PQClean Integration

Makefile

@@ -30,9 +30,9 @@ LDFLAGS_HOST =
 # override as desired
 TYPE=kem
 
-COMMONSOURCES=mupq/common/fips202.c mupq/common/sha2.c mupq/common/aes.c mupq/common/rijndael.c
-COMMONSOURCES_HOST=$(COMMONSOURCES) mupq/common/keccakf1600.c
-COMMONSOURCES_M4=$(COMMONSOURCES) common/keccakf1600.S
+COMMONSOURCES=mupq/common/fips202.c mupq/common/sha2.c
+COMMONSOURCES_HOST=$(COMMONSOURCES) mupq/common/keccakf1600.c mupq/pqclean/common/aes.c
+COMMONSOURCES_M4=$(COMMONSOURCES) common/keccakf1600.S mupq/common/aes.c common/aes.S
 
 COMMONINCLUDES=-I"mupq/common"
 COMMONINCLUDES_M4=$(COMMONINCLUDES) -I"common"
@@ -52,14 +52,15 @@ all:
 	@echo "Please use the scripts in this directory instead of using the Makefile"
 	@echo
 	@echo "If you really want to use it, please specify IMPLEMENTATION_PATH=path/to/impl"
-	@echo "and a target binary."
+	@echo "and a target binary, e.g.,"
+	@echo "make IMPLEMENTATION_PATH=crypto_kem/kyber768/m4 bin/crypto_kem_kyber768_m4_test.bin"
 	@echo "make clean also works"
 
 $(DEST_HOST)/%_testvectors: $(COMMONSOURCES_HOST) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS)
 	mkdir -p $(DEST_HOST)
 	$(CC_HOST) -o $@ \
-		$(CFLAGS_HOST) \
-		crypto_$(TYPE)/testvectors-host.c \
+		$(CFLAGS_HOST) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE)\
+		mupq/crypto_$(TYPE)/testvectors-host.c \
 		$(COMMONSOURCES_HOST) \
 		$(IMPLEMENTATION_SOURCES) \
 		-I$(IMPLEMENTATION_PATH) \
@@ -76,19 +77,19 @@ $(DEST)/%.bin: elf/%.elf
 # TODO use notrandombytes more generically rather than included in testvectors.c
 elf/$(TARGET_NAME)_%.elf: mupq/crypto_$(TYPE)/%.c $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
 	mkdir -p elf
-	$(CC) -o $@ $(CFLAGS) \
+	$(CC) -o $@ $(CFLAGS) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE) \
 		$< $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
 		-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)
 
 elf/$(TARGET_NAME)_testvectors.elf: mupq/crypto_$(TYPE)/testvectors.c $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
 	mkdir -p elf
-	$(CC) -o $@ $(CFLAGS) \
+	$(CC) -o $@ $(CFLAGS) -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE)\
 		$< $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
 		-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)
 
 elf/$(TARGET_NAME)_hashing.elf: mupq/crypto_$(TYPE)/hashing.c $(COMMONSOURCES_M4) $(IMPLEMENTATION_SOURCES) $(IMPLEMENTATION_HEADERS) $(OPENCM3FILE) common/hal-stm32f4.c
 	mkdir -p elf
-	$(CC) -o $@ $(CFLAGS) -DPROFILE_HASHING \
+	$(CC) -o $@ $(CFLAGS) -DPROFILE_HASHING -DMUPQ_NAMESPACE=$(MUPQ_NAMESPACE) \
 		$< $(COMMONSOURCES_M4) $(RANDOMBYTES_M4) $(IMPLEMENTATION_SOURCES) common/hal-stm32f4.c \
 		-I$(IMPLEMENTATION_PATH) $(COMMONINCLUDES_M4) $(LDFLAGS)
 

benchmarks.csv

@@ -1,9 +1,9 @@
 Speed Evaluation,,,,,,,,,,
 Key Encapsulation Schemes,,,,,,,,,,
 Scheme,Implementation,Key Generation [cycles] (mean),Key Generation [cycles] (min),Key Generation [cycles] (max),Encapsulation [cycles] (mean),Encapsulation [cycles] (min),Encapsulation [cycles] (max),Decapsulation [cycles] (mean),Decapsulation [cycles] (min),Decapsulation [cycles] (max)
-frodo640-aes (100 executions),m4,220307317,220241077,220386311,223739226,223672948,223818372,218784713,218718418,218863869
-frodo640-cshake (100 executions),m4,81905542,81905542,81905542,86239829,86239829,86239829,86385540,86385540,86385540
-frodo640-cshake (100 executions),opt,94173002,94173002,94173002,107084620,107084620,107084620,107482437,107482437,107482437
+frodokem640aes (100 executions),m4,220307317,220241077,220386311,223739226,223672948,223818372,218784713,218718418,218863869
+frodokem640cshake (100 executions),m4,81905542,81905542,81905542,86239829,86239829,86239829,86385540,86385540,86385540
+frodokem640cshake (100 executions),opt,94173002,94173002,94173002,107084620,107084620,107084620,107482437,107482437,107482437
 kyber1024 (100 executions),m4,1729819,1729068,1730683,2083028,2082278,2083893,2134685,2133934,2135550
 kyber1024 (100 executions),ref,1957251,1956503,1958004,2463004,2462257,2463758,2663791,2663043,2664544
 kyber512 (100 executions),m4,665609,665182,665980,903352,902925,903723,933528,933102,933900
@@ -12,6 +12,7 @@ kyber768 (100 executions),m4,1098604,1098197,1099128,1384549,1384141,1385073,141
 kyber768 (100 executions),ref,1269336,1268667,1270035,1677026,1676357,1677725,1827734,1827065,1828433
 newhope1024cca (100 executions),m4,1220539,1220182,1220822,1902086,1901730,1902370,1925924,1925566,1926207
 newhope1024cca (100 executions),ref,1466552,1466131,1466899,2273026,2272605,2273374,2421633,2421212,2421980
+ntruhps2048509 (100 executions),clean,111432235,111432235,111432235,2879179,2879179,2879179,7230769,7230769,7230769
 ntruhrss701 (100 executions),m4,145962064,145962064,145962064,403677,403677,403677,819323,819323,819323
 ntruhrss701 (100 executions),ref,189381286,189381286,189381286,4655513,4655513,4655513,13571758,13571758,13571758
 saber (100 executions),m4,894655,894655,894655,1161220,1161220,1161220,1204173,1204173,1204173
@@ -25,14 +26,14 @@ dilithium (100 executions),ref,2755209,2754546,2756003,15593609,5001347,47568719
 qTesla-I (100 executions),ref,16181905,7759886,55665081,6528971,1408282,38101487,1038204,1031357,1066061
 qTesla-III-size (100 executions),ref,52911984,22057621,147552103,25535653,3263517,85027845,2268587,2263927,2296947
 qTesla-III-speed (100 executions),ref,34440396,19783861,112913102,10958955,3242541,39136486,2197445,2187892,2228424
-sphincs-shake256-128s (2 executions),ref,4036930116,4036930116,4036930116,56077640588,56077424990,56077856186,67353629,67137935,67569323
+sphincs-shake256-128f-simple (1 executions),clean,65678196,65678196,65678196,2070781593,2070781593,2070781593,83111329,83111329,83111329
 
 Memory Evaluation,,,,,,,,,,
 Key Encapsulation Schemes,,,,,,,,,,
 Scheme,Implementation,Key Generation [bytes],Encapsulation [bytes],Decapsulation [bytes],,,,,,
-frodo640-aes,m4,31240,51568,61944,,,,,,
-frodo640-cshake,m4,26304,41504,51880,,,,,,
-frodo640-cshake,opt,36560,58272,68640,,,,,,
+frodokem640aes,m4,31240,51568,61944,,,,,,
+frodokem640cshake,m4,26304,41504,51880,,,,,,
+frodokem640cshake,opt,36560,58272,68640,,,,,,
 kyber1024,m4,15664,19352,20864,,,,,,
 kyber1024,ref,15664,19352,20864,,,,,,
 kyber512,m4,6456,9120,9928,,,,,,
@@ -41,6 +42,7 @@ kyber768,m4,10544,13720,14880,,,,,,
 kyber768,ref,10544,13720,14880,,,,,,
 newhope1024cca,m4,11152,17448,19680,,,,,,
 newhope1024cca,ref,11152,17448,19680,,,,,,
+ntruhps2048509,clean,11768,6920,5184,,,,,,
 ntruhrss701,m4,23396,19492,22140,,,,,,
 ntruhrss701,ref,10032,8956,10204,,,,,,
 saber,m4,13248,15528,16624,,,,,,
@@ -54,14 +56,14 @@ dilithium,ref,50896,86752,54936,,,,,,
 qTesla-I,ref,22512,29336,23128,,,,,,
 qTesla-III-size,ref,44016,58152,45732,,,,,,
 qTesla-III-speed,ref,44024,58144,45712,,,,,,
-sphincs-shake256-128s,ref,2936,3064,10800,,,,,,
+sphincs-shake256-128f-simple,clean,2200,2304,2664,,,,,,
 
 Hashing Evaluation,,,,,,,,,,
 Key Encapsulation Schemes,,,,,,,,,,
 Scheme,Implementation,Key Generation [%],Encapsulation [%],Decapsulation [%],,,,,,
-frodo640-aes,m4,96.4,95.3,95.2,,,,,,
-frodo640-cshake,m4,90.4,88.9,88.7,,,,,,
-frodo640-cshake,opt,79.8,71.6,71.3,,,,,,
+frodokem640aes,m4,96.4,95.3,95.2,,,,,,
+frodokem640cshake,m4,90.4,88.9,88.7,,,,,,
+frodokem640cshake,opt,79.8,71.6,71.3,,,,,,
 kyber1024,m4,69.3,67.5,58.7,,,,,,
 kyber1024,ref,61.3,57.1,47.0,,,,,,
 kyber512,m4,68.3,66.2,54.4,,,,,,
@@ -70,6 +72,7 @@ kyber768,m4,68.9,66.8,56.3,,,,,,
 kyber768,ref,59.6,55.2,43.6,,,,,,
 newhope1024cca,m4,71.2,70.3,59.5,,,,,,
 newhope1024cca,ref,59.3,58.9,47.4,,,,,,
+ntruhps2048509,clean,0.0,0.9,1.4,,,,,,
 ntruhrss701,m4,0.1,26.5,8.2,,,,,,
 ntruhrss701,ref,0.0,2.3,0.5,,,,,,
 saber,m4,53.1,52.9,41.5,,,,,,
@@ -83,4 +86,4 @@ dilithium,ref,61.4,25.4,50.8,,,,,,
 qTesla-I,ref,63.5,27.8,32.4,,,,,,
 qTesla-III-size,ref,66.2,23.0,27.5,,,,,,
 qTesla-III-speed,ref,73.3,24.1,28.3,,,,,,
-sphincs-shake256-128s,ref,97.3,97.0,97.2,,,,,,
+sphincs-shake256-128f-simple,clean,96.4,96.2,99.1,,,,,,

benchmarks.md

@@ -2,9 +2,9 @@
 ## Key Encapsulation Schemes
 | scheme | implementation | key generation [cycles] | encapsulation [cycles] | decapsulation [cycles] |
 | ------ | -------------- | ----------------------- | ---------------------- | ---------------------- |
-| frodo640-aes (100 executions) | m4 | AVG: 220,307,317 <br /> MIN: 220,241,077 <br /> MAX: 220,386,311 | AVG: 223,739,226 <br /> MIN: 223,672,948 <br /> MAX: 223,818,372 | AVG: 218,784,713 <br /> MIN: 218,718,418 <br /> MAX: 218,863,869 |
-| frodo640-cshake (100 executions) | m4 | AVG: 81,905,542 <br /> MIN: 81,905,542 <br /> MAX: 81,905,542 | AVG: 86,239,829 <br /> MIN: 86,239,829 <br /> MAX: 86,239,829 | AVG: 86,385,540 <br /> MIN: 86,385,540 <br /> MAX: 86,385,540 |
-| frodo640-cshake (100 executions) | opt | AVG: 94,173,002 <br /> MIN: 94,173,002 <br /> MAX: 94,173,002 | AVG: 107,084,620 <br /> MIN: 107,084,620 <br /> MAX: 107,084,620 | AVG: 107,482,437 <br /> MIN: 107,482,437 <br /> MAX: 107,482,437 |
+| frodokem640aes (100 executions) | m4 | AVG: 220,307,317 <br /> MIN: 220,241,077 <br /> MAX: 220,386,311 | AVG: 223,739,226 <br /> MIN: 223,672,948 <br /> MAX: 223,818,372 | AVG: 218,784,713 <br /> MIN: 218,718,418 <br /> MAX: 218,863,869 |
+| frodokem640cshake (100 executions) | m4 | AVG: 81,905,542 <br /> MIN: 81,905,542 <br /> MAX: 81,905,542 | AVG: 86,239,829 <br /> MIN: 86,239,829 <br /> MAX: 86,239,829 | AVG: 86,385,540 <br /> MIN: 86,385,540 <br /> MAX: 86,385,540 |
+| frodokem640cshake (100 executions) | opt | AVG: 94,173,002 <br /> MIN: 94,173,002 <br /> MAX: 94,173,002 | AVG: 107,084,620 <br /> MIN: 107,084,620 <br /> MAX: 107,084,620 | AVG: 107,482,437 <br /> MIN: 107,482,437 <br /> MAX: 107,482,437 |
 | kyber1024 (100 executions) | m4 | AVG: 1,729,819 <br /> MIN: 1,729,068 <br /> MAX: 1,730,683 | AVG: 2,083,028 <br /> MIN: 2,082,278 <br /> MAX: 2,083,893 | AVG: 2,134,685 <br /> MIN: 2,133,934 <br /> MAX: 2,135,550 |
 | kyber1024 (100 executions) | ref | AVG: 1,957,251 <br /> MIN: 1,956,503 <br /> MAX: 1,958,004 | AVG: 2,463,004 <br /> MIN: 2,462,257 <br /> MAX: 2,463,758 | AVG: 2,663,791 <br /> MIN: 2,663,043 <br /> MAX: 2,664,544 |
 | kyber512 (100 executions) | m4 | AVG: 665,609 <br /> MIN: 665,182 <br /> MAX: 665,980 | AVG: 903,352 <br /> MIN: 902,925 <br /> MAX: 903,723 | AVG: 933,528 <br /> MIN: 933,102 <br /> MAX: 933,900 |
@@ -13,6 +13,7 @@
 | kyber768 (100 executions) | ref | AVG: 1,269,336 <br /> MIN: 1,268,667 <br /> MAX: 1,270,035 | AVG: 1,677,026 <br /> MIN: 1,676,357 <br /> MAX: 1,677,725 | AVG: 1,827,734 <br /> MIN: 1,827,065 <br /> MAX: 1,828,433 |
 | newhope1024cca (100 executions) | m4 | AVG: 1,220,539 <br /> MIN: 1,220,182 <br /> MAX: 1,220,822 | AVG: 1,902,086 <br /> MIN: 1,901,730 <br /> MAX: 1,902,370 | AVG: 1,925,924 <br /> MIN: 1,925,566 <br /> MAX: 1,926,207 |
 | newhope1024cca (100 executions) | ref | AVG: 1,466,552 <br /> MIN: 1,466,131 <br /> MAX: 1,466,899 | AVG: 2,273,026 <br /> MIN: 2,272,605 <br /> MAX: 2,273,374 | AVG: 2,421,633 <br /> MIN: 2,421,212 <br /> MAX: 2,421,980 |
+| ntruhps2048509 (100 executions) | clean | AVG: 111,432,235 <br /> MIN: 111,432,235 <br /> MAX: 111,432,235 | AVG: 2,879,179 <br /> MIN: 2,879,179 <br /> MAX: 2,879,179 | AVG: 7,230,769 <br /> MIN: 7,230,769 <br /> MAX: 7,230,769 |
 | ntruhrss701 (100 executions) | m4 | AVG: 145,962,064 <br /> MIN: 145,962,064 <br /> MAX: 145,962,064 | AVG: 403,677 <br /> MIN: 403,677 <br /> MAX: 403,677 | AVG: 819,323 <br /> MIN: 819,323 <br /> MAX: 819,323 |
 | ntruhrss701 (100 executions) | ref | AVG: 189,381,286 <br /> MIN: 189,381,286 <br /> MAX: 189,381,286 | AVG: 4,655,513 <br /> MIN: 4,655,513 <br /> MAX: 4,655,513 | AVG: 13,571,758 <br /> MIN: 13,571,758 <br /> MAX: 13,571,758 |
 | saber (100 executions) | m4 | AVG: 894,655 <br /> MIN: 894,655 <br /> MAX: 894,655 | AVG: 1,161,220 <br /> MIN: 1,161,220 <br /> MAX: 1,161,220 | AVG: 1,204,173 <br /> MIN: 1,204,173 <br /> MAX: 1,204,173 |
@@ -27,15 +28,15 @@
 | qTesla-I (100 executions) | ref | AVG: 16,181,905 <br /> MIN: 7,759,886 <br /> MAX: 55,665,081 | AVG: 6,528,971 <br /> MIN: 1,408,282 <br /> MAX: 38,101,487 | AVG: 1,038,204 <br /> MIN: 1,031,357 <br /> MAX: 1,066,061 |
 | qTesla-III-size (100 executions) | ref | AVG: 52,911,984 <br /> MIN: 22,057,621 <br /> MAX: 147,552,103 | AVG: 25,535,653 <br /> MIN: 3,263,517 <br /> MAX: 85,027,845 | AVG: 2,268,587 <br /> MIN: 2,263,927 <br /> MAX: 2,296,947 |
 | qTesla-III-speed (100 executions) | ref | AVG: 34,440,396 <br /> MIN: 19,783,861 <br /> MAX: 112,913,102 | AVG: 10,958,955 <br /> MIN: 3,242,541 <br /> MAX: 39,136,486 | AVG: 2,197,445 <br /> MIN: 2,187,892 <br /> MAX: 2,228,424 |
-| sphincs-shake256-128s (2 executions) | ref | AVG: 4,036,930,116 <br /> MIN: 4,036,930,116 <br /> MAX: 4,036,930,116 | AVG: 56,077,640,588 <br /> MIN: 56,077,424,990 <br /> MAX: 56,077,856,186 | AVG: 67,353,629 <br /> MIN: 67,137,935 <br /> MAX: 67,569,323 |
+| sphincs-shake256-128f-simple (1 executions) | clean | AVG: 65,678,196 <br /> MIN: 65,678,196 <br /> MAX: 65,678,196 | AVG: 2,070,781,593 <br /> MIN: 2,070,781,593 <br /> MAX: 2,070,781,593 | AVG: 83,111,329 <br /> MIN: 83,111,329 <br /> MAX: 83,111,329 |
 
 # Memory Evaluation
 ## Key Encapsulation Schemes
 | Scheme | Implementation | Key Generation [bytes] | Encapsulation [bytes] | Decapsulation [bytes] |
 | ------ | -------------- | ---------------------- | --------------------- | --------------------- |
-| frodo640-aes | m4 | 31,240 | 51,568 | 61,944 |
-| frodo640-cshake | m4 | 26,304 | 41,504 | 51,880 |
-| frodo640-cshake | opt | 36,560 | 58,272 | 68,640 |
+| frodokem640aes | m4 | 31,240 | 51,568 | 61,944 |
+| frodokem640cshake | m4 | 26,304 | 41,504 | 51,880 |
+| frodokem640cshake | opt | 36,560 | 58,272 | 68,640 |
 | kyber1024 | m4 | 15,664 | 19,352 | 20,864 |
 | kyber1024 | ref | 15,664 | 19,352 | 20,864 |
 | kyber512 | m4 | 6,456 | 9,120 | 9,928 |
@@ -44,6 +45,7 @@
 | kyber768 | ref | 10,544 | 13,720 | 14,880 |
 | newhope1024cca | m4 | 11,152 | 17,448 | 19,680 |
 | newhope1024cca | ref | 11,152 | 17,448 | 19,680 |
+| ntruhps2048509 | clean | 11,768 | 6,920 | 5,184 |
 | ntruhrss701 | m4 | 23,396 | 19,492 | 22,140 |
 | ntruhrss701 | ref | 10,032 | 8,956 | 10,204 |
 | saber | m4 | 13,248 | 15,528 | 16,624 |
@@ -58,15 +60,15 @@
 | qTesla-I | ref | 22,512 | 29,336 | 23,128 |
 | qTesla-III-size | ref | 44,016 | 58,152 | 45,732 |
 | qTesla-III-speed | ref | 44,024 | 58,144 | 45,712 |
-| sphincs-shake256-128s | ref | 2,936 | 3,064 | 10,800 |
+| sphincs-shake256-128f-simple | clean | 2,200 | 2,304 | 2,664 |
 
 # Hashing Evaluation
 ## Key Encapsulation Schemes
 | Scheme | Implementation | Key Generation [%] | Encapsulation [%] | Decapsulation [%] |
 | ------ | -------------- | ------------------ | ----------------- | ----------------- |
-| frodo640-aes | m4 | 96.4% | 95.3% | 95.2% |
-| frodo640-cshake | m4 | 90.4% | 88.9% | 88.7% |
-| frodo640-cshake | opt | 79.8% | 71.6% | 71.3% |
+| frodokem640aes | m4 | 96.4% | 95.3% | 95.2% |
+| frodokem640cshake | m4 | 90.4% | 88.9% | 88.7% |
+| frodokem640cshake | opt | 79.8% | 71.6% | 71.3% |
 | kyber1024 | m4 | 69.3% | 67.5% | 58.7% |
 | kyber1024 | ref | 61.3% | 57.1% | 47.0% |
 | kyber512 | m4 | 68.3% | 66.2% | 54.4% |
@@ -75,6 +77,7 @@
 | kyber768 | ref | 59.6% | 55.2% | 43.6% |
 | newhope1024cca | m4 | 71.2% | 70.3% | 59.5% |
 | newhope1024cca | ref | 59.3% | 58.9% | 47.4% |
+| ntruhps2048509 | clean | 0.0% | 0.9% | 1.4% |
 | ntruhrss701 | m4 | 0.1% | 26.5% | 8.2% |
 | ntruhrss701 | ref | 0.0% | 2.3% | 0.5% |
 | saber | m4 | 53.1% | 52.9% | 41.5% |
@@ -89,4 +92,4 @@
 | qTesla-I | ref | 63.5% | 27.8% | 32.4% |
 | qTesla-III-size | ref | 66.2% | 23.0% | 27.5% |
 | qTesla-III-speed | ref | 73.3% | 24.1% | 28.3% |
-| sphincs-shake256-128s | ref | 97.3% | 97.0% | 97.2% |
+| sphincs-shake256-128f-simple | clean | 96.4% | 96.2% | 99.1% |