result[i] = ZERO_ef_05(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -5466,16 +5478,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_4f(&result0[i1], &product);
+ ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_31(&result[i1], &product);
}
- invert_ntt_montgomery_8f(&result0[i1]);
- add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_80(&result[i1]);
+ add_error_reduce_ef_05(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
- memcpy(
- result, result0,
- (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -5488,7 +5496,7 @@ with const generics
- K= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_77(
+compute_ring_element_v_51(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -5496,10 +5504,10 @@ compute_ring_element_v_77(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_4f(&result, &product););
- invert_ntt_montgomery_8f(&result);
- result = add_message_error_reduce_ef_79(error_2, message, result);
+ ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_31(&result, &product););
+ invert_ntt_montgomery_80(&result);
+ result = add_message_error_reduce_ef_b9(error_2, message, result);
return result;
}
@@ -5509,14 +5517,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- OUT_LEN= 352
*/
-static KRML_MUSTINLINE void compress_then_serialize_11_17(
+static KRML_MUSTINLINE void compress_then_serialize_11_b8(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
uint8_t serialized[352U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
__m256i coefficient =
- compress_09_740(to_unsigned_representative_3f(re->coefficients[i0]));
+ compress_09_700(to_unsigned_representative_b5(re->coefficients[i0]));
uint8_t bytes[22U];
libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -5534,10 +5542,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 11
- OUT_LEN= 352
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) {
uint8_t uu____0[352U];
- compress_then_serialize_11_17(re, uu____0);
+ compress_then_serialize_11_b8(re, uu____0);
memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
}
@@ -5550,7 +5558,7 @@ with const generics
- COMPRESSION_FACTOR= 11
- BLOCK_LEN= 352
*/
-static void compress_then_serialize_u_42(
+static void compress_then_serialize_u_e8(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -5566,7 +5574,7 @@ static void compress_then_serialize_u_42(
out, i0 * ((size_t)1408U / (size_t)4U),
(i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
uint8_t ret[352U];
- compress_then_serialize_ring_element_u_9e(&re, ret);
+ compress_then_serialize_ring_element_u_b0(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
}
@@ -5579,9 +5587,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 5
- OUT_LEN= 160
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f2(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
- compress_then_serialize_5_03(re, out);
+ compress_then_serialize_5_7a(re, out);
}
/**
@@ -5601,7 +5609,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key,
+static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key,
uint8_t message[32U], Eurydice_slice randomness,
uint8_t ret[1568U]) {
uint8_t prf_input[33U];
@@ -5609,7 +5617,7 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key,
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U);
+ tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -5633,25 +5641,25 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key,
sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U];
- compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_3c(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
- deserialize_then_decompress_message_d3(copy_of_message);
+ deserialize_then_decompress_message_12(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_51(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[1568U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U];
memcpy(
uu____5, u,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compress_then_serialize_u_42(
+ compress_then_serialize_u_e8(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
(size_t)1408U, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
- compress_then_serialize_ring_element_v_d1(
+ compress_then_serialize_ring_element_v_f2(
uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
(size_t)1408U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -5674,10 +5682,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[1568U]) {
IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89();
- deserialize_ring_elements_reduced_53(
+ deserialize_ring_elements_reduced_e7(
Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -5692,7 +5700,7 @@ static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1568U];
- encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_03(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
}
@@ -5707,7 +5715,7 @@ with const generics
- K= 4
- CIPHERTEXT_SIZE= 1568
*/
-static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_dc0(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5734,11 +5742,11 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_640(
+ entropy_preprocess_d8_c50(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5748,7 +5756,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
size_t);
uint8_t ret[32U];
H_a9_41(Eurydice_array_to_slice(
- (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
+ (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -5762,19 +5770,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
+ (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1568U];
- encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1568U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
- libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_160(shared_secret, shared_secret_array);
+ kdf_d8_dc0(shared_secret, shared_secret_array);
libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -5792,7 +5800,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_secret_key_540(
+static KRML_MUSTINLINE void deserialize_secret_key_0d0(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
@@ -5809,7 +5817,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_540(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+ deserialize_to_uncompressed_ring_element_fe(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
@@ -5828,8 +5836,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) {
- return deserialize_then_decompress_11_d5(serialized);
+deserialize_then_decompress_ring_element_u_d3(Eurydice_slice serialized) {
+ return deserialize_then_decompress_11_a8(serialized);
}
/**
@@ -5838,17 +5846,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- VECTOR_U_COMPRESSION_FACTOR= 11
*/
-static KRML_MUSTINLINE void ntt_vector_u_b7(
+static KRML_MUSTINLINE void ntt_vector_u_09(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i = (size_t)0U;
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_ba(&zeta_i, re);
- ntt_at_layer_2_89(&zeta_i, re);
- ntt_at_layer_1_d7(&zeta_i, re);
- poly_barrett_reduce_ef_a9(re);
+ ntt_at_layer_3_bc(&zeta_i, re);
+ ntt_at_layer_2_c2(&zeta_i, re);
+ ntt_at_layer_1_09(&zeta_i, re);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -5859,7 +5867,7 @@ with const generics
- CIPHERTEXT_SIZE= 1568
- U_COMPRESSION_FACTOR= 11
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_25(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_41(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
@@ -5882,11 +5890,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_25(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)11U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes);
- ntt_vector_u_b7(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d3(u_bytes);
+ ntt_vector_u_09(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U];
memcpy(
- ret, u_as_ntt,
+ result, u_as_ntt,
+ (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -5897,8 +5909,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- COMPRESSION_FACTOR= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) {
- return deserialize_then_decompress_5_f8(serialized);
+deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) {
+ return deserialize_then_decompress_5_45(serialized);
}
/**
@@ -5908,17 +5920,17 @@ with const generics
- K= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d(
+compute_message_7e(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_4f(&result, &product););
- invert_ntt_montgomery_8f(&result);
- result = subtract_reduce_ef_da(v, result);
+ ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_31(&result, &product););
+ invert_ntt_montgomery_80(&result);
+ result = subtract_reduce_ef_73(v, result);
return result;
}
@@ -5932,18 +5944,18 @@ with const generics
- U_COMPRESSION_FACTOR= 11
- V_COMPRESSION_FACTOR= 5
*/
-static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key,
+static void decrypt_unpacked_46(IndCpaPrivateKeyUnpacked_01 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U];
- deserialize_then_decompress_u_25(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_41(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- deserialize_then_decompress_ring_element_v_b9(
+ deserialize_then_decompress_ring_element_v_86(
Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
(size_t)1408U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
- compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_dd(message, ret0);
+ compress_then_serialize_message_83(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -5957,10 +5969,10 @@ with const generics
- U_COMPRESSION_FACTOR= 11
- V_COMPRESSION_FACTOR= 5
*/
-static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U];
- deserialize_secret_key_540(secret_key, secret_as_ntt);
+ deserialize_secret_key_0d0(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U];
memcpy(
@@ -5971,7 +5983,7 @@ static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
uint8_t result[32U];
- decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_46(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -6011,7 +6023,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f0(
+void libcrux_ml_kem_ind_cca_decapsulate_6f0(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -6029,7 +6041,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -6051,7 +6063,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -6061,17 +6073,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1568U];
- encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness,
+ encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness,
expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_160(Eurydice_array_to_slice(
+ kdf_d8_dc0(Eurydice_array_to_slice(
(size_t)32U, implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_160(shared_secret0, shared_secret1);
+ kdf_d8_dc0(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -6086,7 +6098,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -6100,7 +6112,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_reduced_ring_element_dc(ring_element);
+ deserialize_to_reduced_ring_element_d7(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -6111,15 +6123,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_00(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_05(););
- deserialize_ring_elements_reduced_530(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_e70(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -6130,7 +6146,7 @@ with const generics
- K= 2
- OUT_LEN= 768
*/
-static KRML_MUSTINLINE void serialize_secret_key_990(
+static KRML_MUSTINLINE void serialize_secret_key_050(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
uint8_t ret[768U]) {
uint8_t out[768U] = {0U};
@@ -6148,11 +6164,13 @@ static KRML_MUSTINLINE void serialize_secret_key_990(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_2c(&re, ret0);
+ serialize_uncompressed_ring_element_b8(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
+ uint8_t result[768U];
+ memcpy(result, out, (size_t)768U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
}
/**
@@ -6163,13 +6181,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_6c0(
+static KRML_MUSTINLINE void serialize_public_key_mut_070(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)768U, uint8_t);
uint8_t ret[768U];
- serialize_secret_key_990(t_as_ntt, ret);
+ serialize_secret_key_050(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -6186,11 +6204,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE void serialize_public_key_ca0(
+static KRML_MUSTINLINE void serialize_public_key_e50(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[800U]) {
uint8_t public_key_serialized[800U] = {0U};
- serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_070(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[800U];
memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
@@ -6204,15 +6222,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U];
- deserialize_ring_elements_reduced_out_cc(
+ deserialize_ring_elements_reduced_out_00(
Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[800U];
- serialize_public_key_ca0(
+ serialize_public_key_e50(
uu____0,
Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
uint8_t, size_t),
@@ -6242,7 +6260,7 @@ with const generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_70(
+bool libcrux_ml_kem_ind_cca_validate_private_key_e1(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
uint8_t t[32U];
@@ -6348,7 +6366,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_750(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_100(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -6811,7 +6829,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 3
- ETA_RANDOMNESS_SIZE= 192
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -6830,7 +6848,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00(
i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_d70(
Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]););
return domain_separator;
}
@@ -6853,7 +6871,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA= 3
- ETA_RANDOMNESS_SIZE= 192
*/
-static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810(
+static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6862,7 +6880,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_080(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U];
memcpy(
@@ -6887,7 +6905,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_4f0(
+static KRML_MUSTINLINE void add_to_ring_element_ef_310(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
for (size_t i = (size_t)0U;
@@ -6907,7 +6925,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void compute_As_plus_e_2d0(
+static KRML_MUSTINLINE void compute_As_plus_e_670(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -6934,10 +6952,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_310(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -6950,12 +6968,12 @@ with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static void generate_keypair_unpacked_a40(
+static void generate_keypair_unpacked_4a0(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_d6 *private_key,
IndCpaPublicKeyUnpacked_d6 *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_750(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_100(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6975,17 +6993,17 @@ static void generate_keypair_unpacked_a40(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_080(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator)
.fst,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_670(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -7006,18 +7024,18 @@ with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0();
IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890();
- generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[800U];
- serialize_public_key_ca0(
+ serialize_public_key_e50(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[768U];
- serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[768U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -7041,7 +7059,7 @@ with const generics
- K= 2
- SERIALIZED_KEY_LEN= 1632
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_1f(
+static KRML_MUSTINLINE void serialize_kem_secret_key_71(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
uint8_t out[1632U] = {0U};
@@ -7096,7 +7114,7 @@ with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
+libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2(
uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
@@ -7106,13 +7124,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
- generate_keypair_6a(ind_cpa_keypair_randomness);
+ generate_keypair_47(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[768U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
uint8_t public_key[800U];
memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
uint8_t secret_key_serialized[1632U];
- serialize_kem_secret_key_1f(
+ serialize_kem_secret_key_71(
Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -7121,13 +7139,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b(
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)1632U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[800U];
memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -7140,7 +7158,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_c5(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7259,18 +7277,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_8f0(
+static KRML_MUSTINLINE void invert_ntt_montgomery_800(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_f7(&zeta_i, re);
- invert_ntt_at_layer_2_98(&zeta_i, re);
- invert_ntt_at_layer_3_fe(&zeta_i, re);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_a9(re);
+ invert_ntt_at_layer_1_a3(&zeta_i, re);
+ invert_ntt_at_layer_2_cd(&zeta_i, re);
+ invert_ntt_at_layer_3_d7(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_dc(re);
}
/**
@@ -7279,14 +7297,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void compute_vector_u_dd0(
+static KRML_MUSTINLINE void compute_vector_u_3c0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
- result0[i] = ZERO_ef_05(););
+ result[i] = ZERO_ef_05(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -7306,16 +7324,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd0(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_4f0(&result0[i1], &product);
+ ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_310(&result[i1], &product);
}
- invert_ntt_montgomery_8f0(&result0[i1]);
- add_error_reduce_ef_dd(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_800(&result[i1]);
+ add_error_reduce_ef_05(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
- memcpy(
- result, result0,
- (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -7328,7 +7342,7 @@ with const generics
- K= 2
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_ring_element_v_770(
+compute_ring_element_v_510(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -7336,10 +7350,10 @@ compute_ring_element_v_770(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_4f0(&result, &product););
- invert_ntt_montgomery_8f0(&result);
- result = add_message_error_reduce_ef_79(error_2, message, result);
+ ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_310(&result, &product););
+ invert_ntt_montgomery_800(&result);
+ result = add_message_error_reduce_ef_b9(error_2, message, result);
return result;
}
@@ -7352,7 +7366,7 @@ with const generics
- COMPRESSION_FACTOR= 10
- BLOCK_LEN= 320
*/
-static void compress_then_serialize_u_420(
+static void compress_then_serialize_u_e80(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -7368,7 +7382,7 @@ static void compress_then_serialize_u_420(
out, i0 * ((size_t)640U / (size_t)2U),
(i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
uint8_t ret[320U];
- compress_then_serialize_ring_element_u_9e0(&re, ret);
+ compress_then_serialize_ring_element_u_b00(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
}
@@ -7391,7 +7405,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key,
+static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key,
uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[768U]) {
uint8_t prf_input[33U];
@@ -7399,7 +7413,7 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key,
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U);
+ tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -7423,25 +7437,25 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key,
sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U];
- compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_3c0(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
- deserialize_then_decompress_message_d3(copy_of_message);
+ deserialize_then_decompress_message_12(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_510(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[768U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U];
memcpy(
uu____5, u,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- compress_then_serialize_u_420(
+ compress_then_serialize_u_e80(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
- compress_then_serialize_ring_element_v_d10(
+ compress_then_serialize_ring_element_v_f20(
uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
(size_t)640U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -7464,10 +7478,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[768U]) {
IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890();
- deserialize_ring_elements_reduced_530(
+ deserialize_ring_elements_reduced_e70(
Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -7482,7 +7496,7 @@ static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[768U];
- encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_030(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
}
@@ -7497,7 +7511,7 @@ with const generics
- K= 2
- CIPHERTEXT_SIZE= 768
*/
-static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_dc(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -7524,11 +7538,11 @@ with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_64(
+ entropy_preprocess_d8_c5(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -7538,7 +7552,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
size_t);
uint8_t ret[32U];
H_a9_410(Eurydice_array_to_slice(
- (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
+ (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -7552,19 +7566,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
+ (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[768U];
- encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[768U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
- libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_16(shared_secret, shared_secret_array);
+ kdf_d8_dc(shared_secret, shared_secret_array);
libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -7582,7 +7596,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_secret_key_54(
+static KRML_MUSTINLINE void deserialize_secret_key_0d(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
@@ -7599,7 +7613,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_54(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- deserialize_to_uncompressed_ring_element_6c(secret_bytes);
+ deserialize_to_uncompressed_ring_element_fe(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
@@ -7619,7 +7633,7 @@ with const generics
- CIPHERTEXT_SIZE= 768
- U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_250(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_410(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
@@ -7642,11 +7656,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_250(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)10U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes);
- ntt_vector_u_b70(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes);
+ ntt_vector_u_090(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U];
+ memcpy(
+ result, u_as_ntt,
+ (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
- ret, u_as_ntt,
+ ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -7657,17 +7675,17 @@ with const generics
- K= 2
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-compute_message_7d0(
+compute_message_7e0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05();
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_4f0(&result, &product););
- invert_ntt_montgomery_8f0(&result);
- result = subtract_reduce_ef_da(v, result);
+ ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_310(&result, &product););
+ invert_ntt_montgomery_800(&result);
+ result = subtract_reduce_ef_73(v, result);
return result;
}
@@ -7681,18 +7699,18 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key,
+static void decrypt_unpacked_460(IndCpaPrivateKeyUnpacked_d6 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U];
- deserialize_then_decompress_u_250(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_410(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- deserialize_then_decompress_ring_element_v_b90(
+ deserialize_then_decompress_ring_element_v_860(
Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
(size_t)640U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
- compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_dd(message, ret0);
+ compress_then_serialize_message_83(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -7706,10 +7724,10 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U];
- deserialize_secret_key_54(secret_key, secret_as_ntt);
+ deserialize_secret_key_0d(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U];
memcpy(
@@ -7720,7 +7738,7 @@ static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
uint8_t result[32U];
- decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_460(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -7760,7 +7778,7 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-void libcrux_ml_kem_ind_cca_decapsulate_7f(
+void libcrux_ml_kem_ind_cca_decapsulate_6f(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7778,7 +7796,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7800,7 +7818,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7810,16 +7828,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[768U];
- encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+ encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_16(Eurydice_array_to_slice((size_t)32U,
+ kdf_d8_dc(Eurydice_array_to_slice((size_t)32U,
implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_16(shared_secret0, shared_secret1);
+ kdf_d8_dc(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
index 02a4b1c04..ce38cd383 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
index 25021f8c9..3bc08594b 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "internal/libcrux_mlkem_portable.h"
@@ -199,6 +199,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11(
ret[21U] = r11_21.f10;
}
+void libcrux_ml_kem_vector_portable_serialize_11(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[22U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -206,7 +212,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_11_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[22U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_11(a, ret);
}
KRML_MUSTINLINE int16_t_x8
@@ -299,13 +305,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+ return libcrux_ml_kem_vector_portable_deserialize_11(a);
}
KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array(
@@ -1190,8 +1201,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
int16_t t =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
vec->elements[j], zeta);
- vec->elements[j] = vec->elements[i] - t;
- vec->elements[i] = vec->elements[i] + t;
+ int16_t a_minus_t = vec->elements[i] - t;
+ int16_t a_plus_t = vec->elements[i] + t;
+ vec->elements[j] = a_minus_t;
+ vec->elements[i] = a_plus_t;
}
KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1300,8 +1313,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
int16_t zeta, size_t i, size_t j) {
int16_t a_minus_b = vec->elements[j] - vec->elements[i];
+ int16_t a_plus_b = vec->elements[j] + vec->elements[i];
int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
- vec->elements[i] + vec->elements[j]);
+ a_plus_b);
int16_t o1 =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
a_minus_b, zeta);
@@ -1415,12 +1429,11 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
- size_t i, size_t j,
- libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
- int16_t ai = a->elements[i];
- int16_t bi = b->elements[i];
- int16_t aj = a->elements[j];
- int16_t bj = b->elements[j];
+ size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+ int16_t ai = a->elements[(size_t)2U * i];
+ int16_t bi = b->elements[(size_t)2U * i];
+ int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
+ int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
int32_t ai_bi = (int32_t)ai * (int32_t)bi;
int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
int16_t aj_bj =
@@ -1437,8 +1450,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
int16_t o1 =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
ai_bj_aj_bi);
- out->elements[i] = o0;
- out->elements[j] = o1;
+ int16_t _out0[16U];
+ memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
+ out->elements[(size_t)2U * i] = o0;
+ out->elements[(size_t)2U * i + (size_t)1U] = o1;
}
KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1452,22 +1467,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
int16_t nzeta3 = -zeta3;
libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
libcrux_ml_kem_vector_portable_vector_type_zero();
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
+ (size_t)0U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
+ (size_t)1U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
+ (size_t)2U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
+ (size_t)3U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
+ (size_t)4U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
+ (size_t)5U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
+ (size_t)6U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
+ (size_t)7U, &out);
return out;
}
@@ -1507,6 +1522,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1(
ret[1U] = result1;
}
+void libcrux_ml_kem_vector_portable_serialize_1(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[2U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1514,7 +1535,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_1_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[2U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_1(a, ret);
}
KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1601,13 +1622,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+ return libcrux_ml_kem_vector_portable_deserialize_1(a);
}
KRML_MUSTINLINE uint8_t_x4
@@ -1657,6 +1683,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4(
ret[7U] = result4_7.f3;
}
+void libcrux_ml_kem_vector_portable_serialize_4(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[8U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1664,7 +1696,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_4_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[8U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_4(a, ret);
}
KRML_MUSTINLINE int16_t_x8
@@ -1734,13 +1766,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+ return libcrux_ml_kem_vector_portable_deserialize_4(a);
}
KRML_MUSTINLINE uint8_t_x5
@@ -1788,6 +1825,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5(
ret[9U] = r5_9.f4;
}
+void libcrux_ml_kem_vector_portable_serialize_5(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[10U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1795,7 +1838,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_5_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[10U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_5(a, ret);
}
KRML_MUSTINLINE int16_t_x8
@@ -1876,13 +1919,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+ return libcrux_ml_kem_vector_portable_deserialize_5(a);
}
KRML_MUSTINLINE uint8_t_x5
@@ -1956,6 +2004,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10(
ret[19U] = r15_19.f4;
}
+void libcrux_ml_kem_vector_portable_serialize_10(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[20U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1963,7 +2017,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_10_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[20U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_10(a, ret);
}
KRML_MUSTINLINE int16_t_x8
@@ -2052,13 +2106,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+ return libcrux_ml_kem_vector_portable_deserialize_10(a);
}
KRML_MUSTINLINE uint8_t_x3
@@ -2126,6 +2185,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12(
ret[23U] = r21_23.thd;
}
+void libcrux_ml_kem_vector_portable_serialize_12(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[24U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2133,7 +2198,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
void libcrux_ml_kem_vector_portable_serialize_12_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[24U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_12(a, ret);
}
KRML_MUSTINLINE int16_t_x2
@@ -2191,13 +2256,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
return lit;
}
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+ return libcrux_ml_kem_vector_portable_deserialize_12(a);
}
KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(
@@ -2318,7 +2388,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) {
+deserialize_to_reduced_ring_element_01(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -2340,7 +2410,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_75(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -2354,7 +2424,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_reduced_ring_element_a5(ring_element);
+ deserialize_to_reduced_ring_element_01(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -2365,15 +2435,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa1(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_1b(););
- deserialize_ring_elements_reduced_da(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_75(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+ memcpy(
+ ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -2383,7 +2457,7 @@ with const generics
- SHIFT_BY= 15
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+shift_right_38(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
size_t i0 = i;
@@ -2402,8 +2476,8 @@ with const generics
- SHIFT_BY= 15
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return shift_right_95(v);
+shift_right_0d_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
+ return shift_right_38(v);
}
/**
@@ -2413,10 +2487,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_representative_7c(
+to_unsigned_representative_9f(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
- shift_right_0d_9d(a);
+ shift_right_0d_6b(a);
libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -2430,10 +2504,10 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_unsigned_field_modulus_b0(
+to_unsigned_field_modulus_c4(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
- to_unsigned_representative_7c(a);
+ to_unsigned_representative_9f(a);
return result;
}
@@ -2443,14 +2517,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
-static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b(
+static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
uint8_t serialized[384U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- to_unsigned_field_modulus_b0(re->coefficients[i0]);
+ to_unsigned_field_modulus_c4(re->coefficients[i0]);
uint8_t bytes[24U];
libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -2470,7 +2544,7 @@ with const generics
- K= 4
- OUT_LEN= 1536
*/
-static KRML_MUSTINLINE void serialize_secret_key_5a(
+static KRML_MUSTINLINE void serialize_secret_key_1d(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
uint8_t ret[1536U]) {
uint8_t out[1536U] = {0U};
@@ -2488,11 +2562,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_8b(&re, ret0);
+ serialize_uncompressed_ring_element_c6(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1536U * sizeof(uint8_t));
+ uint8_t result[1536U];
+ memcpy(result, out, (size_t)1536U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1536U * sizeof(uint8_t));
}
/**
@@ -2503,13 +2579,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_3c(
+static KRML_MUSTINLINE void serialize_public_key_mut_12(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1536U, uint8_t);
uint8_t ret[1536U];
- serialize_secret_key_5a(t_as_ntt, ret);
+ serialize_secret_key_1d(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -2526,11 +2602,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-static KRML_MUSTINLINE void serialize_public_key_07(
+static KRML_MUSTINLINE void serialize_public_key_e9(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1568U]) {
uint8_t public_key_serialized[1568U] = {0U};
- serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[1568U];
memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t));
memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
@@ -2544,15 +2620,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1536
- PUBLIC_KEY_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U];
- deserialize_ring_elements_reduced_out_531(
+ deserialize_ring_elements_reduced_out_fa1(
Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1568U];
- serialize_public_key_07(
+ serialize_public_key_e9(
uu____0,
Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U,
uint8_t, size_t),
@@ -2582,7 +2658,7 @@ with const generics
- SECRET_KEY_SIZE= 3168
- CIPHERTEXT_SIZE= 1568
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_ae(
+bool libcrux_ml_kem_ind_cca_validate_private_key_c0(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) {
uint8_t t[32U];
@@ -2702,7 +2778,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_57(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_e4(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -3355,7 +3431,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_3_d0(
+static KRML_MUSTINLINE void ntt_at_layer_3_b8(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3373,7 +3449,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_2_76(
+static KRML_MUSTINLINE void ntt_at_layer_2_34(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3392,7 +3468,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void ntt_at_layer_1_5d(
+static KRML_MUSTINLINE void ntt_at_layer_1_21(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3418,7 +3494,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void poly_barrett_reduce_ef_17(
+static KRML_MUSTINLINE void poly_barrett_reduce_ef_b4(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -3436,17 +3512,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8(
+static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_36(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
ntt_at_layer_7_97(re);
size_t zeta_i = (size_t)1U;
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_d0(&zeta_i, re);
- ntt_at_layer_2_76(&zeta_i, re);
- ntt_at_layer_1_5d(&zeta_i, re);
- poly_barrett_reduce_ef_17(re);
+ ntt_at_layer_3_b8(&zeta_i, re);
+ ntt_at_layer_2_34(&zeta_i, re);
+ ntt_at_layer_1_21(&zeta_i, re);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -3458,7 +3534,7 @@ generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -3477,7 +3553,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1(
i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
return domain_separator;
}
@@ -3501,7 +3577,7 @@ generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb(
+static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
@@ -3510,7 +3586,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_f7(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U];
memcpy(
@@ -3536,7 +3612,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b();
for (size_t i = (size_t)0U;
@@ -3568,7 +3644,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d(
+static KRML_MUSTINLINE void add_to_ring_element_ef_3a(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
for (size_t i = (size_t)0U;
@@ -3593,7 +3669,7 @@ with const generics
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-to_standard_domain_bf(
+to_standard_domain_73(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -3610,14 +3686,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f(
+static KRML_MUSTINLINE void add_standard_error_reduce_ef_69(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t j = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector
- coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]);
+ coefficient_normal_form = to_standard_domain_73(self->coefficients[j]);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
libcrux_ml_kem_vector_portable_barrett_reduce_0d(
libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form,
@@ -3632,7 +3708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void compute_As_plus_e_c7(
+static KRML_MUSTINLINE void compute_As_plus_e_f0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -3659,10 +3735,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c7(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_5d(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_3a(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -3675,12 +3751,12 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static void generate_keypair_unpacked_e9(
+static void generate_keypair_unpacked_86(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_42 *private_key,
IndCpaPublicKeyUnpacked_42 *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_57(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_e4(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -3700,17 +3776,17 @@ static void generate_keypair_unpacked_e9(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_f7(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator)
.fst,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -3731,18 +3807,18 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501(
+static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9();
IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1();
- generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1568U];
- serialize_public_key_07(
+ serialize_public_key_e9(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1536U];
- serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1536U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -3766,7 +3842,7 @@ with const generics
- K= 4
- SERIALIZED_KEY_LEN= 3168
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_d4(
+static KRML_MUSTINLINE void serialize_kem_secret_key_50(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) {
uint8_t out[3168U] = {0U};
@@ -3822,7 +3898,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem1024_MlKem1024KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -3831,13 +3907,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 =
- generate_keypair_501(ind_cpa_keypair_randomness);
+ generate_keypair_081(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1536U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t));
uint8_t public_key[1568U];
memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t));
uint8_t secret_key_serialized[3168U];
- serialize_kem_secret_key_d4(
+ serialize_kem_secret_key_50(
Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -3846,13 +3922,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)3168U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_95 private_key =
- libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1568U];
memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee1(
- uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_781(
+ uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key));
}
/**
@@ -3865,7 +3941,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]]
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_b3(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -3883,7 +3959,7 @@ generics
- ETA2= 2
*/
static KRML_MUSTINLINE tuple_710
-sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
error_1[i] = ZERO_ef_1b(););
@@ -3951,7 +4027,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_1_08(
+static KRML_MUSTINLINE void invert_ntt_at_layer_1_19(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3972,7 +4048,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_2_91(
+static KRML_MUSTINLINE void invert_ntt_at_layer_2_f7(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -3991,7 +4067,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_3_41(
+static KRML_MUSTINLINE void invert_ntt_at_layer_3_77(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i;
@@ -4011,7 +4087,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE
libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
- inv_ntt_layer_int_vec_step_reduce_13(
+ inv_ntt_layer_int_vec_step_reduce_97(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
int16_t zeta_r) {
@@ -4031,7 +4107,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed(
+static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t layer) {
size_t step = (size_t)1U << (uint32_t)layer;
@@ -4046,7 +4122,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed(
for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
size_t j = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
- inv_ntt_layer_int_vec_step_reduce_13(
+ inv_ntt_layer_int_vec_step_reduce_97(
re->coefficients[j], re->coefficients[j + step_vec],
libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -4063,18 +4139,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_55(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8c(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_08(&zeta_i, re);
- invert_ntt_at_layer_2_91(&zeta_i, re);
- invert_ntt_at_layer_3_41(&zeta_i, re);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_17(re);
+ invert_ntt_at_layer_1_19(&zeta_i, re);
+ invert_ntt_at_layer_2_f7(&zeta_i, re);
+ invert_ntt_at_layer_3_77(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -4088,7 +4164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void add_error_reduce_ef_4d(
+static KRML_MUSTINLINE void add_error_reduce_ef_da(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
for (size_t i = (size_t)0U;
@@ -4112,14 +4188,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void compute_vector_u_b8(
+static KRML_MUSTINLINE void compute_vector_u_d2(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U,
- result0[i] = ZERO_ef_1b(););
+ result[i] = ZERO_ef_1b(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -4139,16 +4215,12 @@ static KRML_MUSTINLINE void compute_vector_u_b8(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_5d(&result0[i1], &product);
+ ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_3a(&result[i1], &product);
}
- invert_ntt_montgomery_55(&result0[i1]);
- add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_8c(&result[i1]);
+ add_error_reduce_ef_da(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
- memcpy(
- result, result0,
- (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -4161,7 +4233,7 @@ with const generics
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
+decompress_1_4a(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
libcrux_ml_kem_vector_portable_ZERO_0d();
libcrux_ml_kem_vector_portable_vector_type_PortableVector s =
@@ -4179,7 +4251,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_message_e3(uint8_t serialized[32U]) {
+deserialize_then_decompress_message_5e(uint8_t serialized[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
@@ -4190,7 +4262,7 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) {
(size_t)2U * i0 + (size_t)2U,
uint8_t));
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- decompress_1_78(coefficient_compressed);
+ decompress_1_4a(coefficient_compressed);
re.coefficients[i0] = uu____0;);
return re;
}
@@ -4207,7 +4279,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-add_message_error_reduce_ef_21(
+add_message_error_reduce_ef_5c(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4237,7 +4309,7 @@ with const generics
- K= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e(
+compute_ring_element_v_95(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4245,10 +4317,10 @@ compute_ring_element_v_1e(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_5d(&result, &product););
- invert_ntt_montgomery_55(&result);
- result = add_message_error_reduce_ef_21(error_2, message, result);
+ ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_3a(&result, &product););
+ invert_ntt_montgomery_8c(&result);
+ result = add_message_error_reduce_ef_5c(error_2, message, result);
return result;
}
@@ -4258,7 +4330,7 @@ with const generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_6a(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
size_t i0 = i;
@@ -4279,9 +4351,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d
with const generics
- COEFFICIENT_BITS= 10
*/
-static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe(
+static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_83(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return compress_61(a);
+ return compress_6a(a);
}
/**
@@ -4290,7 +4362,7 @@ with const generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_6a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
size_t i0 = i;
@@ -4312,8 +4384,8 @@ with const generics
- COEFFICIENT_BITS= 11
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return compress_610(a);
+compress_0d_830(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+ return compress_6a0(a);
}
/**
@@ -4322,14 +4394,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- OUT_LEN= 352
*/
-static KRML_MUSTINLINE void compress_then_serialize_11_a9(
+static KRML_MUSTINLINE void compress_then_serialize_11_00(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
uint8_t serialized[352U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0]));
+ compress_0d_830(to_unsigned_representative_9f(re->coefficients[i0]));
uint8_t bytes[22U];
libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -4347,10 +4419,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 11
- OUT_LEN= 352
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_39(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) {
uint8_t uu____0[352U];
- compress_then_serialize_11_a9(re, uu____0);
+ compress_then_serialize_11_00(re, uu____0);
memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t));
}
@@ -4363,7 +4435,7 @@ with const generics
- COMPRESSION_FACTOR= 11
- BLOCK_LEN= 352
*/
-static void compress_then_serialize_u_cd(
+static void compress_then_serialize_u_54(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -4379,7 +4451,7 @@ static void compress_then_serialize_u_cd(
out, i0 * ((size_t)1408U / (size_t)4U),
(i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t);
uint8_t ret[352U];
- compress_then_serialize_ring_element_u_b5(&re, ret);
+ compress_then_serialize_ring_element_u_39(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t);
}
@@ -4391,7 +4463,7 @@ with const generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_6a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
size_t i0 = i;
@@ -4413,8 +4485,8 @@ with const generics
- COEFFICIENT_BITS= 4
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return compress_611(a);
+compress_0d_831(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+ return compress_6a1(a);
}
/**
@@ -4423,14 +4495,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_4_06(
+static KRML_MUSTINLINE void compress_then_serialize_4_df(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0]));
+ compress_0d_831(to_unsigned_field_modulus_c4(re.coefficients[i0]));
uint8_t bytes[8U];
libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
Eurydice_slice_copy(
@@ -4446,7 +4518,7 @@ with const generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+compress_6a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
size_t i0 = i;
@@ -4468,8 +4540,8 @@ with const generics
- COEFFICIENT_BITS= 5
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return compress_612(a);
+compress_0d_832(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
+ return compress_6a2(a);
}
/**
@@ -4478,14 +4550,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_5_69(
+static KRML_MUSTINLINE void compress_then_serialize_5_51(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
- compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0]));
+ compress_0d_832(to_unsigned_representative_9f(re.coefficients[i0]));
uint8_t bytes[10U];
libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
Eurydice_slice_copy(
@@ -4502,9 +4574,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 5
- OUT_LEN= 160
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
- compress_then_serialize_5_69(re, out);
+ compress_then_serialize_5_51(re, out);
}
/**
@@ -4525,7 +4597,7 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
+static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key,
uint8_t message[32U], Eurydice_slice randomness,
uint8_t ret[1568U]) {
uint8_t prf_input[33U];
@@ -4533,7 +4605,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U);
+ tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -4543,7 +4615,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
tuple_710 uu____3 =
- sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0);
+ sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U];
memcpy(
error_1, uu____3.fst,
@@ -4557,25 +4629,25 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key,
sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U];
- compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_d2(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
- deserialize_then_decompress_message_e3(copy_of_message);
+ deserialize_then_decompress_message_5e(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_95(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[1568U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U];
memcpy(
uu____5, u,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compress_then_serialize_u_cd(
+ compress_then_serialize_u_54(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U,
(size_t)1408U, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
- compress_then_serialize_ring_element_v_cf(
+ compress_then_serialize_ring_element_v_ce(
uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
(size_t)1408U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t));
@@ -4599,10 +4671,10 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[1568U]) {
IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1();
- deserialize_ring_elements_reduced_da(
+ deserialize_ring_elements_reduced_75(
Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -4617,7 +4689,7 @@ static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1568U];
- encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_43(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)1568U * sizeof(uint8_t));
}
@@ -4632,7 +4704,7 @@ with const generics
- K= 4
- CIPHERTEXT_SIZE= 1568
*/
-static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_a6(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4659,11 +4731,11 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
+tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1(
libcrux_ml_kem_types_MlKemPublicKey_1f *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_62(
+ entropy_preprocess_d8_b3(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -4673,7 +4745,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
size_t);
uint8_t ret[32U];
H_f1_d5(Eurydice_array_to_slice(
- (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key),
+ (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -4687,19 +4759,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t);
+ (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1568U];
- encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1568U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 =
- libcrux_ml_kem_types_from_01_45(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_19(shared_secret, shared_secret_array);
+ kdf_d8_a6(shared_secret, shared_secret_array);
libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -4718,7 +4790,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) {
+deserialize_to_uncompressed_ring_element_a4(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) {
@@ -4738,7 +4810,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 4
*/
-static KRML_MUSTINLINE void deserialize_secret_key_121(
+static KRML_MUSTINLINE void deserialize_secret_key_831(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
@@ -4755,7 +4827,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_121(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_uncompressed_ring_element_07(secret_bytes);
+ deserialize_to_uncompressed_ring_element_a4(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
@@ -4774,7 +4846,7 @@ const generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a(
+decompress_ciphertext_coefficient_fe(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4799,9 +4871,9 @@ generics
- COEFFICIENT_BITS= 10
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea(
+decompress_ciphertext_coefficient_0d_78(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return decompress_ciphertext_coefficient_4a(v);
+ return decompress_ciphertext_coefficient_fe(v);
}
/**
@@ -4811,7 +4883,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_10_5c(Eurydice_slice serialized) {
+deserialize_then_decompress_10_40(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
LowStar_Ignore_ignore(
Eurydice_slice_len(
@@ -4828,7 +4900,7 @@ deserialize_then_decompress_10_5c(Eurydice_slice serialized) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- decompress_ciphertext_coefficient_0d_ea(coefficient);
+ decompress_ciphertext_coefficient_0d_78(coefficient);
re.coefficients[i0] = uu____0;
}
return re;
@@ -4841,7 +4913,7 @@ const generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a0(
+decompress_ciphertext_coefficient_fe0(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4866,9 +4938,9 @@ generics
- COEFFICIENT_BITS= 11
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea0(
+decompress_ciphertext_coefficient_0d_780(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return decompress_ciphertext_coefficient_4a0(v);
+ return decompress_ciphertext_coefficient_fe0(v);
}
/**
@@ -4878,7 +4950,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_11_77(Eurydice_slice serialized) {
+deserialize_then_decompress_11_0a(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) {
@@ -4888,7 +4960,7 @@ deserialize_then_decompress_11_77(Eurydice_slice serialized) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- decompress_ciphertext_coefficient_0d_ea0(coefficient);
+ decompress_ciphertext_coefficient_0d_780(coefficient);
re.coefficients[i0] = uu____0;
}
return re;
@@ -4901,8 +4973,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) {
- return deserialize_then_decompress_11_77(serialized);
+deserialize_then_decompress_ring_element_u_58(Eurydice_slice serialized) {
+ return deserialize_then_decompress_11_0a(serialized);
}
/**
@@ -4911,17 +4983,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- VECTOR_U_COMPRESSION_FACTOR= 11
*/
-static KRML_MUSTINLINE void ntt_vector_u_2c(
+static KRML_MUSTINLINE void ntt_vector_u_f1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i = (size_t)0U;
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_d0(&zeta_i, re);
- ntt_at_layer_2_76(&zeta_i, re);
- ntt_at_layer_1_5d(&zeta_i, re);
- poly_barrett_reduce_ef_17(re);
+ ntt_at_layer_3_b8(&zeta_i, re);
+ ntt_at_layer_2_34(&zeta_i, re);
+ ntt_at_layer_1_21(&zeta_i, re);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -4932,7 +5004,7 @@ with const generics
- CIPHERTEXT_SIZE= 1568
- U_COMPRESSION_FACTOR= 11
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b1(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
@@ -4955,11 +5027,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)11U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes);
- ntt_vector_u_2c(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_58(u_bytes);
+ ntt_vector_u_f1(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U];
memcpy(
- ret, u_as_ntt,
+ result, u_as_ntt,
+ (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+ memcpy(
+ ret, result,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -4970,7 +5046,7 @@ const generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a1(
+decompress_ciphertext_coefficient_fe1(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4995,9 +5071,9 @@ generics
- COEFFICIENT_BITS= 4
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea1(
+decompress_ciphertext_coefficient_0d_781(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return decompress_ciphertext_coefficient_4a1(v);
+ return decompress_ciphertext_coefficient_fe1(v);
}
/**
@@ -5007,7 +5083,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_4_b1(Eurydice_slice serialized) {
+deserialize_then_decompress_4_dd(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) {
@@ -5017,7 +5093,7 @@ deserialize_then_decompress_4_b1(Eurydice_slice serialized) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- decompress_ciphertext_coefficient_0d_ea1(coefficient);
+ decompress_ciphertext_coefficient_0d_781(coefficient);
re.coefficients[i0] = uu____0;
}
return re;
@@ -5030,7 +5106,7 @@ const generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_4a2(
+decompress_ciphertext_coefficient_fe2(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -5055,9 +5131,9 @@ generics
- COEFFICIENT_BITS= 5
*/
static libcrux_ml_kem_vector_portable_vector_type_PortableVector
-decompress_ciphertext_coefficient_0d_ea2(
+decompress_ciphertext_coefficient_0d_782(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return decompress_ciphertext_coefficient_4a2(v);
+ return decompress_ciphertext_coefficient_fe2(v);
}
/**
@@ -5067,7 +5143,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_5_7b(Eurydice_slice serialized) {
+deserialize_then_decompress_5_e7(Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b();
for (size_t i = (size_t)0U;
i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) {
@@ -5077,7 +5153,7 @@ deserialize_then_decompress_5_7b(Eurydice_slice serialized) {
re.coefficients[i0] =
libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
- decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]);
+ decompress_ciphertext_coefficient_0d_782(re.coefficients[i0]);
re.coefficients[i0] = uu____1;
}
return re;
@@ -5090,8 +5166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) {
- return deserialize_then_decompress_5_7b(serialized);
+deserialize_then_decompress_ring_element_v_87(Eurydice_slice serialized) {
+ return deserialize_then_decompress_5_e7(serialized);
}
/**
@@ -5106,7 +5182,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
+subtract_reduce_ef_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -5131,17 +5207,17 @@ with const generics
- K= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_82(
+compute_message_fc(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_5d(&result, &product););
- invert_ntt_montgomery_55(&result);
- result = subtract_reduce_ef_92(v, result);
+ ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_3a(&result, &product););
+ invert_ntt_montgomery_8c(&result);
+ result = subtract_reduce_ef_59(v, result);
return result;
}
@@ -5151,13 +5227,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
-static KRML_MUSTINLINE void compress_then_serialize_message_15(
+static KRML_MUSTINLINE void compress_then_serialize_message_ee(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
uint8_t serialized[32U] = {0U};
KRML_MAYBE_FOR16(
i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- to_unsigned_field_modulus_b0(re.coefficients[i0]);
+ to_unsigned_field_modulus_c4(re.coefficients[i0]);
libcrux_ml_kem_vector_portable_vector_type_PortableVector
coefficient_compressed =
libcrux_ml_kem_vector_portable_compress_1_0d(coefficient);
@@ -5183,18 +5259,18 @@ with const generics
- U_COMPRESSION_FACTOR= 11
- V_COMPRESSION_FACTOR= 5
*/
-static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key,
+static void decrypt_unpacked_ee(IndCpaPrivateKeyUnpacked_42 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U];
- deserialize_then_decompress_u_bb(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_b1(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- deserialize_then_decompress_ring_element_v_ce(
+ deserialize_then_decompress_ring_element_v_87(
Eurydice_array_to_subslice_from((size_t)1568U, ciphertext,
(size_t)1408U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
- compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_fc(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_15(message, ret0);
+ compress_then_serialize_message_ee(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -5208,10 +5284,10 @@ with const generics
- U_COMPRESSION_FACTOR= 11
- V_COMPRESSION_FACTOR= 5
*/
-static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_5f1(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U];
- deserialize_secret_key_121(secret_key, secret_as_ntt);
+ deserialize_secret_key_831(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U];
memcpy(
@@ -5222,7 +5298,7 @@ static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
uint8_t result[32U];
- decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_ee(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -5274,7 +5350,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600
*/
-void libcrux_ml_kem_ind_cca_decapsulate_191(
+void libcrux_ml_kem_ind_cca_decapsulate_811(
libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key,
libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5292,7 +5368,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_5f1(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -5314,7 +5390,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t),
@@ -5324,17 +5400,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_191(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1568U];
- encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness,
+ encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness,
expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_19(Eurydice_array_to_slice((size_t)32U,
+ kdf_d8_a6(Eurydice_array_to_slice((size_t)32U,
implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_19(shared_secret0, shared_secret1);
+ kdf_d8_a6(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_40(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae(ciphertext),
Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5349,7 +5425,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_750(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -5363,7 +5439,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_reduced_ring_element_a5(ring_element);
+ deserialize_to_reduced_ring_element_01(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -5374,15 +5450,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa0(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_1b(););
- deserialize_ring_elements_reduced_da0(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_750(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+ memcpy(
+ result, deserialized_pk,
+ (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
- ret, deserialized_pk,
+ ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -5393,7 +5473,7 @@ with const generics
- K= 2
- OUT_LEN= 768
*/
-static KRML_MUSTINLINE void serialize_secret_key_5a0(
+static KRML_MUSTINLINE void serialize_secret_key_1d0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
uint8_t ret[768U]) {
uint8_t out[768U] = {0U};
@@ -5411,11 +5491,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a0(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_8b(&re, ret0);
+ serialize_uncompressed_ring_element_c6(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)768U * sizeof(uint8_t));
+ uint8_t result[768U];
+ memcpy(result, out, (size_t)768U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
}
/**
@@ -5426,13 +5508,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_3c0(
+static KRML_MUSTINLINE void serialize_public_key_mut_120(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)768U, uint8_t);
uint8_t ret[768U];
- serialize_secret_key_5a0(t_as_ntt, ret);
+ serialize_secret_key_1d0(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -5449,11 +5531,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-static KRML_MUSTINLINE void serialize_public_key_070(
+static KRML_MUSTINLINE void serialize_public_key_e90(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[800U]) {
uint8_t public_key_serialized[800U] = {0U};
- serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_120(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[800U];
memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t));
memcpy(ret, result, (size_t)800U * sizeof(uint8_t));
@@ -5467,15 +5549,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 768
- PUBLIC_KEY_SIZE= 800
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U];
- deserialize_ring_elements_reduced_out_530(
+ deserialize_ring_elements_reduced_out_fa0(
Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[800U];
- serialize_public_key_070(
+ serialize_public_key_e90(
uu____0,
Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U,
uint8_t, size_t),
@@ -5505,7 +5587,7 @@ with const generics
- SECRET_KEY_SIZE= 1632
- CIPHERTEXT_SIZE= 768
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_b4(
+bool libcrux_ml_kem_ind_cca_validate_private_key_90(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) {
uint8_t t[32U];
@@ -5611,7 +5693,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_36(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -6061,7 +6143,7 @@ generics
- ETA= 3
- ETA_RANDOMNESS_SIZE= 192
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -6080,7 +6162,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10(
i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_6b0(
Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
return domain_separator;
}
@@ -6104,7 +6186,7 @@ generics
- ETA= 3
- ETA_RANDOMNESS_SIZE= 192
*/
-static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0(
+static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
@@ -6113,7 +6195,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_f70(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U];
memcpy(
@@ -6138,7 +6220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d0(
+static KRML_MUSTINLINE void add_to_ring_element_ef_3a0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
for (size_t i = (size_t)0U;
@@ -6162,7 +6244,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void compute_As_plus_e_c70(
+static KRML_MUSTINLINE void compute_As_plus_e_f00(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -6189,10 +6271,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c70(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -6205,12 +6287,12 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static void generate_keypair_unpacked_e90(
+static void generate_keypair_unpacked_860(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_ae *private_key,
IndCpaPublicKeyUnpacked_ae *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_36(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_7e(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6230,17 +6312,17 @@ static void generate_keypair_unpacked_e90(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_f70(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator)
.fst,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -6261,18 +6343,18 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 3
- ETA1_RANDOMNESS_SIZE= 192
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500(
+static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90();
IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10();
- generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[800U];
- serialize_public_key_070(
+ serialize_public_key_e90(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[768U];
- serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[768U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -6296,7 +6378,7 @@ with const generics
- K= 2
- SERIALIZED_KEY_LEN= 1632
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_a1(
+static KRML_MUSTINLINE void serialize_kem_secret_key_4a(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) {
uint8_t out[1632U] = {0U};
@@ -6352,7 +6434,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 192
*/
libcrux_ml_kem_types_MlKemKeyPair_cb
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6361,13 +6443,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 =
- generate_keypair_500(ind_cpa_keypair_randomness);
+ generate_keypair_080(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[768U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t));
uint8_t public_key[800U];
memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t));
uint8_t secret_key_serialized[1632U];
- serialize_kem_secret_key_a1(
+ serialize_kem_secret_key_4a(
Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)800U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -6376,13 +6458,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)1632U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_5e private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[800U];
memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -6395,7 +6477,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]]
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6445,7 +6527,7 @@ generics
- ETA2= 2
*/
static KRML_MUSTINLINE tuple_740
-sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
error_1[i] = ZERO_ef_1b(););
@@ -6501,18 +6583,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_550(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8c0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_08(&zeta_i, re);
- invert_ntt_at_layer_2_91(&zeta_i, re);
- invert_ntt_at_layer_3_41(&zeta_i, re);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_17(re);
+ invert_ntt_at_layer_1_19(&zeta_i, re);
+ invert_ntt_at_layer_2_f7(&zeta_i, re);
+ invert_ntt_at_layer_3_77(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -6521,14 +6603,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void compute_vector_u_b80(
+static KRML_MUSTINLINE void compute_vector_u_d20(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U,
- result0[i] = ZERO_ef_1b(););
+ result[i] = ZERO_ef_1b(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -6548,16 +6630,12 @@ static KRML_MUSTINLINE void compute_vector_u_b80(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_5d0(&result0[i1], &product);
+ ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_3a0(&result[i1], &product);
}
- invert_ntt_montgomery_550(&result0[i1]);
- add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_8c0(&result[i1]);
+ add_error_reduce_ef_da(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
- memcpy(
- result, result0,
- (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -6570,7 +6648,7 @@ with const generics
- K= 2
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e0(
+compute_ring_element_v_950(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -6578,10 +6656,10 @@ compute_ring_element_v_1e0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_5d0(&result, &product););
- invert_ntt_montgomery_550(&result);
- result = add_message_error_reduce_ef_21(error_2, message, result);
+ ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_3a0(&result, &product););
+ invert_ntt_montgomery_8c0(&result);
+ result = add_message_error_reduce_ef_5c(error_2, message, result);
return result;
}
@@ -6591,14 +6669,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- OUT_LEN= 320
*/
-static KRML_MUSTINLINE void compress_then_serialize_10_470(
+static KRML_MUSTINLINE void compress_then_serialize_10_c50(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0]));
+ compress_0d_83(to_unsigned_field_modulus_c4(re->coefficients[i0]));
uint8_t bytes[20U];
libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(
@@ -6618,10 +6696,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 10
- OUT_LEN= 320
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_390(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
uint8_t uu____0[320U];
- compress_then_serialize_10_470(re, uu____0);
+ compress_then_serialize_10_c50(re, uu____0);
memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
}
@@ -6634,7 +6712,7 @@ with const generics
- COMPRESSION_FACTOR= 10
- BLOCK_LEN= 320
*/
-static void compress_then_serialize_u_cd0(
+static void compress_then_serialize_u_540(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -6650,7 +6728,7 @@ static void compress_then_serialize_u_cd0(
out, i0 * ((size_t)640U / (size_t)2U),
(i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t);
uint8_t ret[320U];
- compress_then_serialize_ring_element_u_b50(&re, ret);
+ compress_then_serialize_ring_element_u_390(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
}
@@ -6663,9 +6741,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 4
- OUT_LEN= 128
*/
-static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0(
+static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
- compress_then_serialize_4_06(re, out);
+ compress_then_serialize_4_df(re, out);
}
/**
@@ -6686,7 +6764,7 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
+static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key,
uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[768U]) {
uint8_t prf_input[33U];
@@ -6695,7 +6773,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
tuple_740 uu____1 =
- sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -6705,7 +6783,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
tuple_740 uu____3 =
- sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0);
+ sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U];
memcpy(
error_1, uu____3.fst,
@@ -6719,25 +6797,25 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key,
sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U];
- compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_d20(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
- deserialize_then_decompress_message_e3(copy_of_message);
+ deserialize_then_decompress_message_5e(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_950(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[768U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U];
memcpy(
uu____5, u,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compress_then_serialize_u_cd0(
+ compress_then_serialize_u_540(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
- compress_then_serialize_ring_element_v_cf0(
+ compress_then_serialize_ring_element_v_ce0(
uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
(size_t)640U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t));
@@ -6761,10 +6839,10 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[768U]) {
IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10();
- deserialize_ring_elements_reduced_da0(
+ deserialize_ring_elements_reduced_750(
Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -6779,7 +6857,7 @@ static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[768U];
- encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_430(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)768U * sizeof(uint8_t));
}
@@ -6794,7 +6872,7 @@ with const generics
- K= 2
- CIPHERTEXT_SIZE= 768
*/
-static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_f4(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -6821,11 +6899,11 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
+tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0(
libcrux_ml_kem_types_MlKemPublicKey_be *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_89(
+ entropy_preprocess_d8_9c(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -6835,7 +6913,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
size_t);
uint8_t ret[32U];
H_f1_d50(Eurydice_array_to_slice(
- (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key),
+ (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -6849,19 +6927,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t);
+ (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[768U];
- encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[768U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 =
- libcrux_ml_kem_types_from_01_450(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_ab(shared_secret, shared_secret_array);
+ kdf_d8_f4(shared_secret, shared_secret_array);
libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -6879,7 +6957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 2
*/
-static KRML_MUSTINLINE void deserialize_secret_key_120(
+static KRML_MUSTINLINE void deserialize_secret_key_830(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
@@ -6896,7 +6974,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_120(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_uncompressed_ring_element_07(secret_bytes);
+ deserialize_to_uncompressed_ring_element_a4(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
@@ -6915,8 +6993,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) {
- return deserialize_then_decompress_10_5c(serialized);
+deserialize_then_decompress_ring_element_u_580(Eurydice_slice serialized) {
+ return deserialize_then_decompress_10_40(serialized);
}
/**
@@ -6925,17 +7003,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- VECTOR_U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void ntt_vector_u_2c0(
+static KRML_MUSTINLINE void ntt_vector_u_f10(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i = (size_t)0U;
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U);
ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U);
- ntt_at_layer_3_d0(&zeta_i, re);
- ntt_at_layer_2_76(&zeta_i, re);
- ntt_at_layer_1_5d(&zeta_i, re);
- poly_barrett_reduce_ef_17(re);
+ ntt_at_layer_3_b8(&zeta_i, re);
+ ntt_at_layer_2_34(&zeta_i, re);
+ ntt_at_layer_1_21(&zeta_i, re);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -6946,7 +7024,7 @@ with const generics
- CIPHERTEXT_SIZE= 768
- U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b10(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
@@ -6969,11 +7047,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)10U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
- ntt_vector_u_2c0(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes);
+ ntt_vector_u_f10(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U];
+ memcpy(
+ result, u_as_ntt,
+ (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
- ret, u_as_ntt,
+ ret, result,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -6984,8 +7066,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) {
- return deserialize_then_decompress_4_b1(serialized);
+deserialize_then_decompress_ring_element_v_870(Eurydice_slice serialized) {
+ return deserialize_then_decompress_4_dd(serialized);
}
/**
@@ -6995,17 +7077,17 @@ with const generics
- K= 2
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_820(
+compute_message_fc0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_5d0(&result, &product););
- invert_ntt_montgomery_550(&result);
- result = subtract_reduce_ef_92(v, result);
+ ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_3a0(&result, &product););
+ invert_ntt_montgomery_8c0(&result);
+ result = subtract_reduce_ef_59(v, result);
return result;
}
@@ -7019,18 +7101,18 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key,
+static void decrypt_unpacked_ee0(IndCpaPrivateKeyUnpacked_ae *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U];
- deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_b10(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- deserialize_then_decompress_ring_element_v_ce0(
+ deserialize_then_decompress_ring_element_v_870(
Eurydice_array_to_subslice_from((size_t)768U, ciphertext,
(size_t)640U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
- compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_fc0(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_15(message, ret0);
+ compress_then_serialize_message_ee(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -7044,10 +7126,10 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_5f0(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U];
- deserialize_secret_key_120(secret_key, secret_as_ntt);
+ deserialize_secret_key_830(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U];
memcpy(
@@ -7058,7 +7140,7 @@ static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
uint8_t result[32U];
- decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_ee0(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -7098,7 +7180,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800
*/
-void libcrux_ml_kem_ind_cca_decapsulate_190(
+void libcrux_ml_kem_ind_cca_decapsulate_810(
libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key,
libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -7116,7 +7198,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_5f0(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -7138,7 +7220,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t),
@@ -7148,17 +7230,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_190(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[768U];
- encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness,
+ encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness,
expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_ab(Eurydice_array_to_slice((size_t)32U,
+ kdf_d8_f4(Eurydice_array_to_slice((size_t)32U,
implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_ab(shared_secret0, shared_secret1);
+ kdf_d8_f4(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_400(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae0(ciphertext),
Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -7173,7 +7255,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_751(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -7187,7 +7269,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_reduced_ring_element_a5(ring_element);
+ deserialize_to_reduced_ring_element_01(ring_element);
deserialized_pk[i0] = uu____0;
}
}
@@ -7198,15 +7280,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types
libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53(
+static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
deserialized_pk[i] = ZERO_ef_1b(););
- deserialize_ring_elements_reduced_da1(public_key, deserialized_pk);
+ deserialize_ring_elements_reduced_751(public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -7217,7 +7303,7 @@ with const generics
- K= 3
- OUT_LEN= 1152
*/
-static KRML_MUSTINLINE void serialize_secret_key_5a1(
+static KRML_MUSTINLINE void serialize_secret_key_1d1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
uint8_t ret[1152U]) {
uint8_t out[1152U] = {0U};
@@ -7235,11 +7321,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a1(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- serialize_uncompressed_ring_element_8b(&re, ret0);
+ serialize_uncompressed_ring_element_c6(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
+ uint8_t result[1152U];
+ memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
}
/**
@@ -7250,13 +7338,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void serialize_public_key_mut_3c1(
+static KRML_MUSTINLINE void serialize_public_key_mut_121(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1152U, uint8_t);
uint8_t ret[1152U];
- serialize_secret_key_5a1(t_as_ntt, ret);
+ serialize_secret_key_1d1(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -7273,11 +7361,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void serialize_public_key_071(
+static KRML_MUSTINLINE void serialize_public_key_e91(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
uint8_t public_key_serialized[1184U] = {0U};
- serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized);
+ serialize_public_key_mut_121(t_as_ntt, seed_for_a, public_key_serialized);
uint8_t result[1184U];
memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
memcpy(ret, result, (size_t)1184U * sizeof(uint8_t));
@@ -7291,15 +7379,15 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) {
+bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
- deserialize_ring_elements_reduced_out_53(
+ deserialize_ring_elements_reduced_out_fa(
Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1184U];
- serialize_public_key_071(
+ serialize_public_key_e91(
uu____0,
Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
@@ -7329,7 +7417,7 @@ with const generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-bool libcrux_ml_kem_ind_cca_validate_private_key_33(
+bool libcrux_ml_kem_ind_cca_validate_private_key_94(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
uint8_t t[32U];
@@ -7441,7 +7529,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1(
+static KRML_MUSTINLINE void cpa_keygen_seed_d8_a4(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -7880,7 +7968,7 @@ generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11(
+static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -7899,7 +7987,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11(
i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
re_as_ntt[i0] = sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]););
+ ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]););
return domain_separator;
}
@@ -7923,7 +8011,7 @@ generics
- ETA= 2
- ETA_RANDOMNESS_SIZE= 128
*/
-static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1(
+static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
@@ -7932,7 +8020,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1(
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
domain_separator =
- sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator);
+ sample_vector_cbd_then_ntt_f71(uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
memcpy(
@@ -7957,7 +8045,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void add_to_ring_element_ef_5d1(
+static KRML_MUSTINLINE void add_to_ring_element_ef_3a1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
for (size_t i = (size_t)0U;
@@ -7981,7 +8069,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void compute_As_plus_e_c71(
+static KRML_MUSTINLINE void compute_As_plus_e_f01(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -8008,10 +8096,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c71(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]);
- add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product);
+ ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]);
+ add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product);
}
- add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]);
+ add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -8024,12 +8112,12 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static void generate_keypair_unpacked_e91(
+static void generate_keypair_unpacked_861(
Eurydice_slice key_generation_seed,
IndCpaPrivateKeyUnpacked_f8 *private_key,
IndCpaPublicKeyUnpacked_f8 *public_key) {
uint8_t hashed[64U];
- cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
+ cpa_keygen_seed_d8_a4(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -8049,17 +8137,17 @@ static void generate_keypair_unpacked_e91(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_f71(uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
memcpy(
error_as_ntt,
- sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator)
+ sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A,
+ compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A,
private_key->secret_as_ntt, error_as_ntt);
uint8_t uu____5[32U];
core_result_Result_00 dst;
@@ -8080,18 +8168,18 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50(
+static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08(
Eurydice_slice key_generation_seed) {
IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91();
IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11();
- generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key);
+ generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- serialize_public_key_071(
+ serialize_public_key_e91(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized);
+ serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
@@ -8115,7 +8203,7 @@ with const generics
- K= 3
- SERIALIZED_KEY_LEN= 2400
*/
-static KRML_MUSTINLINE void serialize_kem_secret_key_b0(
+static KRML_MUSTINLINE void serialize_kem_secret_key_c0(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
uint8_t out[2400U] = {0U};
@@ -8171,7 +8259,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -8180,13 +8268,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- generate_keypair_50(ind_cpa_keypair_randomness);
+ generate_keypair_08(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- serialize_kem_secret_key_b0(
+ serialize_kem_secret_key_c0(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -8195,13 +8283,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee0(
- uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_780(
+ uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key));
}
/**
@@ -8214,7 +8302,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness,
+static KRML_MUSTINLINE void entropy_preprocess_d8_05(Eurydice_slice randomness,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8232,7 +8320,7 @@ generics
- ETA2= 2
*/
static KRML_MUSTINLINE tuple_b00
-sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) {
+sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
error_1[i] = ZERO_ef_1b(););
@@ -8288,18 +8376,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void invert_ntt_montgomery_551(
+static KRML_MUSTINLINE void invert_ntt_montgomery_8c1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- invert_ntt_at_layer_1_08(&zeta_i, re);
- invert_ntt_at_layer_2_91(&zeta_i, re);
- invert_ntt_at_layer_3_41(&zeta_i, re);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U);
- invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U);
- poly_barrett_reduce_ef_17(re);
+ invert_ntt_at_layer_1_19(&zeta_i, re);
+ invert_ntt_at_layer_2_f7(&zeta_i, re);
+ invert_ntt_at_layer_3_77(&zeta_i, re);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U);
+ invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U);
+ poly_barrett_reduce_ef_b4(re);
}
/**
@@ -8308,14 +8396,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void compute_vector_u_b81(
+static KRML_MUSTINLINE void compute_vector_u_d21(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U,
- result0[i] = ZERO_ef_1b(););
+ result[i] = ZERO_ef_1b(););
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
Eurydice_array_to_slice(
@@ -8335,16 +8423,12 @@ static KRML_MUSTINLINE void compute_vector_u_b81(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
- add_to_ring_element_ef_5d1(&result0[i1], &product);
+ ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
+ add_to_ring_element_ef_3a1(&result[i1], &product);
}
- invert_ntt_montgomery_551(&result0[i1]);
- add_error_reduce_ef_4d(&result0[i1], &error_1[i1]);
+ invert_ntt_montgomery_8c1(&result[i1]);
+ add_error_reduce_ef_da(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
- memcpy(
- result, result0,
- (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -8357,7 +8441,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_ring_element_v_1e1(
+compute_ring_element_v_951(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -8365,10 +8449,10 @@ compute_ring_element_v_1e1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]);
- add_to_ring_element_ef_5d1(&result, &product););
- invert_ntt_montgomery_551(&result);
- result = add_message_error_reduce_ef_21(error_2, message, result);
+ ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]);
+ add_to_ring_element_ef_3a1(&result, &product););
+ invert_ntt_montgomery_8c1(&result);
+ result = add_message_error_reduce_ef_5c(error_2, message, result);
return result;
}
@@ -8381,7 +8465,7 @@ with const generics
- COMPRESSION_FACTOR= 10
- BLOCK_LEN= 320
*/
-static void compress_then_serialize_u_cd1(
+static void compress_then_serialize_u_541(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -8397,7 +8481,7 @@ static void compress_then_serialize_u_cd1(
out, i0 * ((size_t)960U / (size_t)3U),
(i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
uint8_t ret[320U];
- compress_then_serialize_ring_element_u_b50(&re, ret);
+ compress_then_serialize_ring_element_u_390(&re, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
}
@@ -8421,7 +8505,7 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
+static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key,
uint8_t message[32U],
Eurydice_slice randomness,
uint8_t ret[1088U]) {
@@ -8431,7 +8515,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
tuple_b00 uu____1 =
- sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U);
+ sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
memcpy(
r_as_ntt, uu____1.fst,
@@ -8441,7 +8525,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
tuple_b00 uu____3 =
- sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0);
+ sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
memcpy(
error_1, uu____3.fst,
@@ -8455,25 +8539,25 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key,
sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
- compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u);
+ compute_vector_u_d21(public_key->A, r_as_ntt, error_1, u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
- deserialize_then_decompress_message_e3(copy_of_message);
+ deserialize_then_decompress_message_5e(copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2,
+ compute_ring_element_v_951(public_key->t_as_ntt, r_as_ntt, &error_2,
&message_as_ring_element);
uint8_t ciphertext[1088U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
memcpy(
uu____5, u,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- compress_then_serialize_u_cd1(
+ compress_then_serialize_u_541(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
- compress_then_serialize_ring_element_v_cf0(
+ compress_then_serialize_ring_element_v_ce0(
uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -8497,10 +8581,10 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U],
+static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U],
Eurydice_slice randomness, uint8_t ret[1088U]) {
IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11();
- deserialize_ring_elements_reduced_da1(
+ deserialize_ring_elements_reduced_751(
Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -8515,7 +8599,7 @@ static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U],
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1088U];
- encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result);
+ encrypt_unpacked_431(uu____1, copy_of_message, randomness, result);
memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
}
@@ -8530,7 +8614,7 @@ with const generics
- K= 3
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret,
+static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -8557,11 +8641,11 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
+tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- entropy_preprocess_d8_a9(
+ entropy_preprocess_d8_05(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -8571,7 +8655,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
size_t);
uint8_t ret[32U];
H_f1_d51(Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key),
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -8585,19 +8669,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
+ encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_451(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- kdf_d8_b7(shared_secret, shared_secret_array);
+ kdf_d8_8d(shared_secret, shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
@@ -8615,7 +8699,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void deserialize_secret_key_12(
+static KRML_MUSTINLINE void deserialize_secret_key_83(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -8632,7 +8716,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_12(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- deserialize_to_uncompressed_ring_element_07(secret_bytes);
+ deserialize_to_uncompressed_ring_element_a4(secret_bytes);
secret_as_ntt[i0] = uu____0;
}
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
@@ -8652,7 +8736,7 @@ with const generics
- CIPHERTEXT_SIZE= 1088
- U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1(
+static KRML_MUSTINLINE void deserialize_then_decompress_u_b11(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -8675,11 +8759,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1(
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT *
(size_t)10U / (size_t)8U,
uint8_t);
- u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes);
- ntt_vector_u_2c0(&u_as_ntt[i0]);
+ u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes);
+ ntt_vector_u_f10(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
memcpy(
- ret, u_as_ntt,
+ result, u_as_ntt,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -8690,17 +8778,17 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-compute_message_821(
+compute_message_fc1(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b();
KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]);
- add_to_ring_element_ef_5d1(&result, &product););
- invert_ntt_montgomery_551(&result);
- result = subtract_reduce_ef_92(v, result);
+ ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]);
+ add_to_ring_element_ef_3a1(&result, &product););
+ invert_ntt_montgomery_8c1(&result);
+ result = subtract_reduce_ef_59(v, result);
return result;
}
@@ -8714,18 +8802,18 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key,
+static void decrypt_unpacked_ee1(IndCpaPrivateKeyUnpacked_f8 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
- deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt);
+ deserialize_then_decompress_u_b11(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- deserialize_then_decompress_ring_element_v_ce0(
+ deserialize_then_decompress_ring_element_v_870(
Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
- compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt);
+ compute_message_fc1(&v, secret_key->secret_as_ntt, u_as_ntt);
uint8_t ret0[32U];
- compress_then_serialize_message_15(message, ret0);
+ compress_then_serialize_message_ee(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -8739,10 +8827,10 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext,
+static void decrypt_5f(Eurydice_slice secret_key, uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
- deserialize_secret_key_12(secret_key, secret_as_ntt);
+ deserialize_secret_key_83(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
memcpy(
@@ -8753,7 +8841,7 @@ static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
uint8_t result[32U];
- decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result);
+ decrypt_unpacked_ee1(&secret_key_unpacked, ciphertext, result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -8793,7 +8881,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-void libcrux_ml_kem_ind_cca_decapsulate_19(
+void libcrux_ml_kem_ind_cca_decapsulate_81(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -8811,7 +8899,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted);
+ decrypt_5f(ind_cpa_secret_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0);
@@ -8833,7 +8921,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t),
@@ -8843,16 +8931,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_19(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
+ encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- kdf_d8_b7(Eurydice_array_to_slice((size_t)32U,
+ kdf_d8_8d(Eurydice_array_to_slice((size_t)32U,
implicit_rejection_shared_secret0, uint8_t),
implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- kdf_d8_b7(shared_secret0, shared_secret1);
+ kdf_d8_8d(shared_secret0, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_401(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_ae1(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
index e36fc4ae2..b375e1f09 100644
--- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h
+++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem_portable_H
@@ -74,6 +74,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_11(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[22U]);
+void libcrux_ml_kem_vector_portable_serialize_11(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[22U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -99,6 +103,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -421,8 +428,7 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d(
void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
- size_t i, size_t j,
- libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
+ size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out);
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
@@ -444,6 +450,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_1(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[2U]);
+void libcrux_ml_kem_vector_portable_serialize_1(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[2U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -455,6 +465,9 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -476,6 +489,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_4(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[8U]);
+void libcrux_ml_kem_vector_portable_serialize_4(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[8U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -490,6 +507,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -512,6 +532,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_5(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[10U]);
+void libcrux_ml_kem_vector_portable_serialize_5(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[10U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -526,6 +550,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -540,6 +567,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_10(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[20U]);
+void libcrux_ml_kem_vector_portable_serialize_10(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[20U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -554,6 +585,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -574,6 +608,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_12(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v,
uint8_t ret[24U]);
+void libcrux_ml_kem_vector_portable_serialize_12(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[24U]);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -593,6 +631,9 @@ int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int(
libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes);
+libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a);
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h
index 09a7923b5..ee291c40e 100644
--- a/libcrux-ml-kem/c/libcrux_sha3.h
+++ b/libcrux-ml-kem/c/libcrux_sha3.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
index 49d6623c3..65d87344a 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "internal/libcrux_sha3_avx2.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
index 1e2e63c96..67f5d174c 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h
index 5b4b70a94..a20e6c410 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_internal.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_internal_H
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c
index d84fc7126..360ff4122 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.c
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#include "libcrux_sha3_neon.h"
diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h
index bdb6771ab..2fc24f7d1 100644
--- a/libcrux-ml-kem/c/libcrux_sha3_neon.h
+++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_neon_H
diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt
index 7599cb2f1..d393ef31c 100644
--- a/libcrux-ml-kem/cg/code_gen.txt
+++ b/libcrux-ml-kem/cg/code_gen.txt
@@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4
Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
-Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h
index c6916acab..1a0b95675 100644
--- a/libcrux-ml-kem/cg/libcrux_core.h
+++ b/libcrux-ml-kem/cg/libcrux_core.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_core_H
@@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4
with const generics
- SIZE= 1088
*/
-static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_24(
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
return self->value;
}
@@ -245,7 +245,7 @@ with const generics
- SIZE= 1184
*/
static inline libcrux_ml_kem_types_MlKemPublicKey_15
-libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) {
+libcrux_ml_kem_types_from_5a_af(uint8_t value[1184U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1184U];
memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t));
@@ -279,7 +279,7 @@ with const generics
- PUBLIC_KEY_SIZE= 1184
*/
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
+libcrux_ml_kem_types_from_3a_78(libcrux_ml_kem_types_MlKemPrivateKey_55 sk,
libcrux_ml_kem_types_MlKemPublicKey_15 pk) {
return (
CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk});
@@ -295,7 +295,7 @@ with const generics
- SIZE= 2400
*/
static inline libcrux_ml_kem_types_MlKemPrivateKey_55
-libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) {
+libcrux_ml_kem_types_from_7f_e6(uint8_t value[2400U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[2400U];
memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t));
@@ -359,7 +359,7 @@ with const generics
- SIZE= 1088
*/
static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext
-libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) {
+libcrux_ml_kem_types_from_01_96(uint8_t value[1088U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_value[1088U];
memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t));
@@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd
with const generics
- SIZE= 1184
*/
-static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02(
+static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_60(
libcrux_ml_kem_types_MlKemPublicKey_15 *self) {
return self->value;
}
@@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00
with const generics
- SIZE= 1088
*/
-static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c(
+static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e7(
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) {
return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t);
}
diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h
index 2b5ee19c2..443142103 100644
--- a/libcrux-ml-kem/cg/libcrux_ct_ops.h
+++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_ct_ops_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
index 553bb0252..686aabb0d 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_avx2_H
@@ -1319,7 +1319,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ff(size_t _) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -1331,7 +1331,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1352,7 +1352,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
@@ -1370,7 +1370,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff(
+ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4(
secret_bytes);
secret_as_ntt[i0] = uu____0;
}
@@ -1393,7 +1393,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a8(size_t _) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -1405,7 +1405,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72(
__m256i vector) {
__m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
(int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1457,9 +1457,9 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53(
+ return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72(
vector);
}
@@ -1471,7 +1471,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1487,7 +1487,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(
serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes);
re.coefficients[i0] =
- libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb(
+ libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64(
coefficient);
}
return re;
@@ -1501,7 +1501,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720(
__m256i vector) {
__m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
(int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1553,9 +1553,9 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530(
+ return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720(
vector);
}
@@ -1567,7 +1567,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_33(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1578,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d(
serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes);
re.coefficients[i0] =
- libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0(
+ libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640(
coefficient);
}
return re;
@@ -1592,9 +1592,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b(
Eurydice_slice serialized) {
- return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized);
+ return libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(serialized);
}
typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s {
@@ -1669,7 +1669,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_bc(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1688,7 +1688,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1708,7 +1708,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -1735,7 +1735,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -1752,7 +1752,7 @@ with const generics
- VECTOR_U_COMPRESSION_FACTOR= 10
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i = (size_t)0U;
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U,
@@ -1763,13 +1763,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96(
(size_t)3U * (size_t)3328U);
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U,
(size_t)4U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U,
+ libcrux_ml_kem_ntt_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U,
(size_t)5U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U,
+ libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U,
(size_t)6U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U,
+ libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U,
(size_t)7U * (size_t)3328U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
}
/**
@@ -1782,7 +1782,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
@@ -1807,12 +1807,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(
(size_t)10U / (size_t)8U,
uint8_t);
u_as_ntt[i0] =
- libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b(
u_bytes);
- libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]);
+ libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
+ memcpy(
+ result, u_as_ntt,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
- ret, u_as_ntt,
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -1824,7 +1828,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721(
__m256i vector) {
__m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
(int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1876,9 +1880,9 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531(
+ return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721(
vector);
}
@@ -1890,7 +1894,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1901,7 +1905,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(
serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t);
__m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes);
re.coefficients[i0] =
- libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1(
+ libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641(
coefficient);
}
return re;
@@ -1915,7 +1919,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
+libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722(
__m256i vector) {
__m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32(
(int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -1967,9 +1971,9 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline __m256i
-libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
+libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532(
+ return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722(
vector);
}
@@ -1981,7 +1985,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -1992,7 +1996,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b(
serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t);
re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes);
re.coefficients[i0] =
- libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2(
+ libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642(
re.coefficients[i0]);
}
return re;
@@ -2006,9 +2010,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a(
Eurydice_slice serialized) {
- return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized);
+ return libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(serialized);
}
/**
@@ -2024,7 +2028,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_63(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out =
@@ -2057,7 +2061,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) {
for (size_t i = (size_t)0U;
@@ -2078,7 +2082,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2102,7 +2106,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2124,7 +2128,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2145,7 +2149,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2
-libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a,
+libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(__m256i a,
__m256i b,
int16_t zeta_r) {
__m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a);
@@ -2164,7 +2168,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re,
size_t layer) {
size_t step = (size_t)1U << (uint32_t)layer;
@@ -2179,7 +2183,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(
for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
size_t j = i;
libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 =
- libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(
+ libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(
re->coefficients[j], re->coefficients[j + step_vec],
libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
__m256i x = uu____0.fst;
@@ -2197,22 +2201,22 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(&zeta_i, re, (size_t)1U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(&zeta_i, re, (size_t)2U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
(size_t)4U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
(size_t)5U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
(size_t)6U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re,
(size_t)7U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
}
/**
@@ -2228,7 +2232,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_subtract_reduce_ef_23(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) {
for (size_t i = (size_t)0U;
@@ -2252,7 +2256,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_message_ee(
+libcrux_ml_kem_matrix_compute_message_a0(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) {
@@ -2261,12 +2265,12 @@ libcrux_ml_kem_matrix_compute_message_ee(
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0],
&u_as_ntt[i0]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
- result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result);
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
+ result = libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(v, result);
return result;
}
@@ -2277,7 +2281,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) {
+libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(__m256i vector) {
return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i);
}
@@ -2291,9 +2295,9 @@ with const generics
- SHIFT_BY= 15
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1(
+static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_0f(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector);
+ return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(vector);
}
/**
@@ -2304,8 +2308,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline __m256i
-libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) {
- __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a);
+libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) {
+ __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_0f(a);
__m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(
t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
return libcrux_ml_kem_vector_avx2_add_09(a, &fm);
@@ -2319,8 +2323,8 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) {
- return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a);
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) {
+ return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a);
}
/**
@@ -2331,12 +2335,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_db(
+libcrux_ml_kem_serialize_compress_then_serialize_message_53(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) {
uint8_t serialized[32U] = {0U};
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
size_t i0 = i;
- __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+ __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
re.coefficients[i0]);
__m256i coefficient_compressed =
libcrux_ml_kem_vector_avx2_compress_1_09(coefficient);
@@ -2363,20 +2367,20 @@ with const generics
- V_COMPRESSION_FACTOR= 4
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U];
- libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt);
+ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a(
Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message =
- libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt,
+ libcrux_ml_kem_matrix_compute_message_a0(&v, secret_key->secret_as_ntt,
u_as_ntt);
uint8_t ret0[32U];
- libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0);
+ libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -2391,11 +2395,11 @@ with const generics
- V_COMPRESSION_FACTOR= 4
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_3a(Eurydice_slice secret_key,
uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U];
- libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt);
+ libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U];
memcpy(
@@ -2407,7 +2411,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
uint8_t result[32U];
- libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext,
+ libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(&secret_key_unpacked, ciphertext,
result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -2501,7 +2505,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -2525,7 +2529,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -2539,7 +2543,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed(
+ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63(
ring_element);
deserialized_pk[i0] = uu____0;
}
@@ -3020,7 +3024,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -3211,7 +3215,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) {
libcrux_ml_kem_ntt_ntt_at_layer_7_13(re);
size_t zeta_i = (size_t)1U;
@@ -3221,13 +3225,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(
(size_t)11207U + (size_t)3328U);
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(
&zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_3_ba(
+ libcrux_ml_kem_ntt_ntt_at_layer_3_bc(
&zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_2_89(
+ libcrux_ml_kem_ntt_ntt_at_layer_2_c2(
&zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_1_d7(
+ libcrux_ml_kem_ntt_ntt_at_layer_1_09(
&zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re);
}
/**
@@ -3240,7 +3244,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -3262,7 +3266,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
re_as_ntt[i0] =
libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);
+ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);
}
return domain_separator;
}
@@ -3277,7 +3281,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3286,7 +3290,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt;
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
- domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+ domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U];
@@ -3311,7 +3315,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0d(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -3325,7 +3329,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE tuple_b00
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U],
uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -3403,7 +3407,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_8e(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -3419,7 +3423,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
for (size_t i = (size_t)0U;
@@ -3441,14 +3445,14 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cf(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
- result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
+ result[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
}
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
@@ -3469,18 +3473,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result[i1],
&product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]);
- libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1],
- &error_1[i1]);
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result[i1]);
+ libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
- memcpy(
- result, result0,
- (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
memcpy(
ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
@@ -3493,7 +3492,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06(
+static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_8f(
__m256i vec) {
__m256i z = libcrux_ml_kem_vector_avx2_ZERO_09();
__m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec);
@@ -3509,7 +3508,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_44(
uint8_t serialized[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re =
libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -3520,7 +3519,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
Eurydice_array_to_subslice2(serialized, (size_t)2U * i0,
(size_t)2U * i0 + (size_t)2U, uint8_t));
re.coefficients[i0] =
- libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed);
+ libcrux_ml_kem_vector_traits_decompress_1_8f(coefficient_compressed);
}
return re;
}
@@ -3538,7 +3537,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) {
@@ -3566,7 +3565,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_matrix_compute_ring_element_v_5b(
+libcrux_ml_kem_matrix_compute_ring_element_v_de(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2,
@@ -3576,12 +3575,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_5b(
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0],
&r_as_ntt[i0]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result);
- result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81(
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result);
+ result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4(
error_2, message, result);
return result;
}
@@ -3594,7 +3593,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e(
__m256i vector) {
__m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3649,9 +3648,9 @@ with const generics
- COEFFICIENT_BITS= 10
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f(
+ return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e(
vector);
}
@@ -3663,14 +3662,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_34(
+libcrux_ml_kem_serialize_compress_then_serialize_10_b4(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e(
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+ __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
re->coefficients[i0]));
uint8_t bytes[20U];
libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes);
@@ -3692,7 +3691,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0(
__m256i vector) {
__m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3747,9 +3746,9 @@ with const generics
- COEFFICIENT_BITS= 11
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e0(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb0(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0(
+ return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0(
vector);
}
@@ -3761,14 +3760,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_47(
+libcrux_ml_kem_serialize_compress_then_serialize_11_65(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e0(
- libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
+ __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb0(
+ libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(
re->coefficients[i0]));
uint8_t bytes[22U];
libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes);
@@ -3789,10 +3788,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) {
uint8_t uu____0[320U];
- libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0);
+ libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0);
memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
}
@@ -3806,7 +3805,7 @@ with const generics
- BLOCK_LEN= 320
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -3822,7 +3821,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
out, i0 * ((size_t)960U / (size_t)3U),
(i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
uint8_t ret[320U];
- libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re,
+ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(&re,
ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -3837,7 +3836,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1(
__m256i vector) {
__m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3892,9 +3891,9 @@ with const generics
- COEFFICIENT_BITS= 4
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e1(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb1(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1(
+ return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1(
vector);
}
@@ -3906,14 +3905,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_c3(
+libcrux_ml_kem_serialize_compress_then_serialize_4_ea(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e1(
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+ __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb1(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
re.coefficients[i0]));
uint8_t bytes[8U];
libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes);
@@ -3932,7 +3931,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE __m256i
-libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
+libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2(
__m256i vector) {
__m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32(
((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) /
@@ -3987,9 +3986,9 @@ with const generics
- COEFFICIENT_BITS= 5
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e2(
+static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb2(
__m256i vector) {
- return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2(
+ return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2(
vector);
}
@@ -4001,14 +4000,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_de(
+libcrux_ml_kem_serialize_compress_then_serialize_5_47(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3e2(
- libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(
+ __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_eb2(
+ libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(
re.coefficients[i0]));
uint8_t bytes[10U];
libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes);
@@ -4028,9 +4027,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) {
- libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out);
+ libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out);
}
/**
@@ -4051,7 +4050,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key,
uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
uint8_t prf_input[33U];
@@ -4059,7 +4058,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+ tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U];
memcpy(
@@ -4069,7 +4068,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(
+ tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(
copy_of_prf_input, domain_separator0);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U];
memcpy(
@@ -4084,27 +4083,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U];
- libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1,
+ libcrux_ml_kem_matrix_compute_vector_u_cf(public_key->A, r_as_ntt, error_1,
u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element =
- libcrux_ml_kem_serialize_deserialize_then_decompress_message_45(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_message_44(
copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v =
- libcrux_ml_kem_matrix_compute_ring_element_v_5b(
+ libcrux_ml_kem_matrix_compute_ring_element_v_de(
public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
uint8_t ciphertext[1088U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U];
memcpy(
uu____5, u,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57(
+ libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v;
- libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba(
+ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63(
uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -4128,13 +4127,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_e7(Eurydice_slice public_key,
uint8_t message[32U],
Eurydice_slice randomness,
uint8_t ret[1088U]) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -4150,7 +4149,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key,
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message,
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____1, copy_of_message,
randomness, result);
memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
}
@@ -4167,7 +4166,7 @@ with const generics
- CIPHERTEXT_SIZE= 1088
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_dc(
Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
@@ -4199,7 +4198,7 @@ with const generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_5b(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -4217,7 +4216,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
+ libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value,
decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -4241,7 +4240,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -4252,18 +4251,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
+ libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted,
pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- libcrux_ml_kem_variant_kdf_d8_16(
+ libcrux_ml_kem_variant_kdf_d8_dc(
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
uint8_t),
ciphertext, implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1);
+ libcrux_ml_kem_variant_kdf_d8_dc(shared_secret0, ciphertext, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -4293,10 +4292,10 @@ with const generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(
+static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret);
}
/**
@@ -4310,7 +4309,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(private_key,
+ libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(private_key,
ciphertext, ret);
}
@@ -4325,7 +4324,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c5(
Eurydice_slice randomness, uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -4368,11 +4367,11 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- libcrux_ml_kem_variant_entropy_preprocess_d8_64(
+ libcrux_ml_kem_variant_entropy_preprocess_d8_c5(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -4383,7 +4382,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
uint8_t ret[32U];
libcrux_ml_kem_hash_functions_avx2_H_a9_41(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -4398,20 +4397,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0,
+ libcrux_ml_kem_variant_kdf_d8_dc(shared_secret, &ciphertext0,
shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
@@ -4443,14 +4442,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
+libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_a7(uu____0, copy_of_randomness);
}
/**
@@ -4468,7 +4467,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd(
uu____0, copy_of_randomness);
}
@@ -4504,7 +4503,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -4527,7 +4526,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79(
+static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1(
__m256i v) {
return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(
v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -4546,14 +4545,14 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t j = i;
__m256i coefficient_normal_form =
- libcrux_ml_kem_vector_traits_to_standard_domain_79(
+ libcrux_ml_kem_vector_traits_to_standard_domain_c1(
self->coefficients[j]);
self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(
libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form,
@@ -4568,7 +4567,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt,
@@ -4596,12 +4595,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element,
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element,
&s_as_ntt[j]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0],
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0],
&product);
}
- libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34(
+ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba(
&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -4616,12 +4615,12 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
Eurydice_slice key_generation_seed,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
uint8_t hashed[64U];
- libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed);
+ libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -4641,7 +4640,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
@@ -4649,11 +4648,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
memcpy(
error_as_ntt,
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- libcrux_ml_kem_matrix_compute_As_plus_e_2d(
+ libcrux_ml_kem_matrix_compute_As_plus_e_67(
public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
error_as_ntt);
uint8_t uu____5[32U];
@@ -4671,13 +4670,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) {
uint8_t serialized[384U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
- __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(
+ __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(
re->coefficients[i0]);
uint8_t bytes[24U];
libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes);
@@ -4699,7 +4698,7 @@ with const generics
- OUT_LEN= 1152
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key,
uint8_t ret[1152U]) {
uint8_t out[1152U] = {0U};
@@ -4717,11 +4716,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0);
+ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
+ uint8_t result[1152U];
+ memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
}
/**
@@ -4733,13 +4734,13 @@ with const generics
- PUBLIC_KEY_SIZE= 1184
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1152U, uint8_t);
uint8_t ret[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret);
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -4757,11 +4758,11 @@ with const generics
- PUBLIC_KEY_SIZE= 1184
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
uint8_t public_key_serialized[1184U] = {0U};
- libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a,
+ libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(t_as_ntt, seed_for_a,
public_key_serialized);
uint8_t result[1184U];
memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
@@ -4782,20 +4783,20 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) {
+libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt,
secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
@@ -4821,7 +4822,7 @@ with const generics
- SERIALIZED_KEY_LEN= 2400
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
uint8_t out[2400U] = {0U};
@@ -4878,7 +4879,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -4887,13 +4888,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness);
+ libcrux_ml_kem_ind_cpa_generate_keypair_47(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+ libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -4902,13 +4903,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -4924,12 +4925,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
+libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness);
}
/**
@@ -4941,7 +4942,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd(
copy_of_randomness);
}
@@ -4957,7 +4958,7 @@ with const generics
- CIPHERTEXT_SIZE= 1088
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_20(
Eurydice_slice shared_secret,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
uint8_t kdf_input[64U];
@@ -4968,7 +4969,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5(
uint8_t ret0[32U];
libcrux_ml_kem_hash_functions_avx2_H_a9_41(
Eurydice_array_to_slice((size_t)1088U,
- libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
+ libcrux_ml_kem_types_as_slice_d4_24(ciphertext),
uint8_t),
ret0);
Eurydice_slice_copy(
@@ -5002,7 +5003,7 @@ with const generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5020,7 +5021,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value,
+ libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value,
decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5044,7 +5045,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5055,18 +5056,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted,
+ libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted,
pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- libcrux_ml_kem_variant_kdf_33_f5(
+ libcrux_ml_kem_variant_kdf_33_20(
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
uint8_t),
ciphertext, implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1);
+ libcrux_ml_kem_variant_kdf_33_20(shared_secret0, ciphertext, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5100,10 +5101,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret);
}
/**
@@ -5117,7 +5118,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02(
+ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e(
private_key, ciphertext, ret);
}
@@ -5132,7 +5133,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d3(
Eurydice_slice randomness, uint8_t ret[32U]) {
libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret);
}
@@ -5157,11 +5158,11 @@ with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- libcrux_ml_kem_variant_entropy_preprocess_33_e7(
+ libcrux_ml_kem_variant_entropy_preprocess_33_d3(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5172,7 +5173,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
uint8_t ret[32U];
libcrux_ml_kem_hash_functions_avx2_H_a9_41(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -5187,20 +5188,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0,
+ libcrux_ml_kem_variant_kdf_33_20(shared_secret, &ciphertext0,
shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
@@ -5235,14 +5236,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_a70(uu____0, copy_of_randomness);
}
/**
@@ -5260,7 +5261,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1(
uu____0, copy_of_randomness);
}
@@ -5275,7 +5276,7 @@ with const generics
- K= 3
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_39(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret);
}
@@ -5290,12 +5291,12 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
Eurydice_slice key_generation_seed,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) {
uint8_t hashed[64U];
- libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed);
+ libcrux_ml_kem_variant_cpa_keygen_seed_33_39(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5315,7 +5316,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(
uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
@@ -5323,11 +5324,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U];
memcpy(
error_as_ntt,
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7(
copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
- libcrux_ml_kem_matrix_compute_As_plus_e_2d(
+ libcrux_ml_kem_matrix_compute_As_plus_e_67(
public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
error_as_ntt);
uint8_t uu____5[32U];
@@ -5351,21 +5352,21 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_6a0(
+libcrux_ml_kem_ind_cpa_generate_keypair_470(
Eurydice_slice key_generation_seed) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key =
libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key =
libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0(
key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt,
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt,
secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
@@ -5398,7 +5399,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5407,13 +5408,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness);
+ libcrux_ml_kem_ind_cpa_generate_keypair_470(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f(
+ libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -5422,13 +5423,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -5445,12 +5446,12 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
+libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness);
}
/**
@@ -5462,7 +5463,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f(
copy_of_randomness);
}
@@ -5475,7 +5476,7 @@ with const generics
- CIPHERTEXT_SIZE= 1088
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e5(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
uint8_t t[32U];
@@ -5501,10 +5502,10 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key,
ciphertext);
}
@@ -5517,7 +5518,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf(
private_key, ciphertext);
}
@@ -5529,7 +5530,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1a(
size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -5542,17 +5543,21 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
}
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U];
memcpy(
- ret, deserialized_pk,
+ result, deserialized_pk,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2));
}
@@ -5565,16 +5570,16 @@ with const generics
- PUBLIC_KEY_SIZE= 1184
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_84(
uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U];
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86(
Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
uu____0,
Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
@@ -5593,9 +5598,9 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
+libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96(
uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key);
+ return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key);
}
/**
@@ -5606,7 +5611,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
KRML_ATTRIBUTE_TARGET("avx2")
static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
- return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96(
public_key->value);
}
@@ -5632,11 +5637,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(
+ libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(
&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5666,7 +5671,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret[32U];
libcrux_ml_kem_hash_functions_avx2_PRF_a9_16(
@@ -5678,11 +5683,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(
uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
uint8_t selector =
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
uint8_t ret0[32U];
libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -5719,10 +5724,10 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret);
}
/**
@@ -5736,7 +5741,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8(
+ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad(
private_key, ciphertext, ret);
}
@@ -5759,7 +5764,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
uint8_t randomness[32U]) {
uint8_t to_hash[64U];
@@ -5787,7 +5792,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
uint8_t shared_secret_array[32U] = {0U};
Eurydice_slice_copy(
@@ -5797,7 +5802,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -5831,7 +5836,7 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 =
@@ -5839,7 +5844,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0,
+ return libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(uu____0,
copy_of_randomness);
}
@@ -5860,7 +5865,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89(
+ return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62(
uu____0, copy_of_randomness);
}
@@ -5880,7 +5885,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_dd(size_t _j) {
return libcrux_ml_kem_polynomial_ZERO_ef_05();
}
@@ -5899,7 +5904,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(
size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) {
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05();
@@ -5919,7 +5924,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2
-libcrux_ml_kem_polynomial_clone_8d_ae(
+libcrux_ml_kem_polynomial_clone_8d_55(
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit;
__m256i ret[16U];
@@ -5946,7 +5951,7 @@ with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
KRML_ATTRIBUTE_TARGET("avx2")
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(
uint8_t randomness[64U],
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -5956,19 +5961,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
(size_t)64U, randomness,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a(
ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
&out->public_key.ind_cpa_public_key);
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
- libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]);
+ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(i, A[i]);
}
for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
size_t i1 = i0;
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 =
- libcrux_ml_kem_polynomial_clone_8d_ae(
+ libcrux_ml_kem_polynomial_clone_8d_55(
&out->public_key.ind_cpa_public_key.A[j][i1]);
A[i1][j] = uu____0;
}
@@ -5981,7 +5986,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(
(size_t)3U *
sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]));
uint8_t pk_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_ca(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e5(
out->public_key.ind_cpa_public_key.t_as_ntt,
Eurydice_array_to_slice(
(size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6017,13 +6022,13 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64(
uint8_t randomness[64U],
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out);
+ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(copy_of_randomness, out);
}
/**
@@ -6036,7 +6041,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7(
+ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64(
copy_of_randomness, key_pair);
}
@@ -6053,7 +6058,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_default_1c_9e(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(void) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89();
lit.public_key_hash[0U] = 0U;
@@ -6105,7 +6110,7 @@ with const generics
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
- libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) {
+ libcrux_ml_kem_ind_cca_unpacked_default_07_e3(void) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0;
uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c();
uu____0.implicit_rejection_value[0U] = 0U;
@@ -6143,7 +6148,7 @@ static KRML_MUSTINLINE
return (
CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){
.private_key = uu____0,
- .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_9e()});
+ .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_a5()});
}
/**
@@ -6152,7 +6157,7 @@ static KRML_MUSTINLINE
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked
libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
- return libcrux_ml_kem_ind_cca_unpacked_default_07_e2();
+ return libcrux_ml_kem_ind_cca_unpacked_default_07_e3();
}
/**
@@ -6161,7 +6166,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) {
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) {
- return libcrux_ml_kem_ind_cca_unpacked_default_1c_9e();
+ return libcrux_ml_kem_ind_cca_unpacked_default_1c_a5();
}
/**
@@ -6182,10 +6187,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(
self->ind_cpa_public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
uint8_t),
@@ -6210,10 +6215,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(
&self->public_key, serialized);
}
@@ -6225,7 +6230,7 @@ static inline void
libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(key_pair,
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair,
serialized);
}
@@ -6242,7 +6247,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) {
libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U];
core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -6279,11 +6284,11 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
-libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_e1(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit;
lit.ind_cpa_public_key =
- libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(&self->ind_cpa_public_key);
+ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key);
uint8_t ret[32U];
core_array___core__clone__Clone_for__Array_T__N___20__clone(
(size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -6307,7 +6312,7 @@ with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) {
return &self->public_key;
}
@@ -6320,8 +6325,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key(
libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 =
- libcrux_ml_kem_ind_cca_unpacked_clone_28_24(
- libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(key_pair));
+ libcrux_ml_kem_ind_cca_unpacked_clone_28_e1(
+ libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(key_pair));
pk[0U] = uu____0;
}
@@ -6332,7 +6337,7 @@ KRML_ATTRIBUTE_TARGET("avx2")
static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(public_key,
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(public_key,
serialized);
}
@@ -6350,13 +6355,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(
+libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
*unpacked_public_key) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
(size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4(
uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
uint8_t uu____1[32U];
libcrux_ml_kem_utils_into_padded_array_423(
@@ -6376,7 +6381,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(
uint8_t uu____3[32U];
libcrux_ml_kem_hash_functions_avx2_H_a9_41(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
uu____3);
memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -6397,11 +6402,11 @@ generics
*/
KRML_ATTRIBUTE_TARGET("avx2")
static inline void
-libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
+libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
*unpacked_public_key) {
- libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key,
+ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(public_key,
unpacked_public_key);
}
@@ -6413,7 +6418,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0
*unpacked_public_key) {
- libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1(
+ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa(
public_key, unpacked_public_key);
}
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
index a99ed2625..162259dd8 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_avx2_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
index 2d7b89018..091d5acc2 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_portable_H
@@ -250,6 +250,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11(
ret[21U] = r11_21.f10;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_11(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[22U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -257,7 +263,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_11_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[22U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_11(a, ret);
}
typedef struct int16_t_x8_s {
@@ -361,13 +367,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a);
+ return libcrux_ml_kem_vector_portable_deserialize_11(a);
}
static KRML_MUSTINLINE void
@@ -1271,8 +1282,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step(
int16_t t =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
vec->elements[j], zeta);
- vec->elements[j] = vec->elements[i] - t;
- vec->elements[i] = vec->elements[i] + t;
+ int16_t a_minus_t = vec->elements[i] - t;
+ int16_t a_plus_t = vec->elements[i] + t;
+ vec->elements[j] = a_minus_t;
+ vec->elements[i] = a_plus_t;
}
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1381,8 +1394,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(
libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec,
int16_t zeta, size_t i, size_t j) {
int16_t a_minus_b = vec->elements[j] - vec->elements[i];
+ int16_t a_plus_b = vec->elements[j] + vec->elements[i];
int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element(
- vec->elements[i] + vec->elements[j]);
+ a_plus_b);
int16_t o1 =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer(
a_minus_b, zeta);
@@ -1497,12 +1511,11 @@ static KRML_MUSTINLINE void
libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
libcrux_ml_kem_vector_portable_vector_type_PortableVector *a,
libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta,
- size_t i, size_t j,
- libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
- int16_t ai = a->elements[i];
- int16_t bi = b->elements[i];
- int16_t aj = a->elements[j];
- int16_t bj = b->elements[j];
+ size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) {
+ int16_t ai = a->elements[(size_t)2U * i];
+ int16_t bi = b->elements[(size_t)2U * i];
+ int16_t aj = a->elements[(size_t)2U * i + (size_t)1U];
+ int16_t bj = b->elements[(size_t)2U * i + (size_t)1U];
int32_t ai_bi = (int32_t)ai * (int32_t)bi;
int32_t aj_bj_ = (int32_t)aj * (int32_t)bj;
int16_t aj_bj =
@@ -1519,8 +1532,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
int16_t o1 =
libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element(
ai_bj_aj_bi);
- out->elements[i] = o0;
- out->elements[j] = o1;
+ int16_t _out0[16U];
+ memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t));
+ out->elements[(size_t)2U * i] = o0;
+ out->elements[(size_t)2U * i + (size_t)1U] = o1;
}
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1534,22 +1549,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply(
int16_t nzeta3 = -zeta3;
libcrux_ml_kem_vector_portable_vector_type_PortableVector out =
libcrux_ml_kem_vector_portable_vector_type_zero();
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out);
- libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(
- lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0,
+ (size_t)0U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0,
+ (size_t)1U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1,
+ (size_t)2U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1,
+ (size_t)3U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2,
+ (size_t)4U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2,
+ (size_t)5U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3,
+ (size_t)6U, &out);
+ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3,
+ (size_t)7U, &out);
return out;
}
@@ -1590,6 +1605,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_1(
ret[1U] = result1;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_1(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[2U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1597,7 +1618,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_1_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[2U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_1(a, ret);
}
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
@@ -1684,13 +1705,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a);
+ return libcrux_ml_kem_vector_portable_deserialize_1(a);
}
typedef struct uint8_t_x4_s {
@@ -1748,6 +1774,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4(
ret[7U] = result4_7.f3;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_4(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[8U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1755,7 +1787,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_4_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[8U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_4(a, ret);
}
static KRML_MUSTINLINE int16_t_x8
@@ -1825,13 +1857,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a);
+ return libcrux_ml_kem_vector_portable_deserialize_4(a);
}
typedef struct uint8_t_x5_s {
@@ -1888,6 +1925,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5(
ret[9U] = r5_9.f4;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_5(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[10U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -1895,7 +1938,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_5_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[10U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_5(a, ret);
}
static KRML_MUSTINLINE int16_t_x8
@@ -1976,13 +2019,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a);
+ return libcrux_ml_kem_vector_portable_deserialize_5(a);
}
static KRML_MUSTINLINE uint8_t_x5
@@ -2057,6 +2105,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10(
ret[19U] = r15_19.f4;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_10(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[20U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2064,7 +2118,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_10_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[20U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_10(a, ret);
}
static KRML_MUSTINLINE int16_t_x8
@@ -2153,13 +2207,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a);
+ return libcrux_ml_kem_vector_portable_deserialize_10(a);
}
typedef struct uint8_t_x3_s {
@@ -2234,6 +2293,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12(
ret[23U] = r21_23.thd;
}
+static inline void libcrux_ml_kem_vector_portable_serialize_12(
+ libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
+ uint8_t ret[24U]) {
+ libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
@@ -2241,7 +2306,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
static inline void libcrux_ml_kem_vector_portable_serialize_12_0d(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
uint8_t ret[24U]) {
- libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret);
+ libcrux_ml_kem_vector_portable_serialize_12(a, ret);
}
typedef struct int16_t_x2_s {
@@ -2304,13 +2369,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) {
return lit;
}
+static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
+libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) {
+ return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+}
+
/**
This function found in impl {(libcrux_ml_kem::vector::traits::Operations for
libcrux_ml_kem::vector::portable::vector_type::PortableVector)}
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) {
- return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a);
+ return libcrux_ml_kem_vector_portable_deserialize_12(a);
}
static KRML_MUSTINLINE size_t
@@ -2486,7 +2556,7 @@ with const generics
- K= 3
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_97(size_t _) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -2497,7 +2567,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
+libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2519,7 +2589,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(
Eurydice_slice secret_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
@@ -2537,7 +2607,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c(
+ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8(
secret_bytes);
secret_as_ntt[i0] = uu____0;
}
@@ -2559,7 +2629,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- U_COMPRESSION_FACTOR= 10
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) {
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -2570,7 +2640,7 @@ const generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -2595,9 +2665,9 @@ generics
- COEFFICIENT_BITS= 10
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a(
+ return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe(
v);
}
@@ -2608,7 +2678,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(
+libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2627,7 +2697,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea(
+ libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78(
coefficient);
re.coefficients[i0] = uu____0;
}
@@ -2641,7 +2711,7 @@ const generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -2666,9 +2736,9 @@ generics
- COEFFICIENT_BITS= 11
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0(
+ return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0(
v);
}
@@ -2679,7 +2749,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7(
+libcrux_ml_kem_serialize_deserialize_then_decompress_11_6f(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2691,7 +2761,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7(
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0(
+ libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780(
coefficient);
re.coefficients[i0] = uu____0;
}
@@ -2705,9 +2775,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad(
Eurydice_slice serialized) {
- return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized);
+ return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(serialized);
}
typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s {
@@ -2785,7 +2855,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b8(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2805,7 +2875,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2826,7 +2896,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer, size_t _initial_coefficient_bound) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -2854,7 +2924,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
@@ -2872,7 +2942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- VECTOR_U_COMPRESSION_FACTOR= 10
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62(
+static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7c(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i = (size_t)0U;
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U,
@@ -2883,13 +2953,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62(
(size_t)3U * (size_t)3328U);
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U,
(size_t)4U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U,
+ libcrux_ml_kem_ntt_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U,
(size_t)5U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U,
+ libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U,
(size_t)6U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U,
+ libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U,
(size_t)7U * (size_t)3328U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
}
/**
@@ -2901,7 +2971,7 @@ with const generics
- U_COMPRESSION_FACTOR= 10
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(
+libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(
uint8_t *ciphertext,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
@@ -2926,12 +2996,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(
(size_t)10U / (size_t)8U,
uint8_t);
u_as_ntt[i0] =
- libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad(
u_bytes);
- libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]);
+ libcrux_ml_kem_ntt_ntt_vector_u_7c(&u_as_ntt[i0]);
}
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
memcpy(
- ret, u_as_ntt,
+ result, u_as_ntt,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
+ memcpy(
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -2942,7 +3016,7 @@ const generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -2967,9 +3041,9 @@ generics
- COEFFICIENT_BITS= 4
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1(
+ return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1(
v);
}
@@ -2980,7 +3054,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(
+libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -2992,7 +3066,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1(
+ libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781(
coefficient);
re.coefficients[i0] = uu____0;
}
@@ -3006,7 +3080,7 @@ const generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
+libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -3031,9 +3105,9 @@ generics
- COEFFICIENT_BITS= 5
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
+libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2(
+ return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2(
v);
}
@@ -3044,7 +3118,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_5_df(
+libcrux_ml_kem_serialize_deserialize_then_decompress_5_34(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3056,7 +3130,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_df(
re.coefficients[i0] =
libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 =
- libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2(
+ libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782(
re.coefficients[i0]);
re.coefficients[i0] = uu____1;
}
@@ -3070,9 +3144,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- COMPRESSION_FACTOR= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
+libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5(
Eurydice_slice serialized) {
- return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized);
+ return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized);
}
/**
@@ -3087,7 +3161,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_ntt_multiply_ef_45(
+libcrux_ml_kem_polynomial_ntt_multiply_ef_76(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out =
@@ -3121,7 +3195,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) {
for (size_t i = (size_t)0U;
@@ -3145,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3168,7 +3242,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3189,7 +3263,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t _layer) {
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
@@ -3211,7 +3285,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE
libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2
- libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
+ libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a,
libcrux_ml_kem_vector_portable_vector_type_PortableVector b,
int16_t zeta_r) {
@@ -3232,7 +3306,7 @@ with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(
+libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(
size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re,
size_t layer) {
size_t step = (size_t)1U << (uint32_t)layer;
@@ -3247,7 +3321,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(
for (size_t i = offset_vec; i < offset_vec + step_vec; i++) {
size_t j = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 =
- libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96(
+ libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01(
re->coefficients[j], re->coefficients[j + step_vec],
libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));
libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst;
@@ -3264,22 +3338,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(
+static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
size_t zeta_i =
LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U;
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(&zeta_i, re, (size_t)2U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(&zeta_i, re, (size_t)3U);
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
(size_t)4U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
(size_t)5U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
(size_t)6U);
- libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re,
+ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re,
(size_t)7U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
}
/**
@@ -3294,7 +3368,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(
+libcrux_ml_kem_polynomial_subtract_reduce_ef_55(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) {
for (size_t i = (size_t)0U;
@@ -3320,7 +3394,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_message_d5(
+libcrux_ml_kem_matrix_compute_message_9f(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) {
@@ -3329,12 +3403,12 @@ libcrux_ml_kem_matrix_compute_message_d5(
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0],
&u_as_ntt[i0]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
- result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result);
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result);
+ result = libcrux_ml_kem_polynomial_subtract_reduce_ef_55(v, result);
return result;
}
@@ -3344,7 +3418,7 @@ with const generics
- SHIFT_BY= 15
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(
+libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(
libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -3364,9 +3438,9 @@ with const generics
- SHIFT_BY= 15
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_shift_right_0d_9d(
+libcrux_ml_kem_vector_portable_shift_right_0d_6b(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
- return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v);
+ return libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(v);
}
/**
@@ -3376,10 +3450,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector t =
- libcrux_ml_kem_vector_portable_shift_right_0d_9d(a);
+ libcrux_ml_kem_vector_portable_shift_right_0d_6b(a);
libcrux_ml_kem_vector_portable_vector_type_PortableVector fm =
libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d(
t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS);
@@ -3393,10 +3467,10 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector result =
- libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a);
+ libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a);
return result;
}
@@ -3407,13 +3481,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_message_b1(
+libcrux_ml_kem_serialize_compress_then_serialize_message_80(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) {
uint8_t serialized[32U] = {0U};
for (size_t i = (size_t)0U; i < (size_t)16U; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
re.coefficients[i0]);
libcrux_ml_kem_vector_portable_vector_type_PortableVector
coefficient_compressed =
@@ -3441,20 +3515,20 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
+static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key,
uint8_t *ciphertext, uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U];
- libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt);
+ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5(
Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message =
- libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt,
+ libcrux_ml_kem_matrix_compute_message_9f(&v, secret_key->secret_as_ntt,
u_as_ntt);
uint8_t ret0[32U];
- libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0);
+ libcrux_ml_kem_serialize_compress_then_serialize_message_80(message, ret0);
memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t));
}
@@ -3468,11 +3542,11 @@ with const generics
- U_COMPRESSION_FACTOR= 10
- V_COMPRESSION_FACTOR= 4
*/
-static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key,
+static inline void libcrux_ml_kem_ind_cpa_decrypt_0d(Eurydice_slice secret_key,
uint8_t *ciphertext,
uint8_t ret[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U];
- libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt);
+ libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(secret_key, secret_as_ntt);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U];
memcpy(
@@ -3484,7 +3558,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key,
secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
uint8_t result[32U];
- libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext,
+ libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(&secret_key_unpacked, ciphertext,
result);
memcpy(ret, result, (size_t)32U * sizeof(uint8_t));
}
@@ -3573,7 +3647,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
+libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53(
Eurydice_slice serialized) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -3598,7 +3672,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 3
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) {
for (size_t i = (size_t)0U;
@@ -3612,7 +3686,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87(
+ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53(
ring_element);
deserialized_pk[i0] = uu____0;
}
@@ -4083,7 +4157,7 @@ generics
- ETA_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -4253,7 +4327,7 @@ with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(
+libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) {
libcrux_ml_kem_ntt_ntt_at_layer_7_97(re);
size_t zeta_i = (size_t)1U;
@@ -4263,13 +4337,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(
(size_t)11207U + (size_t)3328U);
libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(
&zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_3_d0(
+ libcrux_ml_kem_ntt_ntt_at_layer_3_b8(
&zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_2_76(
+ libcrux_ml_kem_ntt_ntt_at_layer_2_34(
&zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U);
- libcrux_ml_kem_ntt_ntt_at_layer_1_5d(
+ libcrux_ml_kem_ntt_ntt_at_layer_1_21(
&zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U);
- libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re);
+ libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re);
}
/**
@@ -4282,7 +4356,7 @@ generics
- ETA_RANDOMNESS_SIZE= 128
*/
static KRML_MUSTINLINE uint8_t
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt,
uint8_t prf_input[33U], uint8_t domain_separator) {
/* Passing arrays by value in Rust generates a copy in C */
@@ -4304,7 +4378,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
re_as_ntt[i0] =
libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t));
- libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);
+ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);
}
return domain_separator;
}
@@ -4319,7 +4393,7 @@ generics
- ETA_RANDOMNESS_SIZE= 128
*/
static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
uint8_t prf_input[33U], uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4328,7 +4402,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt;
uint8_t uu____1[33U];
memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t));
- domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+ domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
uu____0, uu____1, domain_separator);
/* Passing arrays by value in Rust generates a copy in C */
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U];
@@ -4353,7 +4427,7 @@ generics
- ETA2= 2
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) {
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_44(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -4367,7 +4441,7 @@ generics
- ETA2= 2
*/
static KRML_MUSTINLINE tuple_b0
-libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U],
+libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U],
uint8_t domain_separator) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
@@ -4442,7 +4516,7 @@ with const generics
- K= 3
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) {
+libcrux_ml_kem_matrix_compute_vector_u_closure_9f(size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -4457,7 +4531,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(
+static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
for (size_t i = (size_t)0U;
@@ -4481,14 +4555,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ec(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U];
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
- result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
+ result[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
for (size_t i0 = (size_t)0U;
i0 < Eurydice_slice_len(
@@ -4509,18 +4583,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90(
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result[i1],
&product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]);
- libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1],
- &error_1[i1]);
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result[i1]);
+ libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(&result[i1], &error_1[i1]);
}
- libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
- memcpy(
- result, result0,
- (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
@@ -4533,7 +4602,7 @@ with const generics
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_decompress_1_d4(
+libcrux_ml_kem_vector_traits_decompress_1_a8(
libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) {
libcrux_ml_kem_vector_portable_vector_type_PortableVector z =
libcrux_ml_kem_vector_portable_ZERO_0d();
@@ -4552,7 +4621,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
+libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc(
uint8_t serialized[32U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re =
libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -4565,7 +4634,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
(size_t)2U * i0 + (size_t)2U,
uint8_t));
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
- libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed);
+ libcrux_ml_kem_vector_traits_decompress_1_a8(coefficient_compressed);
re.coefficients[i0] = uu____0;
}
return re;
@@ -4583,7 +4652,7 @@ with const generics
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
+libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) {
@@ -4613,7 +4682,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_matrix_compute_ring_element_v_c6(
+libcrux_ml_kem_matrix_compute_ring_element_v_aa(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2,
@@ -4623,12 +4692,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c6(
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t i0 = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0],
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0],
&r_as_ntt[i0]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product);
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product);
}
- libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result);
- result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf(
+ libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result);
+ result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45(
error_2, message, result);
return result;
}
@@ -4639,7 +4708,7 @@ with const generics
- COEFFICIENT_BITS= 10
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_61(
+libcrux_ml_kem_vector_portable_compress_compress_6a(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4662,9 +4731,9 @@ with const generics
- COEFFICIENT_BITS= 10
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe(
+libcrux_ml_kem_vector_portable_compress_0d_83(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return libcrux_ml_kem_vector_portable_compress_compress_61(a);
+ return libcrux_ml_kem_vector_portable_compress_compress_6a(a);
}
/**
@@ -4674,15 +4743,15 @@ with const generics
- OUT_LEN= 320
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_10_9d(
+libcrux_ml_kem_serialize_compress_then_serialize_10_86(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- libcrux_ml_kem_vector_portable_compress_0d_fe(
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+ libcrux_ml_kem_vector_portable_compress_0d_83(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
re->coefficients[i0]));
uint8_t bytes[20U];
libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes);
@@ -4702,7 +4771,7 @@ with const generics
- COEFFICIENT_BITS= 11
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_610(
+libcrux_ml_kem_vector_portable_compress_compress_6a0(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4725,9 +4794,9 @@ with const generics
- COEFFICIENT_BITS= 11
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe0(
+libcrux_ml_kem_vector_portable_compress_0d_830(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return libcrux_ml_kem_vector_portable_compress_compress_610(a);
+ return libcrux_ml_kem_vector_portable_compress_compress_6a0(a);
}
/**
@@ -4737,15 +4806,15 @@ with const generics
- OUT_LEN= 320
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_11_63(
+libcrux_ml_kem_serialize_compress_then_serialize_11_dc(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
uint8_t serialized[320U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- libcrux_ml_kem_vector_portable_compress_0d_fe0(
- libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+ libcrux_ml_kem_vector_portable_compress_0d_830(
+ libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
re->coefficients[i0]));
uint8_t bytes[22U];
libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes);
@@ -4765,10 +4834,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- OUT_LEN= 320
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) {
uint8_t uu____0[320U];
- libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0);
+ libcrux_ml_kem_serialize_compress_then_serialize_10_86(re, uu____0);
memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t));
}
@@ -4781,7 +4850,7 @@ with const generics
- COMPRESSION_FACTOR= 10
- BLOCK_LEN= 320
*/
-static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
+static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U],
Eurydice_slice out) {
for (size_t i = (size_t)0U;
@@ -4797,7 +4866,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
out, i0 * ((size_t)960U / (size_t)3U),
(i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t);
uint8_t ret[320U];
- libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re,
+ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(&re,
ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t);
@@ -4810,7 +4879,7 @@ with const generics
- COEFFICIENT_BITS= 4
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_611(
+libcrux_ml_kem_vector_portable_compress_compress_6a1(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4833,9 +4902,9 @@ with const generics
- COEFFICIENT_BITS= 4
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe1(
+libcrux_ml_kem_vector_portable_compress_0d_831(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return libcrux_ml_kem_vector_portable_compress_compress_611(a);
+ return libcrux_ml_kem_vector_portable_compress_compress_6a1(a);
}
/**
@@ -4845,15 +4914,15 @@ with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_4_32(
+libcrux_ml_kem_serialize_compress_then_serialize_4_56(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- libcrux_ml_kem_vector_portable_compress_0d_fe1(
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+ libcrux_ml_kem_vector_portable_compress_0d_831(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
re.coefficients[i0]));
uint8_t bytes[8U];
libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes);
@@ -4870,7 +4939,7 @@ with const generics
- COEFFICIENT_BITS= 5
*/
static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_compress_612(
+libcrux_ml_kem_vector_portable_compress_compress_6a2(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) {
@@ -4893,9 +4962,9 @@ with const generics
- COEFFICIENT_BITS= 5
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_portable_compress_0d_fe2(
+libcrux_ml_kem_vector_portable_compress_0d_832(
libcrux_ml_kem_vector_portable_vector_type_PortableVector a) {
- return libcrux_ml_kem_vector_portable_compress_compress_612(a);
+ return libcrux_ml_kem_vector_portable_compress_compress_6a2(a);
}
/**
@@ -4905,15 +4974,15 @@ with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_5_14(
+libcrux_ml_kem_serialize_compress_then_serialize_5_53(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re,
Eurydice_slice serialized) {
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients =
- libcrux_ml_kem_vector_portable_compress_0d_fe2(
- libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(
+ libcrux_ml_kem_vector_portable_compress_0d_832(
+ libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(
re.coefficients[i0]));
uint8_t bytes[10U];
libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes);
@@ -4932,9 +5001,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- OUT_LEN= 128
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
+libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) {
- libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out);
+ libcrux_ml_kem_serialize_compress_then_serialize_4_56(re, out);
}
/**
@@ -4955,7 +5024,7 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
+static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key,
uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) {
uint8_t prf_input[33U];
@@ -4963,7 +5032,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+ tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
copy_of_prf_input0, 0U);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U];
memcpy(
@@ -4973,7 +5042,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t));
- tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(
+ tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(
copy_of_prf_input, domain_separator0);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U];
memcpy(
@@ -4988,27 +5057,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b(
Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U];
- libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1,
+ libcrux_ml_kem_matrix_compute_vector_u_ec(public_key->A, r_as_ntt, error_1,
u);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element =
- libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5(
+ libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc(
copy_of_message);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v =
- libcrux_ml_kem_matrix_compute_ring_element_v_c6(
+ libcrux_ml_kem_matrix_compute_ring_element_v_aa(
public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element);
uint8_t ciphertext[1088U] = {0U};
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U];
memcpy(
uu____5, u,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3(
+ libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a(
uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U,
uint8_t));
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v;
- libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32(
+ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef(
uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext,
(size_t)960U, uint8_t, size_t));
memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t));
@@ -5032,13 +5101,13 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key,
+static inline void libcrux_ml_kem_ind_cpa_encrypt_a5(Eurydice_slice public_key,
uint8_t message[32U],
Eurydice_slice randomness,
uint8_t ret[1088U]) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t),
unpacked_public_key.t_as_ntt);
Eurydice_slice seed =
@@ -5054,7 +5123,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key,
uint8_t copy_of_message[32U];
memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t));
uint8_t result[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message,
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message,
randomness, result);
memcpy(ret, result, (size_t)1088U * sizeof(uint8_t));
}
@@ -5070,7 +5139,7 @@ with const generics
- K= 3
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_8d(
Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_,
uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
@@ -5101,7 +5170,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1a(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5119,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
+ libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value,
decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5143,7 +5212,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -5154,18 +5223,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
+ libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted,
pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- libcrux_ml_kem_variant_kdf_d8_b7(
+ libcrux_ml_kem_variant_kdf_d8_8d(
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
uint8_t),
ciphertext, implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1);
+ libcrux_ml_kem_variant_kdf_d8_8d(shared_secret0, ciphertext, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5195,10 +5264,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
+libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_1a(private_key, ciphertext, ret);
}
/**
@@ -5211,7 +5280,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
static inline void libcrux_ml_kem_mlkem768_portable_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8(
+ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce(
private_key, ciphertext, ret);
}
@@ -5225,7 +5294,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_05(
Eurydice_slice randomness, uint8_t ret[32U]) {
uint8_t out[32U] = {0U};
Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t),
@@ -5266,11 +5335,11 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- libcrux_ml_kem_variant_entropy_preprocess_d8_a9(
+ libcrux_ml_kem_variant_entropy_preprocess_d8_05(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5281,7 +5350,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
uint8_t ret[32U];
libcrux_ml_kem_hash_functions_portable_H_f1_d5(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -5296,20 +5365,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0,
+ libcrux_ml_kem_variant_kdf_d8_8d(shared_secret, &ciphertext0,
shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
@@ -5340,14 +5409,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics
- ETA2_RANDOMNESS_SIZE= 128
*/
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
+libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_4e(uu____0, copy_of_randomness);
}
/**
@@ -5364,7 +5433,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db(
uu____0, copy_of_randomness);
}
@@ -5398,7 +5467,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
uint8_t seed[33U] = {0U};
Eurydice_slice_copy(
@@ -5421,7 +5490,7 @@ with const generics
*/
static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector
-libcrux_ml_kem_vector_traits_to_standard_domain_bf(
+libcrux_ml_kem_vector_traits_to_standard_domain_73(
libcrux_ml_kem_vector_portable_vector_type_PortableVector v) {
return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(
v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS);
@@ -5439,7 +5508,7 @@ with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
+libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) {
for (size_t i = (size_t)0U;
@@ -5447,7 +5516,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
size_t j = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector
coefficient_normal_form =
- libcrux_ml_kem_vector_traits_to_standard_domain_bf(
+ libcrux_ml_kem_vector_traits_to_standard_domain_73(
self->coefficients[j]);
libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 =
libcrux_ml_kem_vector_portable_barrett_reduce_0d(
@@ -5463,7 +5532,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7(
+static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U],
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt,
@@ -5491,12 +5560,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element =
&row[j];
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product =
- libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element,
+ libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element,
&s_as_ntt[j]);
- libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0],
+ libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0],
&product);
}
- libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f(
+ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69(
&t_as_ntt[i0], &error_as_ntt[i0]);
}
}
@@ -5510,12 +5579,12 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
Eurydice_slice key_generation_seed,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
uint8_t hashed[64U];
- libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed);
+ libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -5535,7 +5604,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
@@ -5543,11 +5612,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
memcpy(
error_as_ntt,
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- libcrux_ml_kem_matrix_compute_As_plus_e_c7(
+ libcrux_ml_kem_matrix_compute_As_plus_e_f0(
public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
error_as_ntt);
uint8_t uu____5[32U];
@@ -5564,14 +5633,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(
+libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) {
uint8_t serialized[384U] = {0U};
for (size_t i = (size_t)0U;
i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) {
size_t i0 = i;
libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient =
- libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0(
+ libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4(
re->coefficients[i0]);
uint8_t bytes[24U];
libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes);
@@ -5592,7 +5661,7 @@ with const generics
- K= 3
- OUT_LEN= 1152
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key,
uint8_t ret[1152U]) {
uint8_t out[1152U] = {0U};
@@ -5610,11 +5679,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(
(i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT,
uint8_t);
uint8_t ret0[384U];
- libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0);
+ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t);
}
- memcpy(ret, out, (size_t)1152U * sizeof(uint8_t));
+ uint8_t result[1152U];
+ memcpy(result, out, (size_t)1152U * sizeof(uint8_t));
+ memcpy(ret, result, (size_t)1152U * sizeof(uint8_t));
}
/**
@@ -5625,13 +5696,13 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t *serialized) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U,
(size_t)1152U, uint8_t);
uint8_t ret[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret);
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret);
Eurydice_slice_copy(
uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t);
Eurydice_slice_copy(
@@ -5648,11 +5719,11 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt,
Eurydice_slice seed_for_a, uint8_t ret[1184U]) {
uint8_t public_key_serialized[1184U] = {0U};
- libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a,
+ libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(t_as_ntt, seed_for_a,
public_key_serialized);
uint8_t result[1184U];
memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t));
@@ -5672,20 +5743,20 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) {
+libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt,
secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
@@ -5710,7 +5781,7 @@ with const generics
- K= 3
- SERIALIZED_KEY_LEN= 2400
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
Eurydice_slice private_key, Eurydice_slice public_key,
Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) {
uint8_t out[2400U] = {0U};
@@ -5766,7 +5837,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -5775,13 +5846,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness);
+ libcrux_ml_kem_ind_cpa_generate_keypair_08(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+ libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -5790,13 +5861,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -5812,12 +5883,12 @@ generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
+libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness);
}
/**
@@ -5828,7 +5899,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3(
copy_of_randomness);
}
@@ -5843,7 +5914,7 @@ with const generics
- K= 3
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ff(
Eurydice_slice shared_secret,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
uint8_t kdf_input[64U];
@@ -5854,7 +5925,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de(
uint8_t ret0[32U];
libcrux_ml_kem_hash_functions_portable_H_f1_d5(
Eurydice_array_to_slice((size_t)1088U,
- libcrux_ml_kem_types_as_slice_d4_76(ciphertext),
+ libcrux_ml_kem_types_as_slice_d4_24(ciphertext),
uint8_t),
ret0);
Eurydice_slice_copy(
@@ -5887,7 +5958,7 @@ libcrux_ml_kem_variant_Kyber with const generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
+static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
@@ -5905,7 +5976,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
Eurydice_slice ind_cpa_public_key_hash = uu____2.fst;
Eurydice_slice implicit_rejection_value = uu____2.snd;
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value,
+ libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value,
decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -5929,7 +6000,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
Eurydice_slice uu____4 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret0[32U];
libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -5940,18 +6011,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted,
+ libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted,
pseudorandomness, expected_ciphertext);
uint8_t implicit_rejection_shared_secret[32U];
- libcrux_ml_kem_variant_kdf_33_de(
+ libcrux_ml_kem_variant_kdf_33_ff(
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0,
uint8_t),
ciphertext, implicit_rejection_shared_secret);
uint8_t shared_secret1[32U];
- libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1);
+ libcrux_ml_kem_variant_kdf_33_ff(shared_secret0, ciphertext, shared_secret1);
uint8_t shared_secret[32U];
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t),
Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t),
Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret,
@@ -5985,10 +6056,10 @@ generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_decapsulate_1a0(private_key, ciphertext, ret);
}
/**
@@ -6001,7 +6072,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08(
+ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6(
private_key, ciphertext, ret);
}
@@ -6015,7 +6086,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57(
Eurydice_slice randomness, uint8_t ret[32U]) {
libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret);
}
@@ -6039,11 +6110,11 @@ libcrux_ml_kem_variant_Kyber with const generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
+static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
uint8_t randomness0[32U];
- libcrux_ml_kem_variant_entropy_preprocess_33_47(
+ libcrux_ml_kem_variant_entropy_preprocess_33_57(
Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0);
uint8_t to_hash[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -6054,7 +6125,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
uint8_t ret[32U];
libcrux_ml_kem_hash_functions_portable_H_f1_d5(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
ret);
Eurydice_slice_copy(
@@ -6069,20 +6140,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490(
Eurydice_slice shared_secret = uu____1.fst;
Eurydice_slice pseudorandomness = uu____1.snd;
Eurydice_slice uu____2 = Eurydice_array_to_slice(
- (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t);
+ (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
uint8_t shared_secret_array[32U];
- libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0,
+ libcrux_ml_kem_variant_kdf_33_ff(shared_secret, &ciphertext0,
shared_secret_array);
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0;
/* Passing arrays by value in Rust generates a copy in C */
@@ -6117,14 +6188,14 @@ generics
- ETA2_RANDOMNESS_SIZE= 128
*/
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_encapsulate_4e0(uu____0, copy_of_randomness);
}
/**
@@ -6141,7 +6212,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2(
uu____0, copy_of_randomness);
}
@@ -6155,7 +6226,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]]
with const generics
- K= 3
*/
-static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de(
+static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(
Eurydice_slice key_generation_seed, uint8_t ret[64U]) {
libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret);
}
@@ -6169,12 +6240,12 @@ libcrux_ml_kem_variant_Kyber with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
+static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
Eurydice_slice key_generation_seed,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key,
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) {
uint8_t hashed[64U];
- libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed);
+ libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(key_generation_seed, hashed);
Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at(
Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U,
uint8_t, Eurydice_slice_uint8_t_x2);
@@ -6194,7 +6265,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
uint8_t copy_of_prf_input0[33U];
memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t));
uint8_t domain_separator =
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7(
uu____2, copy_of_prf_input0, 0U);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_prf_input[33U];
@@ -6202,11 +6273,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U];
memcpy(
error_as_ntt,
- libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb(
+ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44(
copy_of_prf_input, domain_separator)
.fst,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
- libcrux_ml_kem_matrix_compute_As_plus_e_c7(
+ libcrux_ml_kem_matrix_compute_As_plus_e_f0(
public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt,
error_as_ntt);
uint8_t uu____5[32U];
@@ -6229,21 +6300,21 @@ libcrux_ml_kem_variant_Kyber with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_utils_extraction_helper_Keypair768
-libcrux_ml_kem_ind_cpa_generate_keypair_500(
+libcrux_ml_kem_ind_cpa_generate_keypair_080(
Eurydice_slice key_generation_seed) {
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key =
libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key =
libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860(
key_generation_seed, &private_key, &public_key);
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t),
public_key_serialized);
uint8_t secret_key_serialized[1152U];
- libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt,
+ libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt,
secret_key_serialized);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_secret_key_serialized[1152U];
@@ -6275,7 +6346,7 @@ libcrux_ml_kem_variant_Kyber with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
+libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
randomness, (size_t)0U,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t);
@@ -6284,13 +6355,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 =
- libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness);
+ libcrux_ml_kem_ind_cpa_generate_keypair_080(ind_cpa_keypair_randomness);
uint8_t ind_cpa_private_key[1152U];
memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t));
uint8_t public_key[1184U];
memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t));
uint8_t secret_key_serialized[2400U];
- libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0(
+ libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0(
Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t),
Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t),
implicit_rejection_value, secret_key_serialized);
@@ -6299,13 +6370,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) {
memcpy(copy_of_secret_key_serialized, secret_key_serialized,
(size_t)2400U * sizeof(uint8_t));
libcrux_ml_kem_types_MlKemPrivateKey_55 private_key =
- libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized);
+ libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized);
libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key;
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_public_key[1184U];
memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t));
- return libcrux_ml_kem_types_from_3a_ee(
- uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key));
+ return libcrux_ml_kem_types_from_3a_78(
+ uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key));
}
/**
@@ -6321,12 +6392,12 @@ generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair
-libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
+libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28(
uint8_t randomness[64U]) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness);
+ return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness);
}
/**
@@ -6338,7 +6409,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28(
copy_of_randomness);
}
@@ -6350,7 +6421,7 @@ with const generics
- SECRET_KEY_SIZE= 2400
- CIPHERTEXT_SIZE= 1088
*/
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_96(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) {
uint8_t t[32U];
@@ -6375,10 +6446,10 @@ generics
- CIPHERTEXT_SIZE= 1088
*/
static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key,
+ return libcrux_ml_kem_ind_cca_validate_private_key_96(private_key,
ciphertext);
}
@@ -6390,7 +6461,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key(
libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) {
- return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5(
private_key, ciphertext);
}
@@ -6402,7 +6473,7 @@ generics
- K= 3
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_16(
size_t _i) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -6414,17 +6485,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- K= 3
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
+libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae(
Eurydice_slice public_key,
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
public_key, deserialized_pk);
+ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U];
+ memcpy(
+ result, deserialized_pk,
+ (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
memcpy(
- ret, deserialized_pk,
+ ret, result,
(size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0));
}
@@ -6436,16 +6511,16 @@ with const generics
- RANKED_BYTES_PER_RING_ELEMENT= 1152
- PUBLIC_KEY_SIZE= 1184
*/
-static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68(
+static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f6(
uint8_t *public_key) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U];
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae(
Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
deserialized_pk);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk;
uint8_t public_key_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
uu____0,
Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U,
uint8_t, size_t),
@@ -6463,9 +6538,9 @@ generics
- PUBLIC_KEY_SIZE= 1184
*/
static KRML_MUSTINLINE bool
-libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
+libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6(
uint8_t *public_key) {
- return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key);
+ return libcrux_ml_kem_ind_cca_validate_public_key_f6(public_key);
}
/**
@@ -6475,7 +6550,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
*/
static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) {
- return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6(
public_key->value);
}
@@ -6501,11 +6576,11 @@ generics
- ETA2_RANDOMNESS_SIZE= 128
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
-static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
+static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
uint8_t decrypted[32U];
- libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(
+ libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(
&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted);
uint8_t to_hash0[64U];
libcrux_ml_kem_utils_into_padded_array_42(
@@ -6535,7 +6610,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
Eurydice_slice uu____2 = Eurydice_array_to_subslice_from(
(size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE,
uint8_t, size_t);
- Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
uint8_t);
uint8_t implicit_rejection_shared_secret[32U];
libcrux_ml_kem_hash_functions_portable_PRF_f1_9f(
@@ -6547,11 +6622,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(
uint8_t copy_of_decrypted[32U];
memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t));
uint8_t expected_ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(
uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext);
uint8_t selector =
libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time(
- libcrux_ml_kem_types_as_ref_00_8c(ciphertext),
+ libcrux_ml_kem_types_as_ref_00_e7(ciphertext),
Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t));
uint8_t ret0[32U];
libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time(
@@ -6587,10 +6662,10 @@ generics
- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120
*/
static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret);
+ libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(key_pair, ciphertext, ret);
}
/**
@@ -6604,7 +6679,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
*private_key,
libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) {
- libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65(
+ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57(
private_key, ciphertext, ret);
}
@@ -6627,7 +6702,7 @@ generics
- ETA2= 2
- ETA2_RANDOMNESS_SIZE= 128
*/
-static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
+static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
uint8_t randomness[32U]) {
uint8_t to_hash[64U];
@@ -6655,7 +6730,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
uint8_t ciphertext[1088U];
- libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness,
+ libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness,
pseudorandomness, ciphertext);
uint8_t shared_secret_array[32U] = {0U};
Eurydice_slice_copy(
@@ -6665,7 +6740,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(
uint8_t copy_of_ciphertext[1088U];
memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t));
libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 =
- libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext);
+ libcrux_ml_kem_types_from_01_96(copy_of_ciphertext);
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_shared_secret_array[32U];
memcpy(copy_of_shared_secret_array, shared_secret_array,
@@ -6698,7 +6773,7 @@ generics
- ETA2_RANDOMNESS_SIZE= 128
*/
static inline tuple_3c
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
uint8_t randomness[32U]) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 =
@@ -6706,7 +6781,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0,
+ return libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(uu____0,
copy_of_randomness);
}
@@ -6726,7 +6801,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[32U];
memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t));
- return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37(
+ return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91(
uu____0, copy_of_randomness);
}
@@ -6745,7 +6820,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) {
+libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_08(size_t _j) {
return libcrux_ml_kem_polynomial_ZERO_ef_1b();
}
@@ -6763,7 +6838,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(
size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) {
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b();
@@ -6782,7 +6857,7 @@ with const generics
*/
static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0
-libcrux_ml_kem_polynomial_clone_8d_26(
+libcrux_ml_kem_polynomial_clone_8d_ef(
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit;
libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U];
@@ -6811,7 +6886,7 @@ libcrux_ml_kem_variant_MlKem with const generics
- ETA1= 2
- ETA1_RANDOMNESS_SIZE= 128
*/
-static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
+static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(
uint8_t randomness[64U],
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2(
@@ -6821,19 +6896,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
(size_t)64U, randomness,
LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t,
size_t);
- libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9(
+ libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86(
ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key,
&out->public_key.ind_cpa_public_key);
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U];
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
- libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]);
+ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(i, A[i]);
}
for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) {
size_t i1 = i0;
for (size_t i = (size_t)0U; i < (size_t)3U; i++) {
size_t j = i;
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 =
- libcrux_ml_kem_polynomial_clone_8d_26(
+ libcrux_ml_kem_polynomial_clone_8d_ef(
&out->public_key.ind_cpa_public_key.A[j][i1]);
A[i1][j] = uu____0;
}
@@ -6846,7 +6921,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(
(size_t)3U *
sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]));
uint8_t pk_serialized[1184U];
- libcrux_ml_kem_ind_cpa_serialize_public_key_07(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_e9(
out->public_key.ind_cpa_public_key.t_as_ntt,
Eurydice_array_to_slice(
(size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t),
@@ -6881,13 +6956,13 @@ const generics
- ETA1_RANDOMNESS_SIZE= 128
*/
static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26(
uint8_t randomness[64U],
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) {
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out);
+ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(copy_of_randomness, out);
}
/**
@@ -6900,7 +6975,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair(
/* Passing arrays by value in Rust generates a copy in C */
uint8_t copy_of_randomness[64U];
memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t));
- libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3(
+ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26(
copy_of_randomness, key_pair);
}
@@ -6916,7 +6991,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_default_1c_bd(void) {
+libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(void) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1();
lit.public_key_hash[0U] = 0U;
@@ -6967,7 +7042,7 @@ with const generics
*/
static KRML_MUSTINLINE
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
- libcrux_ml_kem_ind_cca_unpacked_default_07_db(void) {
+ libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0;
uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9();
uu____0.implicit_rejection_value[0U] = 0U;
@@ -7005,7 +7080,7 @@ static KRML_MUSTINLINE
return (CLITERAL(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){
.private_key = uu____0,
- .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_bd()});
+ .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_e8()});
}
/**
@@ -7013,7 +7088,7 @@ static KRML_MUSTINLINE
*/
static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked
libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
- return libcrux_ml_kem_ind_cca_unpacked_default_07_db();
+ return libcrux_ml_kem_ind_cca_unpacked_default_07_e2();
}
/**
@@ -7021,7 +7096,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) {
*/
static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) {
- return libcrux_ml_kem_ind_cca_unpacked_default_1c_bd();
+ return libcrux_ml_kem_ind_cca_unpacked_default_1c_e8();
}
/**
@@ -7041,10 +7116,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- PUBLIC_KEY_SIZE= 1184
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(
+ libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(
self->ind_cpa_public_key.t_as_ntt,
Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A,
uint8_t),
@@ -7068,10 +7143,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics
- PUBLIC_KEY_SIZE= 1184
*/
static KRML_MUSTINLINE void
-libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(
+libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(
&self->public_key, serialized);
}
@@ -7082,7 +7157,7 @@ static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(key_pair,
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair,
serialized);
}
@@ -7098,7 +7173,7 @@ with const generics
- K= 3
*/
static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(
+libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(
libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) {
libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U];
core_array___core__clone__Clone_for__Array_T__N___20__clone(
@@ -7134,11 +7209,11 @@ with const generics
- K= 3
*/
static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
-libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
+libcrux_ml_kem_ind_cca_unpacked_clone_28_68(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit;
lit.ind_cpa_public_key =
- libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(&self->ind_cpa_public_key);
+ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(&self->ind_cpa_public_key);
uint8_t ret[32U];
core_array___core__clone__Clone_for__Array_T__N___20__clone(
(size_t)32U, self->public_key_hash, ret, uint8_t, void *);
@@ -7161,7 +7236,7 @@ with const generics
- K= 3
*/
static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *
-libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(
+libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) {
return &self->public_key;
}
@@ -7173,8 +7248,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key(
libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) {
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 =
- libcrux_ml_kem_ind_cca_unpacked_clone_28_d3(
- libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(key_pair));
+ libcrux_ml_kem_ind_cca_unpacked_clone_28_68(
+ libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(key_pair));
pk[0U] = uu____0;
}
@@ -7185,7 +7260,7 @@ static inline void
libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key(
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key,
libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) {
- libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(public_key,
+ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(public_key,
serialized);
}
@@ -7208,7 +7283,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
*unpacked_public_key) {
Eurydice_slice uu____0 = Eurydice_array_to_subslice_to(
(size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t);
- libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5(
+ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4(
uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt);
uint8_t uu____1[32U];
libcrux_ml_kem_utils_into_padded_array_423(
@@ -7228,7 +7303,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40(
uint8_t uu____3[32U];
libcrux_ml_kem_hash_functions_portable_H_f1_d5(
Eurydice_array_to_slice((size_t)1184U,
- libcrux_ml_kem_types_as_slice_fd_02(public_key),
+ libcrux_ml_kem_types_as_slice_fd_60(public_key),
uint8_t),
uu____3);
memcpy(unpacked_public_key->public_key_hash, uu____3,
@@ -7248,7 +7323,7 @@ const generics
- PUBLIC_KEY_SIZE= 1184
*/
static inline void
-libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
+libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
*unpacked_public_key) {
@@ -7264,7 +7339,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key(
libcrux_ml_kem_types_MlKemPublicKey_15 *public_key,
libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8
*unpacked_public_key) {
- libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b(
+ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17(
public_key, unpacked_public_key);
}
diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
index e305985cd..f381a6d12 100644
--- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
+++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_mlkem768_portable_types_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
index 6cdf64314..872af5692 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_avx2_H
diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
index cfdd6e5d5..ef344518f 100644
--- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h
+++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h
@@ -8,7 +8,7 @@
* Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac
* Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152
* F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678
- * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf
+ * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1
*/
#ifndef __libcrux_sha3_portable_H
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
index 5bb6b9214..4821be2e5 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst
@@ -101,6 +101,8 @@ let sample_ring_element_cbd
let _:Prims.unit = admit () (* Panic freedom *) in
result
+#push-options "--admit_smt_queries true"
+
let sample_vector_cbd_then_ntt
(v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
(#v_Vector #v_Hasher: Type0)
@@ -183,13 +185,13 @@ let sample_vector_cbd_then_ntt
in
re_as_ntt)
in
- let result:u8 = domain_separator in
- let _:Prims.unit = admit () (* Panic freedom *) in
- let hax_temp_output:u8 = result in
+ let hax_temp_output:u8 = domain_separator in
re_as_ntt, hax_temp_output
<:
(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8)
+#pop-options
+
let sample_vector_cbd_then_ntt_out
(v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize)
(#v_Vector #v_Hasher: Type0)
@@ -297,8 +299,6 @@ let compress_then_serialize_u
let hax_temp_output:Prims.unit = result in
out
-#push-options "--admit_smt_queries true"
-
let deserialize_then_decompress_u
(v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize)
(#v_Vector: Type0)
@@ -357,9 +357,9 @@ let deserialize_then_decompress_u
in
u_as_ntt)
in
- u_as_ntt
-
-#pop-options
+ let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in
+ let _:Prims.unit = admit () (* Panic freedom *) in
+ result
let deserialize_secret_key
(v_K: usize)
@@ -410,7 +410,7 @@ let deserialize_secret_key
let _:Prims.unit = admit () (* Panic freedom *) in
result
-#push-options "--admit_smt_queries true"
+#push-options "--z3rlimit 200"
let serialize_secret_key
(v_K v_OUT_LEN: usize)
@@ -423,51 +423,55 @@ let serialize_secret_key
let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in
let out:t_Array u8 v_OUT_LEN =
Rust_primitives.Hax.Folds.fold_enumerated_slice key
- (fun out temp_1_ ->
+ (fun out i ->
let out:t_Array u8 v_OUT_LEN = out in
- let _:usize = temp_1_ in
- true)
+ let i:usize = i in
+ v i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key (v i)))
out
(fun out temp_1_ ->
let out:t_Array u8 v_OUT_LEN = out in
let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
temp_1_
in
- Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
- ({
- Core.Ops.Range.f_start
- =
- i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
- Core.Ops.Range.f_end
- =
- (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize
- }
- <:
- Core.Ops.Range.t_Range usize)
- (Core.Slice.impl__copy_from_slice #u8
- (out.[ {
- Core.Ops.Range.f_start
- =
- i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
- Core.Ops.Range.f_end
- =
- (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
+ let out:t_Array u8 v_OUT_LEN =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range out
+ ({
+ Core.Ops.Range.f_start
+ =
+ i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
+ Core.Ops.Range.f_end
+ =
+ (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+ (Core.Slice.impl__copy_from_slice #u8
+ (out.[ {
+ Core.Ops.Range.f_start
+ =
+ i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize;
+ Core.Ops.Range.f_end
+ =
+ (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT
+ <:
+ usize
+ }
<:
- usize
- }
+ Core.Ops.Range.t_Range usize ]
<:
- Core.Ops.Range.t_Range usize ]
- <:
- t_Slice u8)
- (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re
- <:
- t_Slice u8)
- <:
- t_Slice u8)
- <:
- t_Array u8 v_OUT_LEN)
+ t_Slice u8)
+ (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re
+ <:
+ t_Slice u8)
+ <:
+ t_Slice u8)
+ in
+ out)
in
- out
+ let result:t_Array u8 v_OUT_LEN = out in
+ let _:Prims.unit = admit () (* Panic freedom *) in
+ result
#pop-options
@@ -544,8 +548,6 @@ let serialize_public_key
let _:Prims.unit = admit () (* Panic freedom *) in
result
-#push-options "--admit_smt_queries true"
-
let decrypt_unpacked
(v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
usize)
@@ -577,8 +579,6 @@ let decrypt_unpacked
in
Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message
-#pop-options
-
let decrypt
(v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR:
usize)
@@ -610,7 +610,7 @@ let decrypt
let _:Prims.unit = admit () (* Panic freedom *) in
result
-#push-options "--admit_smt_queries true"
+#push-options "--z3rlimit 200"
let encrypt_unpacked
(v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
index 11fd6f8e5..34b5b8ade 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti
@@ -143,7 +143,11 @@ val serialize_secret_key
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)
: Prims.Pure (t_Array u8 v_OUT_LEN)
- (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)
+ (requires
+ Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key i)))
(ensures
fun res ->
let res:t_Array u8 v_OUT_LEN = res in
@@ -163,7 +167,10 @@ val serialize_public_key_mut
(requires
Spec.MLKEM.is_rank v_K /\
v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
- v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32)
+ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
(ensures
fun serialized_future ->
let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in
@@ -183,7 +190,10 @@ val serialize_public_key
(requires
Spec.MLKEM.is_rank v_K /\
v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\
- v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32)
+ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i)))
(ensures
fun res ->
let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in
@@ -221,7 +231,8 @@ val decrypt_unpacked
(requires
Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
- v v_VECTOR_U_ENCODED_SIZE <= v v_CIPHERTEXT_SIZE)
+ v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+ v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K)
(fun _ -> Prims.l_True)
val decrypt
@@ -293,10 +304,12 @@ val encrypt_unpacked
v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\
v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\
- v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\
+ v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_LEN == Spec.MLKEM.v_C2_SIZE v_K /\
v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\
- v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\
- v (Core.Slice.impl__len #u8 randomness) <= 33)
+ v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\
+ v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\
+ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\
+ length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE)
(fun _ -> Prims.l_True)
val encrypt
@@ -376,7 +389,23 @@ val generate_keypair_unpacked
Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\
v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\
length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE)
- (fun _ -> Prims.l_True)
+ (ensures
+ fun temp_0_ ->
+ let private_key_future, public_key_future:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked
+ v_K v_Vector &
+ Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) =
+ temp_0_
+ in
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key_future
+ .f_secret_as_ntt
+ i)) /\
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future
+ .f_t_as_ntt
+ i)))
val generate_keypair
(v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE:
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
index 49cb21598..7293e04c6 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst
@@ -38,15 +38,27 @@ let invert_ntt_at_layer_1_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
=
+ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in
+ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init - v round * 4 /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -54,6 +66,11 @@ let invert_ntt_at_layer_1_
in
let round:usize = round in
let zeta_i:usize = zeta_i -! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -76,6 +93,15 @@ let invert_ntt_at_layer_1_
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
let zeta_i:usize = zeta_i -! sz 3 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
@@ -90,15 +116,26 @@ let invert_ntt_at_layer_2_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
=
+ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init - v round * 2 /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -106,6 +143,11 @@ let invert_ntt_at_layer_2_
in
let round:usize = round in
let zeta_i:usize = zeta_i -! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -126,6 +168,15 @@ let invert_ntt_at_layer_2_
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
let zeta_i:usize = zeta_i -! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
@@ -140,15 +191,26 @@ let invert_ntt_at_layer_3_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
=
+ let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init - v round /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -156,6 +218,11 @@ let invert_ntt_at_layer_3_
in
let round:usize = round in
let zeta_i:usize = zeta_i -! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -174,11 +241,22 @@ let invert_ntt_at_layer_3_
<:
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+#push-options "--admit_smt_queries true"
+
let invert_ntt_at_layer_4_plus
(#v_Vector: Type0)
(#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -262,6 +340,8 @@ let invert_ntt_at_layer_4_plus
let hax_temp_output:Prims.unit = () <: Prims.unit in
zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+#pop-options
+
let invert_ntt_montgomery
(v_K: usize)
(#v_Vector: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
index d607a01ec..d83521180 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti
@@ -14,7 +14,36 @@ val inv_ntt_layer_int_vec_step_reduce
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(a b: v_Vector)
(zeta_r: i16)
- : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+ : Prims.Pure (v_Vector & v_Vector)
+ (requires
+ Spec.Utils.is_i16b 1664 zeta_r /\
+ (forall i.
+ i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i))) /\
+ (forall i.
+ i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i))) /\
+ Spec.Utils.is_i16b_array 28296
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add a b)))
+ (fun _ -> Prims.l_True)
+
+[@@ "opaque_to_smt"]
+ let invert_ntt_re_range_1 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
+
+[@@ "opaque_to_smt"]
+ let invert_ntt_re_range_2 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
val invert_ntt_at_layer_1_
(#v_Vector: Type0)
@@ -23,8 +52,14 @@ val invert_ntt_at_layer_1_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 128 /\ invert_ntt_re_range_1 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ invert_ntt_re_range_2 re_future /\ v zeta_i_future == 64)
val invert_ntt_at_layer_2_
(#v_Vector: Type0)
@@ -33,8 +68,14 @@ val invert_ntt_at_layer_2_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 64 /\ invert_ntt_re_range_2 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ invert_ntt_re_range_2 re_future /\ v zeta_i_future == 32)
val invert_ntt_at_layer_3_
(#v_Vector: Type0)
@@ -43,8 +84,14 @@ val invert_ntt_at_layer_3_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 32 /\ invert_ntt_re_range_2 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ invert_ntt_re_range_2 re_future /\ v zeta_i_future == 16)
val invert_ntt_at_layer_4_plus
(#v_Vector: Type0)
@@ -53,7 +100,7 @@ val invert_ntt_at_layer_4_plus
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(layer: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
+ (requires v layer >= 4 /\ v layer <= 7)
(fun _ -> Prims.l_True)
val invert_ntt_montgomery
@@ -62,5 +109,5 @@ val invert_ntt_montgomery
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
: Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
+ (requires invert_ntt_re_range_1 re)
(fun _ -> Prims.l_True)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
index 276b16735..227ecb785 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst
@@ -105,6 +105,8 @@ let compute_As_plus_e
let hax_temp_output:Prims.unit = result in
tt_as_ntt
+#push-options "--admit_smt_queries true"
+
let compute_ring_element_v
(v_K: usize)
(#v_Vector: Type0)
@@ -144,10 +146,12 @@ let compute_ring_element_v
let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result
in
- let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
- let _:Prims.unit = admit () (* Panic freedom *) in
result
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
let compute_vector_u
(v_K: usize)
(#v_Vector: Type0)
@@ -247,10 +251,12 @@ let compute_vector_u
in
result)
in
- let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in
- let _:Prims.unit = admit () (* Panic freedom *) in
result
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
let compute_message
(v_K: usize)
(#v_Vector: Type0)
@@ -291,10 +297,10 @@ let compute_message
let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result
in
- let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in
- let _:Prims.unit = admit () (* Panic freedom *) in
result
+#pop-options
+
let sample_matrix_A
(v_K: usize)
(#v_Vector #v_Hasher: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
index 6947cb795..0520e4a48 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti
@@ -54,7 +54,7 @@ val compute_ring_element_v
let res_spec = to_spec_poly_t res in
res_spec ==
Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #v_K tt_spec r_spec) e2_spec)
- m_spec))
+ m_spec) /\ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res)
/// Compute u := InvertNTT(Aᵀ ◦ r\u{302}) + e₁
val compute_vector_u
@@ -75,7 +75,10 @@ val compute_vector_u
let e_spec = to_spec_vector_t error_1_ in
let res_spec = to_spec_vector_t res in
res_spec ==
- Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec))
+ Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\
+ (forall (i: nat).
+ i < v v_K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index res i)))
/// The following functions compute various expressions involving
/// vectors and matrices. The computation of these expressions has been
@@ -99,7 +102,8 @@ val compute_message
let v_spec = to_spec_poly_t v in
to_spec_poly_t res ==
Spec.MLKEM.(poly_sub v_spec
- (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))))
+ (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))) /\
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res)
val sample_matrix_A
(v_K: usize)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
index da6a5be15..5d86ce050 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst
@@ -35,15 +35,27 @@ let ntt_at_layer_1_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
=
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init + v round * 4 /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -51,6 +63,11 @@ let ntt_at_layer_1_
in
let round:usize = round in
let zeta_i:usize = zeta_i +! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -73,6 +90,15 @@ let ntt_at_layer_1_
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
let zeta_i:usize = zeta_i +! sz 3 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
@@ -87,15 +113,27 @@ let ntt_at_layer_2_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
=
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init + v round * 2 /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -103,6 +141,11 @@ let ntt_at_layer_2_
in
let round:usize = round in
let zeta_i:usize = zeta_i +! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -123,6 +166,15 @@ let ntt_at_layer_2_
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
let zeta_i:usize = zeta_i +! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
@@ -137,15 +189,27 @@ let ntt_at_layer_3_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
=
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in
+ let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in
+ let v__zeta_i_init:usize = zeta_i in
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
Rust_primitives.Hax.Folds.fold_range (sz 0)
(sz 16)
- (fun temp_0_ temp_1_ ->
+ (fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
temp_0_
in
- let _:usize = temp_1_ in
- true)
+ let round:usize = round in
+ v zeta_i == v v__zeta_i_init + v round /\
+ (v round < 16 ==>
+ (forall (i: nat).
+ (i >= v round /\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\
+ (forall (i: nat).
+ i < v round ==>
+ Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))))
(re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
(fun temp_0_ round ->
let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) =
@@ -153,6 +217,11 @@ let ntt_at_layer_3_
in
let round:usize = round in
let zeta_i:usize = zeta_i +! sz 1 in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
{
re with
@@ -171,11 +240,22 @@ let ntt_at_layer_3_
<:
Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector
in
+ let _:Prims.unit =
+ reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
+ let _:Prims.unit =
+ assert (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))
+ in
re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize))
in
let hax_temp_output:Prims.unit = () <: Prims.unit in
zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+#push-options "--admit_smt_queries true"
+
let ntt_at_layer_4_plus
(#v_Vector: Type0)
(#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -185,13 +265,8 @@ let ntt_at_layer_4_plus
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(layer v__initial_coefficient_bound: usize)
=
- let _:Prims.unit =
- if true
- then
- let _:Prims.unit = Hax_lib.v_assert (layer >=. sz 4 <: bool) in
- ()
- in
let step:usize = sz 1 <>! layer <: usize)
@@ -263,6 +338,10 @@ let ntt_at_layer_4_plus
let hax_temp_output:Prims.unit = () <: Prims.unit in
zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
+#pop-options
+
+#push-options "--admit_smt_queries true"
+
let ntt_at_layer_7_
(#v_Vector: Type0)
(#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -271,17 +350,22 @@ let ntt_at_layer_7_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
=
let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in
+ let _:Prims.unit = assert (v step == 8) in
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector =
Rust_primitives.Hax.Folds.fold_range (sz 0)
step
- (fun re temp_1_ ->
+ (fun re j ->
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
- let _:usize = temp_1_ in
- true)
+ let j:usize = j in
+ (v j < 8 ==>
+ (forall (i: nat).
+ (i >= v j /\ i < 8) ==>
+ ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ]))))
re
(fun re j ->
let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in
let j:usize = j in
+ let _:Prims.unit = reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #v_Vector) in
let t:v_Vector =
Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector
#FStar.Tactics.Typeclasses.solve
@@ -329,6 +413,10 @@ let ntt_at_layer_7_
let hax_temp_output:Prims.unit = () <: Prims.unit in
re
+#pop-options
+
+#push-options "--z3rlimit 200"
+
let ntt_binomially_sampled_ring_element
(#v_Vector: Type0)
(#[FStar.Tactics.Typeclasses.tcresolve ()]
@@ -384,6 +472,10 @@ let ntt_binomially_sampled_ring_element
in
re
+#pop-options
+
+#push-options "--z3rlimit 200"
+
let ntt_vector_u
(v_VECTOR_U_COMPRESSION_FACTOR: usize)
(#v_Vector: Type0)
@@ -442,3 +534,5 @@ let ntt_vector_u
(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
in
re
+
+#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
index 7c9cce2de..487f928cf 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti
@@ -14,7 +14,35 @@ val ntt_layer_int_vec_step
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(a b: v_Vector)
(zeta_r: i16)
- : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True)
+ : Prims.Pure (v_Vector & v_Vector)
+ (requires
+ Spec.Utils.is_i16b 1664 zeta_r /\
+ (let t = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe b zeta_r in
+ (forall i.
+ i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\
+ (forall i.
+ i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i)))))
+ (fun _ -> Prims.l_True)
+
+[@@ "opaque_to_smt"]
+ let ntt_re_range_1 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
+
+[@@ "opaque_to_smt"]
+ let ntt_re_range_2 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
val ntt_at_layer_1_
(#v_Vector: Type0)
@@ -23,8 +51,21 @@ val ntt_at_layer_1_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 63 /\ ntt_re_range_2 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ ntt_re_range_1 re_future /\ v zeta_i_future == 127)
+
+[@@ "opaque_to_smt"]
+ let ntt_re_range_3 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
val ntt_at_layer_2_
(#v_Vector: Type0)
@@ -33,8 +74,21 @@ val ntt_at_layer_2_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 31 /\ ntt_re_range_3 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ ntt_re_range_2 re_future /\ v zeta_i_future == 63)
+
+[@@ "opaque_to_smt"]
+ let ntt_re_range_4 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))
val ntt_at_layer_3_
(#v_Vector: Type0)
@@ -43,8 +97,14 @@ val ntt_at_layer_3_
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(v__layer v__initial_coefficient_bound: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires v zeta_i == 15 /\ ntt_re_range_4 re)
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ ntt_re_range_3 re_future /\ v zeta_i_future == 31)
val ntt_at_layer_4_plus
(#v_Vector: Type0)
@@ -53,15 +113,46 @@ val ntt_at_layer_4_plus
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
(layer v__initial_coefficient_bound: usize)
: Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
- (fun _ -> Prims.l_True)
+ (requires
+ v layer >= 4 /\ v layer <= 7 /\
+ ((v layer == 4 ==> v zeta_i == 7) /\ (v layer == 5 ==> v zeta_i == 3) /\
+ (v layer == 6 ==> v zeta_i == 1) /\ (v layer == 7 ==> v zeta_i == 0)))
+ (ensures
+ fun temp_0_ ->
+ let zeta_i_future, re_future:(usize &
+ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ temp_0_
+ in
+ ntt_re_range_4 re_future /\ (v layer == 4 ==> v zeta_i_future == 15) /\
+ (v layer == 5 ==> v zeta_i_future == 7) /\ (v layer == 6 ==> v zeta_i_future == 3) /\
+ (v layer == 7 ==> v zeta_i_future == 1))
+
+[@@ "opaque_to_smt"]
+ let ntt_layer_7_pre (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re_0 re_1: v_Vector) =
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\
+ (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))
val ntt_at_layer_7_
(#v_Vector: Type0)
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
: Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
+ (requires
+ forall i.
+ i < 8 ==>
+ ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ]))
(fun _ -> Prims.l_True)
val ntt_binomially_sampled_ring_element
@@ -69,7 +160,10 @@ val ntt_binomially_sampled_ring_element
{| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
(re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
: Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)
- Prims.l_True
+ (requires
+ forall i.
+ i < 8 ==>
+ ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ]))
(fun _ -> Prims.l_True)
val ntt_vector_u
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
index 3d92db16f..3d527ad48 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst
@@ -820,7 +820,11 @@ let deserialize_ring_elements_reduced_out
let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk
in
- deserialized_pk
+ let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+ deserialized_pk
+ in
+ let _:Prims.unit = admit () (* Panic freedom *) in
+ result
let deserialize_to_uncompressed_ring_element
(#v_Vector: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
index 2d1d64184..129fd3ced 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti
@@ -212,7 +212,12 @@ val deserialize_ring_elements_reduced_out
(requires
Spec.MLKEM.is_rank v_K /\
Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K))
- (fun _ -> Prims.l_True)
+ (ensures
+ fun result ->
+ let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K =
+ result
+ in
+ forall (i: nat). i < v v_K ==> coefficients_field_modulus_range (Seq.index result i))
val deserialize_to_uncompressed_ring_element
(#v_Vector: Type0)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
new file mode 100644
index 000000000..943518133
--- /dev/null
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti
@@ -0,0 +1,243 @@
+module Libcrux_ml_kem.Variant
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+ (* This module has implicit dependencies, here we make them explicit. *)
+ (* The implicit dependencies arise from typeclasses instances. *)
+ let open Libcrux_ml_kem.Hash_functions in
+ ()
+
+/// Implements [`Variant`], to perform the ML-KEM-specific actions
+/// during encapsulation and decapsulation.
+/// Specifically,
+/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber)
+/// * during encapsulation, the initial randomness is used without prior hashing,
+/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext.
+type t_MlKem = | MlKem : t_MlKem
+
+/// This trait collects differences in specification between ML-KEM
+/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the
+/// NIST PQ competition.
+/// cf. FIPS 203, Appendix C
+class t_Variant (v_Self: Type0) = {
+ f_kdf_pre:
+ v_K: usize ->
+ v_CIPHERTEXT_SIZE: usize ->
+ #v_Hasher: Type0 ->
+ {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ shared_secret: t_Slice u8 ->
+ ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE
+ -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred};
+ f_kdf_post:
+ v_K: usize ->
+ v_CIPHERTEXT_SIZE: usize ->
+ #v_Hasher: Type0 ->
+ {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ shared_secret: t_Slice u8 ->
+ ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE ->
+ res: t_Array u8 (sz 32)
+ -> pred: Type0{pred ==> res == shared_secret};
+ f_kdf:
+ v_K: usize ->
+ v_CIPHERTEXT_SIZE: usize ->
+ #v_Hasher: Type0 ->
+ {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ x0: t_Slice u8 ->
+ x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE
+ -> Prims.Pure (t_Array u8 (sz 32))
+ (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1)
+ (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result);
+ f_entropy_preprocess_pre:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ randomness: t_Slice u8
+ -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred};
+ f_entropy_preprocess_post:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ randomness: t_Slice u8 ->
+ res: t_Array u8 (sz 32)
+ -> pred: Type0{pred ==> res == randomness};
+ f_entropy_preprocess:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ x0: t_Slice u8
+ -> Prims.Pure (t_Array u8 (sz 32))
+ (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0)
+ (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result);
+ f_cpa_keygen_seed_pre:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ seed: t_Slice u8
+ -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred};
+ f_cpa_keygen_seed_post:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ t_Slice u8 ->
+ t_Array u8 (sz 64)
+ -> Type0;
+ f_cpa_keygen_seed:
+ v_K: usize ->
+ #v_Hasher: Type0 ->
+ {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} ->
+ x0: t_Slice u8
+ -> Prims.Pure (t_Array u8 (sz 64))
+ (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0)
+ (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result)
+}
+
+[@@ FStar.Tactics.Typeclasses.tcinstance]
+let impl: t_Variant t_MlKem =
+ {
+ f_kdf_pre
+ =
+ (fun
+ (v_K: usize)
+ (v_CIPHERTEXT_SIZE: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i1:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (shared_secret: t_Slice u8)
+ (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+ ->
+ (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32);
+ f_kdf_post
+ =
+ (fun
+ (v_K: usize)
+ (v_CIPHERTEXT_SIZE: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i1:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (shared_secret: t_Slice u8)
+ (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+ (res: t_Array u8 (sz 32))
+ ->
+ res == shared_secret);
+ f_kdf
+ =
+ (fun
+ (v_K: usize)
+ (v_CIPHERTEXT_SIZE: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i1:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (shared_secret: t_Slice u8)
+ (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE)
+ ->
+ let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+ let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in
+ out);
+ f_entropy_preprocess_pre
+ =
+ (fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i3:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (randomness: t_Slice u8)
+ ->
+ (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32);
+ f_entropy_preprocess_post
+ =
+ (fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i3:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (randomness: t_Slice u8)
+ (res: t_Array u8 (sz 32))
+ ->
+ res == randomness);
+ f_entropy_preprocess
+ =
+ (fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i3:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (randomness: t_Slice u8)
+ ->
+ let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in
+ let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in
+ out);
+ f_cpa_keygen_seed_pre
+ =
+ (fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i4:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (key_generation_seed: t_Slice u8)
+ ->
+ (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32);
+ f_cpa_keygen_seed_post
+ =
+ (fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i4:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (key_generation_seed: t_Slice u8)
+ (out: t_Array u8 (sz 64))
+ ->
+ true);
+ f_cpa_keygen_seed
+ =
+ fun
+ (v_K: usize)
+ (#v_Hasher: Type0)
+ (#[FStar.Tactics.Typeclasses.tcresolve ()]
+ i4:
+ Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K)
+ (key_generation_seed: t_Slice u8)
+ ->
+ let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in
+ let seed:t_Array u8 (sz 33) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed
+ ({
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+ }
+ <:
+ Core.Ops.Range.t_Range usize)
+ (Core.Slice.impl__copy_from_slice #u8
+ (seed.[ {
+ Core.Ops.Range.f_start = sz 0;
+ Core.Ops.Range.f_end
+ =
+ Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+ }
+ <:
+ Core.Ops.Range.t_Range usize ]
+ <:
+ t_Slice u8)
+ key_generation_seed
+ <:
+ t_Slice u8)
+ in
+ let seed:t_Array u8 (sz 33) =
+ Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed
+ Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE
+ (cast (v_K <: usize) <: u8)
+ in
+ Libcrux_ml_kem.Hash_functions.f_G #v_Hasher
+ #v_K
+ #FStar.Tactics.Typeclasses.solve
+ (seed <: t_Slice u8)
+ }
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
index c6edc5b32..e1c2e554d 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst
@@ -85,7 +85,7 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
in
result
-#push-options "--z3rlimit 100"
+#push-options "--z3rlimit 200 --split_queries always"
let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =
@@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) =
#pop-options
-#push-options "--z3rlimit 100"
+#push-options "--z3rlimit 200"
let montgomery_multiply_by_constant
(vector: Libcrux_intrinsics.Avx2_extract.t_Vec256)
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
index 3217ddbc2..57d1a48ac 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti
@@ -413,8 +413,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector =
->
Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs));
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
f_ntt_multiply_post
=
(fun
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
index 16b31ced7..06bc6c676 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst
@@ -12,18 +12,35 @@ let inv_ntt_step
(vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -!
(vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16)
in
- let o0:i16 =
- Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec
- .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ]
- <:
- i16) +!
- (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16)
- <:
- i16)
+ let a_plus_b:i16 =
+ (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) +!
+ (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16)
in
+ let _:Prims.unit =
+ assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i)));
+ assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))
+ in
+ let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element a_plus_b in
let o1:i16 =
Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta
in
+ let _:Prims.unit =
+ calc ( == ) {
+ v o0 % 3329;
+ ( == ) { () }
+ v a_plus_b % 3329;
+ ( == ) { () }
+ (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329;
+ };
+ calc ( == ) {
+ v o1 % 3329;
+ ( == ) { () }
+ (v a_minus_b * v zeta * 169) % 3329;
+ ( == ) { () }
+ ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) %
+ 3329;
+ }
+ in
let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
{
vec with
@@ -50,6 +67,10 @@ let inv_ntt_step
<:
Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
in
+ let _:Prims.unit =
+ assert (Seq.index vec.f_elements (v i) == o0);
+ assert (Seq.index vec.f_elements (v j) == o1)
+ in
vec
#push-options "--z3rlimit 200"
@@ -173,18 +194,24 @@ let inv_ntt_layer_3_step
#pop-options
-#push-options "--z3rlimit 200 --split_queries always --query_stats"
+#push-options "--z3rlimit 250 --split_queries always --query_stats --ext context_prune"
let ntt_multiply_binomials
(a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
(zeta: i16)
- (i j: usize)
+ (i: usize)
(out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
=
- let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in
- let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in
- let aj:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in
- let bj:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in
+ let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in
+ let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in
+ let aj:i16 =
+ a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize
+ ]
+ in
+ let bj:i16 =
+ b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize
+ ]
+ in
let _:Prims.unit =
assert (Spec.Utils.is_i16b 3328 ai);
assert (Spec.Utils.is_i16b 3328 bi);
@@ -211,6 +238,8 @@ let ntt_multiply_binomials
(v ai_bi_aj_bj * 169) % 3329;
( == ) { assert (v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) }
((v ai_bi + v aj_bj_zeta) * 169) % 3329;
+ ( == ) { assert (v ai_bi == v ai * v bi) }
+ (((v ai * v bi) + v aj_bj_zeta) * 169) % 3329;
( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) }
(((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329;
( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 }
@@ -241,6 +270,20 @@ let ntt_multiply_binomials
let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi) in
let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in
let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in
+ let _:Prims.unit =
+ calc ( == ) {
+ v o1 % 3329;
+ ( == ) { () }
+ (v ai_bj_aj_bi * 169) % 3329;
+ ( == ) { assert (v ai_bj_aj_bi == v ai_bj + v aj_bi) }
+ ((v ai_bj + v aj_bi) * 169) % 3329;
+ ( == ) { assert (v ai_bj == v ai * v bj) }
+ ((v ai * v bj + v aj_bi) * 169) % 3329;
+ ( == ) { assert (v aj_bi == v aj * v bi) }
+ ((v ai * v bj + v aj * v bi) * 169) % 3329;
+ }
+ in
+ let v__out0:t_Array i16 (sz 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
{
out with
@@ -248,7 +291,7 @@ let ntt_multiply_binomials
=
Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out
.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
- i
+ (sz 2 *! i <: usize)
o0
}
<:
@@ -261,19 +304,24 @@ let ntt_multiply_binomials
=
Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out
.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
- j
+ ((sz 2 *! i <: usize) +! sz 1 <: usize)
o1
}
<:
Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
in
- let _:Prims.unit = admit () in
+ let _:Prims.unit =
+ assert (Seq.index out.f_elements (2 * v i) == o0);
+ assert (Seq.index out.f_elements (2 * v i + 1) == o1);
+ assert (Spec.Utils.is_i16b_array 3328 out.f_elements);
+ assert (forall k.
+ (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k)
+ in
+ let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in
out
#pop-options
-#push-options "--admit_smt_queries true"
-
let ntt_step
(vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
(zeta: i16)
@@ -286,6 +334,51 @@ let ntt_step
i16)
zeta
in
+ let _:Prims.unit =
+ assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))
+ in
+ let a_minus_t:i16 =
+ (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t
+ in
+ let _:Prims.unit =
+ calc ( == ) {
+ v a_minus_t % 3329;
+ ( == ) { () }
+ (v (Seq.index vec.f_elements (v i)) - v t) % 3329;
+ ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 }
+ (v (Seq.index vec.f_elements (v i)) - (v t % 3329)) % 3329;
+ ( == ) { () }
+ (v (Seq.index vec.f_elements (v i)) -
+ ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) %
+ 3329;
+ ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i)))
+ (v (Seq.index vec.f_elements (v j)) * v zeta * 169)
+ 3329 }
+ (v (Seq.index vec.f_elements (v i)) - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) %
+ 3329;
+ }
+ in
+ let a_plus_t:i16 =
+ (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t
+ in
+ let _:Prims.unit =
+ calc ( == ) {
+ v a_plus_t % 3329;
+ ( == ) { () }
+ (v (Seq.index vec.f_elements (v i)) + v t) % 3329;
+ ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 }
+ (v (Seq.index vec.f_elements (v i)) + (v t % 3329)) % 3329;
+ ( == ) { () }
+ (v (Seq.index vec.f_elements (v i)) +
+ ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) %
+ 3329;
+ ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i)))
+ (v (Seq.index vec.f_elements (v j)) * v zeta * 169)
+ 3329 }
+ (v (Seq.index vec.f_elements (v i)) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) %
+ 3329;
+ }
+ in
let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
{
vec with
@@ -294,7 +387,7 @@ let ntt_step
Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec
.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
j
- ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16)
+ a_minus_t
}
<:
Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
@@ -307,15 +400,17 @@ let ntt_step
Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec
.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements
i
- ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16)
+ a_plus_t
}
<:
Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
in
+ let _:Prims.unit =
+ assert (Seq.index vec.f_elements (v i) == a_plus_t);
+ assert (Seq.index vec.f_elements (v j) == a_minus_t)
+ in
vec
-#pop-options
-
#push-options "--z3rlimit 100"
let ntt_layer_1_step
@@ -432,31 +527,41 @@ let ntt_multiply
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs zeta0 (sz 0) (sz 1) out
+ ntt_multiply_binomials lhs rhs zeta0 (sz 0) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs nzeta0 (sz 2) (sz 3) out
+ ntt_multiply_binomials lhs rhs nzeta0 (sz 1) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs zeta1 (sz 4) (sz 5) out
+ ntt_multiply_binomials lhs rhs zeta1 (sz 2) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs nzeta1 (sz 6) (sz 7) out
+ ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out
in
- let _:Prims.unit = admit () in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs zeta2 (sz 8) (sz 9) out
+ ntt_multiply_binomials lhs rhs zeta2 (sz 4) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs nzeta2 (sz 10) (sz 11) out
+ ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs zeta3 (sz 12) (sz 13) out
+ ntt_multiply_binomials lhs rhs zeta3 (sz 6) out
in
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
- ntt_multiply_binomials lhs rhs nzeta3 (sz 14) (sz 15) out
+ ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out
in
- out
+ let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in
+ let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in
+ let _:Prims.unit = admit () (* Panic freedom *) in
+ result
#pop-options
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
index 344545f74..1b1a575e4 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti
@@ -3,13 +3,15 @@ module Libcrux_ml_kem.Vector.Portable.Ntt
open Core
open FStar.Mul
+[@@ "opaque_to_smt"]
+
val inv_ntt_step
(vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
(zeta: i16)
(i j: usize)
: Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
(requires
- v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\
+ v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\
Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements)
(ensures
fun vec_future ->
@@ -18,8 +20,9 @@ val inv_ntt_step
(forall k.
(k <> v i /\ k <> v j) ==>
Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\
- (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\
- Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j))))
+ Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\
+ Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)) /\
+ Spec.Utils.inv_ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements)
val inv_ntt_layer_1_step
(vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
@@ -56,6 +59,8 @@ val inv_ntt_layer_3_step
let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in
Spec.Utils.is_i16b_array 3328 result.f_elements)
+[@@ "opaque_to_smt"]
+
/// Compute the product of two Kyber binomials with respect to the
/// modulus `X² - zeta`.
/// This function almost implements Algorithm 11 of the
@@ -75,40 +80,40 @@ val inv_ntt_layer_3_step
val ntt_multiply_binomials
(a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
(zeta: i16)
- (i j: usize)
+ (i: usize)
(out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
: Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
(requires
- v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\
- Spec.Utils.is_i16b_array 3228 a.f_elements /\ Spec.Utils.is_i16b_array 3228 b.f_elements)
+ v i < 8 /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 a.f_elements /\
+ Spec.Utils.is_i16b_array 3328 b.f_elements /\ Spec.Utils.is_i16b_array 3328 out.f_elements)
(ensures
fun out_future ->
let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in
- Spec.Utils.is_i16b_array 3328 out.f_elements /\
+ Spec.Utils.is_i16b_array 3328 out_future.f_elements /\
(forall k.
- (k <> v i /\ k <> v j) ==>
+ (k <> 2 * v i /\ k <> 2 * v i + 1) ==>
Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\
- (let ai = Seq.index a.f_elements (v i) in
- let aj = Seq.index a.f_elements (v j) in
- let bi = Seq.index b.f_elements (v i) in
- let bj = Seq.index b.f_elements (v j) in
- let oi = Seq.index out_future.f_elements (v i) in
- let oj = Seq.index out_future.f_elements (v j) in
- let x, y =
- Spec.MLKEM.Math.poly_base_case_multiply (v ai % 3329)
- (v aj % 3329)
- (v bi % 3329)
- (v bj % 3329)
- ((v zeta * 169) % 3329)
- in
- ((x * 169) % 3329 == v oi % 3329) /\ (y * 169) % 3329 == v oj % 3329))
+ (let ai = Seq.index a.f_elements (2 * v i) in
+ let aj = Seq.index a.f_elements (2 * v i + 1) in
+ let bi = Seq.index b.f_elements (2 * v i) in
+ let bj = Seq.index b.f_elements (2 * v i + 1) in
+ let oi = Seq.index out_future.f_elements (2 * v i) in
+ let oj = Seq.index out_future.f_elements (2 * v i + 1) in
+ ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\
+ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329))))
+
+[@@ "opaque_to_smt"]
val ntt_step
(vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
(zeta: i16)
(i j: usize)
: Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
- (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta)
+ (requires
+ v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\
+ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\
+ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ i ] /\
+ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ j ])
(ensures
fun vec_future ->
let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in
@@ -119,7 +124,8 @@ val ntt_step
(Spec.Utils.is_i16b b vec.f_elements.[ i ] /\
Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==>
(Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\
- Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])))
+ Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])) /\
+ Spec.Utils.ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements)
val ntt_layer_1_step
(vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
@@ -162,9 +168,32 @@ val ntt_multiply
(requires
Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
- Spec.Utils.is_i16b_array 3228 lhs.f_elements /\ Spec.Utils.is_i16b_array 3228 rhs.f_elements
+ Spec.Utils.is_i16b_array 3328 lhs.f_elements /\ Spec.Utils.is_i16b_array 3328 rhs.f_elements
)
(ensures
fun result ->
let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in
- Spec.Utils.is_i16b_array 3328 result.f_elements)
+ Spec.Utils.is_i16b_array 3328 result.f_elements /\
+ (let zetas =
+ Seq.seq_of_list [
+ v zeta0;
+ - v zeta0;
+ v zeta1;
+ - v zeta1;
+ v zeta2;
+ - v zeta2;
+ v zeta3;
+ - v zeta3
+ ]
+ in
+ (forall (i: nat).
+ i < 8 ==>
+ (let ai = Seq.index lhs.f_elements (2 * i) in
+ let aj = Seq.index lhs.f_elements (2 * i + 1) in
+ let bi = Seq.index rhs.f_elements (2 * i) in
+ let bj = Seq.index rhs.f_elements (2 * i + 1) in
+ let oi = Seq.index result.f_elements (2 * i) in
+ let oj = Seq.index result.f_elements (2 * i + 1) in
+ ((v oi % 3329) ==
+ (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\
+ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329))))))
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
new file mode 100644
index 000000000..0ca12f7ff
--- /dev/null
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst
@@ -0,0 +1,59 @@
+module Libcrux_ml_kem.Vector.Portable
+#set-options "--fuel 0 --ifuel 1 --z3rlimit 100"
+open Core
+open FStar.Mul
+
+let _ =
+ (* This module has implicit dependencies, here we make them explicit. *)
+ (* The implicit dependencies arise from typeclasses instances. *)
+ let open Libcrux_ml_kem.Vector.Portable.Vector_type in
+ let open Libcrux_ml_kem.Vector.Traits in
+ ()
+
+let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a
+
+let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a
+
+let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a
+
+let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a
+
+let deserialize_1_ (a: t_Slice u8) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a
+
+let deserialize_10_ (a: t_Slice u8) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a
+
+let deserialize_12_ (a: t_Slice u8) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a
+
+let deserialize_4_ (a: t_Slice u8) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a
+
+let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a
+
+let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a
+
+let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a
+
+let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) =
+ let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in
+ let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in
+ Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
index 2c4690115..064561e44 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti
@@ -30,7 +30,91 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x
}
-#push-options "--z3rlimit 200"
+val deserialize_11_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 22)
+ (fun _ -> Prims.l_True)
+
+val deserialize_5_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 10)
+ (fun _ -> Prims.l_True)
+
+val serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True)
+
+val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True)
+
+val deserialize_1_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 2)
+ (ensures
+ fun out ->
+ let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in
+ sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out))
+
+val deserialize_10_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 20)
+ (ensures
+ fun out ->
+ let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in
+ sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out))
+
+val deserialize_12_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 24)
+ (ensures
+ fun out ->
+ let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in
+ sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out))
+
+val deserialize_4_ (a: t_Slice u8)
+ : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector
+ (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 8)
+ (ensures
+ fun out ->
+ let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in
+ sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out))
+
+val serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 2))
+ (requires Spec.MLKEM.serialize_pre 1 (impl.f_repr a))
+ (ensures
+ fun out ->
+ let out:t_Array u8 (sz 2) = out in
+ Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==>
+ Spec.MLKEM.serialize_post 1 (impl.f_repr a) out)
+
+val serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 20))
+ (requires Spec.MLKEM.serialize_pre 10 (impl.f_repr a))
+ (ensures
+ fun out ->
+ let out:t_Array u8 (sz 20) = out in
+ Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==>
+ Spec.MLKEM.serialize_post 10 (impl.f_repr a) out)
+
+val serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 24))
+ (requires Spec.MLKEM.serialize_pre 12 (impl.f_repr a))
+ (ensures
+ fun out ->
+ let out:t_Array u8 (sz 24) = out in
+ Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==>
+ Spec.MLKEM.serialize_post 12 (impl.f_repr a) out)
+
+val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector)
+ : Prims.Pure (t_Array u8 (sz 8))
+ (requires Spec.MLKEM.serialize_pre 4 (impl.f_repr a))
+ (ensures
+ fun out ->
+ let out:t_Array u8 (sz 8) = out in
+ Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==>
+ Spec.MLKEM.serialize_post 4 (impl.f_repr a) out)
+
+#push-options "--z3rlimit 400 --split_queries always"
[@@ FStar.Tactics.Typeclasses.tcinstance]
let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations
@@ -453,8 +537,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
->
Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs));
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs));
f_ntt_multiply_post
=
(fun
@@ -492,23 +576,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Spec.MLKEM.serialize_post 1 (impl.f_repr a) out);
f_serialize_1_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- let _:Prims.unit =
- assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1)
- in
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a);
f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2);
f_deserialize_1_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out));
- f_deserialize_1_
- =
- (fun (a: t_Slice u8) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a);
+ f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a);
f_serialize_4_pre
=
(fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
@@ -523,23 +597,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Spec.MLKEM.serialize_post 4 (impl.f_repr a) out);
f_serialize_4_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- let _:Prims.unit =
- assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4)
- in
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a);
f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8);
f_deserialize_4_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out));
- f_deserialize_4_
- =
- (fun (a: t_Slice u8) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a);
+ f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a);
f_serialize_5_pre
=
(fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
@@ -552,15 +616,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
true);
f_serialize_5_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a);
f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10);
f_deserialize_5_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
- f_deserialize_5_
- =
- (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a);
+ f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a);
f_serialize_10_pre
=
(fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
@@ -575,22 +636,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Spec.MLKEM.serialize_post 10 (impl.f_repr a) out);
f_serialize_10_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a);
f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20);
f_deserialize_10_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out));
- f_deserialize_10_
- =
- (fun (a: t_Slice u8) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in
- let _:Prims.unit =
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a
- in
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a);
+ f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a);
f_serialize_11_pre
=
(fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
@@ -603,15 +655,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
true);
f_serialize_11_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a);
f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22);
f_deserialize_11_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true);
- f_deserialize_11_
- =
- (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a);
+ f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a);
f_serialize_12_pre
=
(fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
@@ -626,22 +675,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector =
Spec.MLKEM.serialize_post 12 (impl.f_repr a) out);
f_serialize_12_
=
- (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in
- Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a);
+ (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a);
f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24);
f_deserialize_12_post
=
(fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) ->
sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out));
- f_deserialize_12_
- =
- (fun (a: t_Slice u8) ->
- let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in
- let _:Prims.unit =
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a
- in
- Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a);
+ f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a);
f_rej_sample_pre
=
(fun (a: t_Slice u8) (out: t_Slice i16) ->
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
index e2a2bbbe4..cb32321d0 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti
@@ -271,7 +271,7 @@ class t_Operations (v_Self: Type0) = {
Type0
{ Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\
Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\
- Spec.Utils.is_i16b_array 3228 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3228 (f_repr rhs) ==>
+ Spec.Utils.is_i16b_array 3328 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3328 (f_repr rhs) ==>
pred };
f_ntt_multiply_post:
lhs: v_Self ->
diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
index 463318ece..b7a4485d1 100644
--- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile
+++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile
@@ -1,9 +1,6 @@
SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst
ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \
- Libcrux_ml_kem.Invert_ntt.fst \
- Libcrux_ml_kem.Ntt.fst \
- Libcrux_ml_kem.Vector.Portable.fsti \
Libcrux_ml_kem.Vector.Avx2.fsti \
Libcrux_ml_kem.Vector.Avx2.fst \
Libcrux_ml_kem.Vector.Avx2.Ntt.fst \
diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
index 15a4d03a0..1c6ed14b1 100644
--- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
+++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst
@@ -159,6 +159,9 @@ let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i1
let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i)
let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i)
+[@ "opaque_to_smt"]
+let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = is_i16b_array l x
+
let is_i32b (l:nat) (x:i32) = is_intb l (v x)
let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i)
@@ -186,9 +189,12 @@ let lemma_mul_intb (b1 b2: nat) (n1 n2: int) =
lemma_abs_bound (n1 * n2) (b1 * b2)
#pop-options
+#push-options "--z3rlimit 200"
val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16)
: Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31))
- (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32))))
+ (ensures (range (v n1 * v n2) i32_inttype /\
+ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)) /\
+ v ((cast n1 <: i32) *! (cast n2 <: i32)) == v n1 * v n2))
let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) =
if v n1 = 0 || v n2 = 0
@@ -201,6 +207,7 @@ let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) =
lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2;
lemma_mult_le_right b2 (abs (v n1)) b1;
lemma_abs_bound (v n1 * v n2) (b1 * b2)
+#pop-options
val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) :
Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15))
@@ -467,3 +474,20 @@ let lemma_shift_right_15_i16 (x:i16):
Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s;
Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s);
()
+
+val ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len})
+ (vec_out: t_Array i16 len) : Type0
+let ntt_spec vec_in zeta i j vec_out =
+ ((v (Seq.index vec_out i) % 3329) ==
+ ((v (Seq.index vec_in i) + (v (Seq.index vec_in j) * zeta * 169)) % 3329)) /\
+ ((v (Seq.index vec_out j) % 3329) ==
+ ((v (Seq.index vec_in i) - (v (Seq.index vec_in j) * zeta * 169)) % 3329))
+
+val inv_ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len})
+ (vec_out: t_Array i16 len) : Type0
+let inv_ntt_spec vec_in zeta i j vec_out =
+ ((v (Seq.index vec_out i) % 3329) ==
+ ((v (Seq.index vec_in j) + v (Seq.index vec_in i)) % 3329)) /\
+ ((v (Seq.index vec_out j) % 3329) ==
+ (((v (Seq.index vec_in j) - v (Seq.index vec_in i)) * zeta * 169) % 3329))
+
diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs
index e00498e93..81aa3e1e8 100644
--- a/libcrux-ml-kem/src/ind_cpa.rs
+++ b/libcrux-ml-kem/src/ind_cpa.rs
@@ -64,7 +64,9 @@ use unpacked::*;
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
$RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
$PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
- length $seed_for_a == sz 32"))]
+ length $seed_for_a == sz 32 /\\
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))]
#[hax_lib::ensures(|res|
fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K
(Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt))
@@ -94,7 +96,9 @@ pub(crate) fn serialize_public_key<
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
$RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\
$PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\
- length $seed_for_a == sz 32"))]
+ length $seed_for_a == sz 32 /\\
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))]
#[hax_lib::ensures(|res|
fstar!("${serialized}_future ==
Seq.append (Spec.MLKEM.vector_encode_12 #$K
@@ -121,9 +125,12 @@ pub(crate) fn serialize_public_key_mut<
/// Call [`serialize_uncompressed_ring_element`] for each ring element.
#[inline(always)]
-#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::fstar::verification_status(panic_free)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
- $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))]
+ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key i))"))]
#[hax_lib::ensures(|res|
fstar!("$res == Spec.MLKEM.vector_encode_12 #$K
(Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)")
@@ -135,6 +142,8 @@ pub(crate) fn serialize_secret_key
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))") });
out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT]
.copy_from_slice(&serialize_uncompressed_ring_element(&re));
}
@@ -178,7 +187,7 @@ fn sample_ring_element_cbd<
/// Sample a vector of ring elements from a centered binomial distribution and
/// convert them into their NTT representations.
#[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::verification_status(lax)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
$ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
$ETA == Spec.MLKEM.v_ETA1 $K /\\
@@ -290,6 +299,12 @@ fn sample_vector_cbd_then_ntt_out<
$ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
$ETA1 == Spec.MLKEM.v_ETA1 $K /\\
length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))]
+#[hax_lib::ensures(|_| fstar!("
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key}_future.f_t_as_ntt i))
+"))]
pub(crate) fn generate_keypair_unpacked<
const K: usize,
const ETA1: usize,
@@ -461,17 +476,19 @@ fn compress_then_serialize_u<
/// The NIST FIPS 203 standard can be found at
/// .
#[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\
- v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\\
- v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\
- v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\
- v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\
- v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\\
- v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\\
- v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\\
- v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\\
- v (${randomness.len()}) <= 33"))]
+#[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
+ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\
+ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\
+ $ETA2 == Spec.MLKEM.v_ETA2 $K /\\
+ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\
+ $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\
+ $C2_LEN == Spec.MLKEM.v_C2_SIZE $K /\\
+ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
+ $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+ $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\
+ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
+ length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))]
pub(crate) fn encrypt_unpacked<
const K: usize,
const CIPHERTEXT_SIZE: usize,
@@ -630,7 +647,7 @@ pub(crate) fn encrypt<
/// Call [`deserialize_then_decompress_ring_element_u`] on each ring element
/// in the `ciphertext`.
#[inline(always)]
-#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::fstar::verification_status(panic_free)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
$CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
$U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))]
@@ -704,11 +721,11 @@ fn deserialize_secret_key(
/// The NIST FIPS 203 standard can be found at
/// .
#[allow(non_snake_case)]
-#[hax_lib::fstar::verification_status(lax)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\
$CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\
$U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\
- v $VECTOR_U_ENCODED_SIZE <= v $CIPHERTEXT_SIZE"))]
+ $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\
+ $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"))]
pub(crate) fn decrypt_unpacked<
const K: usize,
const CIPHERTEXT_SIZE: usize,
diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs
index 6693e3343..49fa7fea5 100644
--- a/libcrux-ml-kem/src/invert_ntt.rs
+++ b/libcrux-ml-kem/src/invert_ntt.rs
@@ -5,15 +5,43 @@ use crate::{
};
#[inline(always)]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let invert_ntt_re_range_2 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let invert_ntt_re_range_1 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 128 /\\
+ invert_ntt_re_range_1 $re"))]
+#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
+ v ${*zeta_i}_future == 64"))]
pub(crate) fn invert_ntt_at_layer_1(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)");
+ hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4 /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (4 * 3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i -= 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] = Vector::inv_ntt_layer_1_step(
re.coefficients[round],
get_zeta (*zeta_i),
@@ -22,47 +50,103 @@ pub(crate) fn invert_ntt_at_layer_1(
get_zeta (*zeta_i - 3),
);
*zeta_i -= 3;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 64 /\\
+ invert_ntt_re_range_2 $re "))]
+#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
+ v ${*zeta_i}_future == 32"))]
pub(crate) fn invert_ntt_at_layer_2(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2 /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i -= 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] = Vector::inv_ntt_layer_2_step(
re.coefficients[round],
get_zeta (*zeta_i),
get_zeta (*zeta_i - 1),
);
*zeta_i -= 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 32 /\\
+ invert_ntt_re_range_2 $re"))]
+#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\
+ v ${*zeta_i}_future == 16"))]
pub(crate) fn invert_ntt_at_layer_3(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i -= 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] =
Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i));
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i))) /\\
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i))) /\\
+ Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array
+ (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))]
pub(crate) fn inv_ntt_layer_int_vec_step_reduce(
mut a: Vector,
mut b: Vector,
@@ -73,7 +157,10 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce(
b = montgomery_multiply_fe::(a_minus_b, zeta_r);
(a, b)
}
+
#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7"))]
pub(crate) fn invert_ntt_at_layer_4_plus(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
@@ -104,6 +191,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus(
}
#[inline(always)]
+#[hax_lib::requires(fstar!("invert_ntt_re_range_1 $re"))]
pub(crate) fn invert_ntt_montgomery(
re: &mut PolynomialRingElement,
) {
diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs
index fb15a7e99..855b45891 100644
--- a/libcrux-ml-kem/src/matrix.rs
+++ b/libcrux-ml-kem/src/matrix.rs
@@ -45,7 +45,7 @@ pub(crate) fn sample_matrix_A(
v: &PolynomialRingElement,
@@ -75,7 +76,7 @@ pub(crate) fn compute_message(
/// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message
#[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::verification_status(lax)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
#[hax_lib::ensures(|res|
fstar!("let open Libcrux_ml_kem.Polynomial in
@@ -84,7 +85,8 @@ pub(crate) fn compute_message(
let e2_spec = to_spec_poly_t $error_2 in
let m_spec = to_spec_poly_t $message in
let res_spec = to_spec_poly_t $res in
- res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec)")
+ res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\\
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res")
)]
pub(crate) fn compute_ring_element_v(
t_as_ntt: &[PolynomialRingElement; K],
@@ -107,7 +109,7 @@ pub(crate) fn compute_ring_element_v(
/// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁
#[inline(always)]
-#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::verification_status(lax)]
#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))]
#[hax_lib::ensures(|res|
fstar!("let open Libcrux_ml_kem.Polynomial in
@@ -115,7 +117,9 @@ pub(crate) fn compute_ring_element_v(
let r_spec = to_spec_vector_t $r_as_ntt in
let e_spec = to_spec_vector_t $error_1 in
let res_spec = to_spec_vector_t $res in
- res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)")
+ res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\\
+ (forall (i:nat). i < v $K ==>
+ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))")
)]
pub(crate) fn compute_vector_u(
a_as_ntt: &[[PolynomialRingElement; K]; K],
diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs
index aadcf07ac..b3aa4087e 100644
--- a/libcrux-ml-kem/src/ntt.rs
+++ b/libcrux-ml-kem/src/ntt.rs
@@ -5,16 +5,44 @@ use crate::{
};
#[inline(always)]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let ntt_re_range_2 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let ntt_re_range_1 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 63 /\\
+ ntt_re_range_2 $re"))]
+#[hax_lib::ensures(|result| fstar!("ntt_re_range_1 ${re}_future /\\
+ v ${*zeta_i}_future == 127"))]
pub(crate) fn ntt_at_layer_1(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
_initial_coefficient_bound: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)");
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4 /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i += 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] = Vector::ntt_layer_1_step(
re.coefficients[round],
get_zeta (*zeta_i),
@@ -23,49 +51,118 @@ pub(crate) fn ntt_at_layer_1(
get_zeta (*zeta_i + 3),
);
*zeta_i += 3;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let ntt_re_range_3 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 31 /\\
+ ntt_re_range_3 $re"))]
+#[hax_lib::ensures(|result| fstar!("ntt_re_range_2 ${re}_future /\\
+ v ${*zeta_i}_future == 63"))]
pub(crate) fn ntt_at_layer_2(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
_initial_coefficient_bound: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)");
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2 /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i += 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] = Vector::ntt_layer_2_step(
re.coefficients[round],
get_zeta (*zeta_i),
get_zeta (*zeta_i + 1),
);
*zeta_i += 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let ntt_re_range_4 (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) =
+ forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")]
+#[hax_lib::requires(fstar!("v ${*zeta_i} == 15 /\\
+ ntt_re_range_4 $re"))]
+#[hax_lib::ensures(|result| fstar!("ntt_re_range_3 ${re}_future /\\
+ v ${*zeta_i}_future == 31"))]
pub(crate) fn ntt_at_layer_3(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
_layer: usize,
_initial_coefficient_bound: usize,
) {
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)");
+ hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)");
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..16 {
+ hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round /\\
+ (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==>
+ Spec.Utils.is_i16b_array_opaque (11207+3*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\
+ (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") });
*zeta_i += 1;
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+3*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
re.coefficients[round] =
Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i));
+ hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque)
+ (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))");
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328)
+ (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))");
}
()
}
#[inline(always)]
+#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\
+ (let t = ${montgomery_multiply_fe::} $b $zeta_r in
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"))]
fn ntt_layer_int_vec_step(
mut a: Vector,
mut b: Vector,
@@ -76,16 +173,28 @@ fn ntt_layer_int_vec_step(
a = Vector::add(a, &t);
(a, b)
}
+
#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\
+ ((v $layer == 4 ==> v ${*zeta_i} == 7) /\\
+ (v $layer == 5 ==> v ${*zeta_i} == 3) /\\
+ (v $layer == 6 ==> v ${*zeta_i} == 1) /\\
+ (v $layer == 7 ==> v ${*zeta_i} == 0))"))]
+#[hax_lib::ensures(|result| fstar!("ntt_re_range_4 ${re}_future /\\
+ (v $layer == 4 ==> v ${*zeta_i}_future == 15) /\\
+ (v $layer == 5 ==> v ${*zeta_i}_future == 7) /\\
+ (v $layer == 6 ==> v ${*zeta_i}_future == 3) /\\
+ (v $layer == 7 ==> v ${*zeta_i}_future == 1)"))]
pub(crate) fn ntt_at_layer_4_plus(
zeta_i: &mut usize,
re: &mut PolynomialRingElement,
layer: usize,
_initial_coefficient_bound: usize,
) {
- debug_assert!(layer >= 4);
let step = 1 << layer;
+ let _zeta_i_init = *zeta_i;
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for round in 0..(128 >> layer) {
@@ -109,11 +218,36 @@ pub(crate) fn ntt_at_layer_4_plus(
}
#[inline(always)]
+#[hax_lib::fstar::verification_status(lax)]
+//We should make the loops inside this function `opaque_to_smt` to get it work
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]
+ let ntt_layer_7_pre (#v_Vector: Type0)
+ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |}
+ (re_0 re_1: v_Vector) =
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\\
+ (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) -
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\
+ (forall i. i < 16 ==>
+ Spec.Utils.is_intb (pow2 15 - 1)
+ (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) +
+ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))")]
+#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
+ (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement) {
let step = VECTORS_IN_RING_ELEMENT / 2;
+ hax_lib::fstar!("assert (v $step == 8)");
// The semicolon and parentheses at the end of loop are a workaround
// for the following bug https://github.com/hacspec/hax/issues/720
for j in 0..step {
+ hax_lib::loop_invariant!(|j: usize| { fstar!("(v j < 8 ==>
+ (forall (i:nat). (i >= v j /\\ i < 8) ==>
+ ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))") });
+ hax_lib::fstar!("reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)");
let t = Vector::multiply_by_constant(re.coefficients[j + step], -1600);
re.coefficients[j + step] = Vector::sub(re.coefficients[j], &t);
re.coefficients[j] = Vector::add(re.coefficients[j], &t);
@@ -122,6 +256,9 @@ pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement<
}
#[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200")]
+#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ])
+ (${re}.f_coefficients.[ sz i +! sz 8 ])"))]
pub(crate) fn ntt_binomially_sampled_ring_element(
re: &mut PolynomialRingElement,
) {
@@ -141,6 +278,7 @@ pub(crate) fn ntt_binomially_sampled_ring_element(
}
#[inline(always)]
+#[hax_lib::fstar::options("--z3rlimit 200")]
pub(crate) fn ntt_vector_u(
re: &mut PolynomialRingElement,
) {
diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs
index c8aa0a6f1..9e059baf7 100644
--- a/libcrux-ml-kem/src/serialize.rs
+++ b/libcrux-ml-kem/src/serialize.rs
@@ -135,10 +135,15 @@ fn deserialize_to_reduced_ring_element(
///
/// This function MUST NOT be used on secret inputs.
#[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
#[hax_lib::requires(
fstar!("Spec.MLKEM.is_rank v_K /\\
Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)")
)]
+#[hax_lib::ensures(|result|
+ fstar!("forall (i:nat). i < v $K ==>
+ coefficients_field_modulus_range (Seq.index $result i)")
+)]
pub(super) fn deserialize_ring_elements_reduced_out<
const K: usize,
Vector: Operations,
diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs
index 5ccee1f83..0ce3c7182 100644
--- a/libcrux-ml-kem/src/variant.rs
+++ b/libcrux-ml-kem/src/variant.rs
@@ -12,13 +12,13 @@ use crate::{constants::CPA_PKE_KEY_GENERATION_SEED_SIZE, hash_functions::Hash, M
#[hax_lib::attributes]
pub(crate) trait Variant {
#[requires(shared_secret.len() == 32)]
- #[ensures(|res| fstar!("$res == $shared_secret"))] // FIX: Only true for ML-KEM, not Kyber
+ #[ensures(|res| fstar!("$res == $shared_secret"))] // We only have post-conditions for ML-KEM, not Kyber
fn kdf>(
shared_secret: &[u8],
ciphertext: &MlKemCiphertext,
) -> [u8; 32];
#[requires(randomness.len() == 32)]
- #[ensures(|res| fstar!("$res == $randomness"))] // FIX: Only true for ML-KEM, not Kyber
+ #[ensures(|res| fstar!("$res == $randomness"))] // We only have post-conditions for ML-KEM, not Kyber
fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32];
#[requires(seed.len() == 32)]
fn cpa_keygen_seed>(seed: &[u8]) -> [u8; 64];
diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs
index bb0a2422f..3c65a7e26 100644
--- a/libcrux-ml-kem/src/vector/avx2.rs
+++ b/libcrux-ml-kem/src/vector/avx2.rs
@@ -243,8 +243,8 @@ impl Operations for SIMD256Vector {
#[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))]
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))]
#[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
fn ntt_multiply(
lhs: &Self,
diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
index 7f6d7e6b3..1032ee28d 100644
--- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
+++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs
@@ -137,7 +137,7 @@ const BARRETT_MULTIPLIER: i16 = 20159;
/// See Section 3.2 of the implementation notes document for an explanation
/// of this code.
#[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))]
#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))]
#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
(forall i. i < 16 ==> v (get_lane $result i) % 3329 ==
@@ -170,7 +170,7 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 {
}
#[inline(always)]
-#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))]
+#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))]
#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))]
#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\
(forall i. i < 16 ==> v (get_lane $result i) % 3329 ==
diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs
index 0c1d07d1e..b8e46b460 100644
--- a/libcrux-ml-kem/src/vector/portable.rs
+++ b/libcrux-ml-kem/src/vector/portable.rs
@@ -10,7 +10,6 @@ use arithmetic::*;
use compress::*;
use ntt::*;
use sampling::*;
-use serialize::*;
use vector_type::*;
pub(crate) use vector_type::PortableVector;
@@ -22,7 +21,88 @@ impl crate::vector::traits::Repr for PortableVector {
}
}
-#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 200""#)]
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==>
+ Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))]
+fn serialize_1(a: PortableVector) -> [u8; 2] {
+ hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a");
+ serialize::serialize_1(a)
+}
+
+#[hax_lib::requires(a.len() == 2)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))]
+fn deserialize_1(a: &[u8]) -> PortableVector {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a");
+ serialize::deserialize_1(a)
+}
+
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))]
+fn serialize_4(a: PortableVector) -> [u8; 8] {
+ hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a");
+ serialize::serialize_4(a)
+}
+
+#[hax_lib::requires(a.len() == 8)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))]
+fn deserialize_4(a: &[u8]) -> PortableVector {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a");
+ serialize::deserialize_4(a)
+}
+
+fn serialize_5(a: PortableVector) -> [u8; 10] {
+ serialize::serialize_5(a)
+}
+
+#[hax_lib::requires(a.len() == 10)]
+fn deserialize_5(a: &[u8]) -> PortableVector {
+ serialize::deserialize_5(a)
+}
+
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))]
+fn serialize_10(a: PortableVector) -> [u8; 20] {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a");
+ serialize::serialize_10(a)
+}
+
+#[hax_lib::requires(a.len() == 20)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))]
+fn deserialize_10(a: &[u8]) -> PortableVector {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a");
+ serialize::deserialize_10(a)
+}
+
+fn serialize_11(a: PortableVector) -> [u8; 22] {
+ serialize::serialize_11(a)
+}
+
+#[hax_lib::requires(a.len() == 22)]
+fn deserialize_11(a: &[u8]) -> PortableVector {
+ serialize::deserialize_11(a)
+}
+
+#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))]
+#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))]
+fn serialize_12(a: PortableVector) -> [u8; 24] {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a");
+ serialize::serialize_12(a)
+}
+
+#[hax_lib::requires(a.len() == 24)]
+#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))]
+fn deserialize_12(a: &[u8]) -> PortableVector {
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a");
+ hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a");
+ serialize::deserialize_12(a)
+}
+
+#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 400 --split_queries always""#)]
#[hax_lib::fstar::after(interface, r#"#pop-options"#)]
#[hax_lib::attributes]
impl Operations for PortableVector {
@@ -171,8 +251,8 @@ impl Operations for PortableVector {
#[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\
- Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))]
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\
+ Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))]
#[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))]
fn ntt_multiply(
lhs: &Self,
@@ -188,32 +268,24 @@ impl Operations for PortableVector {
#[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))]
#[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))]
fn serialize_1(a: Self) -> [u8; 2] {
- hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a");
serialize_1(a)
}
#[requires(a.len() == 2)]
#[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))]
fn deserialize_1(a: &[u8]) -> Self {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a");
deserialize_1(a)
}
#[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))]
#[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))]
fn serialize_4(a: Self) -> [u8; 8] {
- hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a");
- serialize_4(a)
+ serialize_4(a)
}
#[requires(a.len() == 8)]
#[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))]
fn deserialize_4(a: &[u8]) -> Self {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a");
deserialize_4(a)
}
@@ -229,15 +301,12 @@ impl Operations for PortableVector {
#[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))]
#[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))]
fn serialize_10(a: Self) -> [u8; 20] {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a");
serialize_10(a)
}
#[requires(a.len() == 20)]
#[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))]
fn deserialize_10(a: &[u8]) -> Self {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a");
deserialize_10(a)
}
@@ -253,15 +322,12 @@ impl Operations for PortableVector {
#[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))]
#[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))]
fn serialize_12(a: Self) -> [u8; 24] {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a");
serialize_12(a)
}
#[requires(a.len() == 24)]
#[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))]
fn deserialize_12(a: &[u8]) -> Self {
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a");
- hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a");
deserialize_12(a)
}
diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs
index 096c9fb7b..35abf02ce 100644
--- a/libcrux-ml-kem/src/vector/portable/ntt.rs
+++ b/libcrux-ml-kem/src/vector/portable/ntt.rs
@@ -2,18 +2,52 @@ use super::arithmetic::*;
use super::vector_type::*;
#[inline(always)]
-#[hax_lib::fstar::verification_status(lax)]
-#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
+#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\
+ Spec.Utils.is_i16b 1664 $zeta /\\
+ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\
+ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\
+ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))]
#[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==>
Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\
(forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\
Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==>
(Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\
- Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j]))"))]
+ Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\
+ Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))]
pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) {
let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta);
- vec.elements[j] = vec.elements[i] - t;
- vec.elements[i] = vec.elements[i] + t;
+ hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))");
+ let a_minus_t = vec.elements[i] - t;
+ hax_lib::fstar!("
+ calc (==) {
+ v $a_minus_t % 3329;
+ (==) {}
+ (v (Seq.index vec.f_elements (v i)) - v ${t}) % 3329;
+ (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329}
+ (v (Seq.index vec.f_elements (v $i)) - (v $t % 3329)) % 3329;
+ (==) {}
+ (v (Seq.index vec.f_elements (v i)) - ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329;
+ (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329}
+ (v (Seq.index vec.f_elements (v $i)) - (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329;
+ }");
+ let a_plus_t = vec.elements[i] + t;
+ hax_lib::fstar!("
+ calc (==) {
+ v a_plus_t % 3329;
+ (==) {}
+ (v (Seq.index vec.f_elements (v $i)) + v $t) % 3329;
+ (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329}
+ (v (Seq.index vec.f_elements (v $i)) + (v $t % 3329)) % 3329;
+ (==) {}
+ (v (Seq.index vec.f_elements (v $i)) + ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329;
+ (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329}
+ (v (Seq.index vec.f_elements (v $i)) + (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329;
+ }");
+ vec.elements[j] = a_minus_t;
+ vec.elements[i] = a_plus_t;
+ hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == a_plus_t);
+ assert (Seq.index vec.f_elements (v j) == a_minus_t)");
}
#[inline(always)]
@@ -75,19 +109,42 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe
}
#[inline(always)]
-#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
+#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\
+ Spec.Utils.is_i16b 1664 $zeta /\\
Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))]
#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\
(forall k. (k <> v i /\\ k <> v j) ==>
Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\
- (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\
- Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)))"))]
+ Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\
+ Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)) /\\
+ Spec.Utils.inv_ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))]
pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) {
let a_minus_b = vec.elements[j] - vec.elements[i];
- let o0 = barrett_reduce_element(vec.elements[i] + vec.elements[j]);
+ let a_plus_b = vec.elements[j] + vec.elements[i];
+ hax_lib::fstar!("assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i)));
+ assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))");
+ let o0 = barrett_reduce_element(a_plus_b);
let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta);
+ hax_lib::fstar!("
+ calc (==) {
+ v o0 % 3329;
+ (==) { }
+ v a_plus_b % 3329;
+ (==) { }
+ (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329;
+ };
+ calc (==) {
+ v o1 % 3329;
+ (==) { }
+ (v a_minus_b * v zeta * 169) % 3329;
+ (==) { }
+ ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % 3329;
+ }");
vec.elements[i] = o0;
vec.elements[j] = o1;
+ hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == o0);
+ assert (Seq.index vec.f_elements (v j) == o1)");
}
#[inline(always)]
@@ -191,41 +248,36 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab
/// The NIST FIPS 203 standard can be found at
/// .
#[inline(always)]
-#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always --query_stats")]
-#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\
- Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\
- Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))]
+#[hax_lib::fstar::verification_status(panic_free)]
+#[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")]
+#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")]
+#[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\
+ Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\\
+ Spec.Utils.is_i16b_array 3328 ${b}.f_elements /\\
+ Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))]
#[hax_lib::ensures(|()| fstar!("
- Spec.Utils.is_i16b_array 3328 ${out}.f_elements /\\
- (forall k. (k <> v $i /\\ k <> v $j) ==>
- Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\
- (let ai = Seq.index ${a}.f_elements (v $i) in
- let aj = Seq.index ${a}.f_elements (v $j) in
- let bi = Seq.index ${b}.f_elements (v $i) in
- let bj = Seq.index ${b}.f_elements (v $j) in
- let oi = Seq.index out_future.f_elements (v $i) in
- let oj = Seq.index out_future.f_elements (v $j) in
- let (x,y) =
- Spec.MLKEM.Math.poly_base_case_multiply
- (v ai % 3329)
- (v aj % 3329)
- (v bi % 3329)
- (v bj % 3329)
- ((v zeta * 169) % 3329) in
- ((x * 169) % 3329 == v oi % 3329) /\\
- (y * 169) % 3329 == v oj % 3329)))"))]
+ Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\
+ (forall k. (k <> 2 * v $i /\\ k <> 2 * v $i + 1) ==>
+ Seq.index ${out}_future.f_elements k == Seq.index ${out}.f_elements k) /\\
+ (let ai = Seq.index ${a}.f_elements (2 * v $i) in
+ let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in
+ let bi = Seq.index ${b}.f_elements (2 * v $i) in
+ let bj = Seq.index ${b}.f_elements (2 * v $i + 1) in
+ let oi = Seq.index out_future.f_elements (2 * v $i) in
+ let oj = Seq.index out_future.f_elements (2 * v $i + 1) in
+ ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\\
+ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))"))]
pub(crate) fn ntt_multiply_binomials(
a: &PortableVector,
b: &PortableVector,
zeta: FieldElementTimesMontgomeryR,
i: usize,
- j: usize,
out: &mut PortableVector,
) {
- let ai = a.elements[i];
- let bi = b.elements[i];
- let aj = a.elements[j];
- let bj = b.elements[j];
+ let ai = a.elements[2*i];
+ let bi = b.elements[2*i];
+ let aj = a.elements[2*i+1];
+ let bj = b.elements[2*i+1];
hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai);
assert(Spec.Utils.is_i16b 3328 $bi);
assert(Spec.Utils.is_i16b 3328 $aj);
@@ -250,6 +302,8 @@ pub(crate) fn ntt_multiply_binomials(
(v $ai_bi_aj_bj * 169) % 3329;
( == ) { assert(v $ai_bi_aj_bj == v $ai_bi + v $aj_bj_zeta) }
((v $ai_bi + v $aj_bj_zeta) * 169) % 3329;
+ ( == ) { assert (v $ai_bi == v $ai * v $bi) }
+ (((v $ai * v $bi) + v $aj_bj_zeta) * 169) % 3329;
( == ) { assert (v $aj_bj_zeta == v $aj_bj * v $zeta) }
(((v $ai * v $bi) + (v $aj_bj * v $zeta)) * 169) % 3329;
( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 }
@@ -277,9 +331,26 @@ pub(crate) fn ntt_multiply_binomials(
hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) ");
hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)");
let o1 = montgomery_reduce_element(ai_bj_aj_bi);
- out.elements[i] = o0;
- out.elements[j] = o1;
- hax_lib::fstar!("admit()");
+ hax_lib::fstar!("calc ( == ) {
+ v $o1 % 3329;
+ ( == ) { () }
+ (v $ai_bj_aj_bi * 169) % 3329;
+ ( == ) { assert(v $ai_bj_aj_bi == v $ai_bj + v $aj_bi) }
+ ((v $ai_bj + v $aj_bi) * 169) % 3329;
+ ( == ) { assert (v ai_bj == v ai * v bj) }
+ ((v ai * v bj + v aj_bi) * 169) % 3329;
+ ( == ) { assert (v aj_bi == v aj * v bi) }
+ ((v ai * v bj + v aj * v bi) * 169) % 3329;
+ }");
+ let _out0 = out.elements;
+ out.elements[2*i] = o0;
+ out.elements[2*i+1] = o1;
+ hax_lib::fstar!("assert (Seq.index out.f_elements (2 * v i) == o0);
+ assert (Seq.index out.f_elements (2 * v i + 1) == o1);
+ assert (Spec.Utils.is_i16b_array 3328 out.f_elements);
+ assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==>
+ Seq.index out.f_elements k ==
+ Seq.index ${_out0} k)");
}
// #[inline(always)]
@@ -298,14 +369,25 @@ pub(crate) fn ntt_multiply_binomials(
// }
#[inline(always)]
+#[hax_lib::fstar::verification_status(panic_free)]
#[hax_lib::fstar::options("--z3rlimit 100")]
#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\
Spec.Utils.is_i16b 1664 $zeta1 /\\
Spec.Utils.is_i16b 1664 $zeta2 /\\
Spec.Utils.is_i16b 1664 $zeta3 /\\
- Spec.Utils.is_i16b_array 3228 ${lhs}.f_elements /\\
- Spec.Utils.is_i16b_array 3228 ${rhs}.f_elements "))]
-#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))]
+ Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\
+ Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))]
+#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\
+ (let zetas = Seq.seq_of_list [v zeta0; - v zeta0; v zeta1; - v zeta1; v zeta2; - v zeta2; v zeta3; - v zeta3] in
+ (forall (i:nat). i < 8 ==>
+ (let ai = Seq.index lhs.f_elements (2 * i) in
+ let aj = Seq.index lhs.f_elements (2 * i + 1) in
+ let bi = Seq.index rhs.f_elements (2 * i) in
+ let bj = Seq.index rhs.f_elements (2 * i + 1) in
+ let oi = Seq.index result.f_elements (2 * i) in
+ let oj = Seq.index result.f_elements (2 * i + 1) in
+ ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\\
+ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))"))]
pub(crate) fn ntt_multiply(
lhs: &PortableVector,
rhs: &PortableVector,
@@ -323,14 +405,22 @@ pub(crate) fn ntt_multiply(
hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)");
hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)");
let mut out = zero();
- ntt_multiply_binomials(lhs, rhs, zeta0, 0, 1, &mut out);
- ntt_multiply_binomials(lhs, rhs, nzeta0, 2, 3, &mut out);
- ntt_multiply_binomials(lhs, rhs, zeta1, 4, 5, &mut out);
- ntt_multiply_binomials(lhs, rhs, nzeta1, 6, 7, &mut out);
- hax_lib::fstar!("admit()");
- ntt_multiply_binomials(lhs, rhs, zeta2, 8, 9, &mut out);
- ntt_multiply_binomials(lhs, rhs, nzeta2, 10, 11, &mut out);
- ntt_multiply_binomials(lhs, rhs, zeta3, 12, 13, &mut out);
- ntt_multiply_binomials(lhs, rhs, nzeta3, 14, 15, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, zeta0, 0, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, nzeta0, 1, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, zeta1, 2, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
+ ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out);
+ hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)");
out
}
diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs
index 438ab4dd4..b92ee9c91 100644
--- a/libcrux-ml-kem/src/vector/traits.rs
+++ b/libcrux-ml-kem/src/vector/traits.rs
@@ -123,8 +123,8 @@ pub trait Operations: Copy + Clone + Repr {
#[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\
Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\
- Spec.Utils.is_i16b_array 3228 (f_repr ${lhs}) /\\
- Spec.Utils.is_i16b_array 3228 (f_repr ${rhs}) "))]
+ Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\\
+ Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "))]
#[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))]
fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16)
-> Self;